目前這裏只支持下面這幾種指令集的識別法。
廢話不多說,直接上代碼:
def check_arch(ff):
'''ff爲文件名'''
#可執行文件、鏈接庫、動態流、對象
mime_kw = 'x-executable|x-sharedlib|octet-stream|x-object'
ISADict = {b'\x00':'No Specific Instruction Set',
b'\x02':'SPARC' ,
b'\x03':'x86',
b'\x08':'MIPS',
b'\x14':'PowerPC',
b'\x16':'S390',
b'\x28':'ARM',
b'\x2a':'SuperH',
b'\x32':'IA-64',
b'\x3e':'x86-64',
b'\xb7':'Arch64',
b'\xf3':'RISC-V'
}
magic_mime = magic.from_file(ff, mime=True) #create the file's type 讀取文件類型
magic_hit = re.search(mime_kw, magic_mime, re.I)
if magic_hit:
with open(ff, "rb") as f:
byte = f.read(20) ###
for key, value in ISADict.items():
if byte[5] == b'\x01' and byte[18] == key: ##魔術的格式
return value
else:
if byte[5] == b'\x02' and byte[19] == key:
return value