文件头-笔记

文件头

文件的扩展名是用来识别文件类型的。通过给他指定扩展名，我们可以告诉自己，也告诉操作系统我们想用什么方式打开这个文件。比如我么会把 .jpg 的文件默认用图片显示软件打开，.zip 文件会默认用解压软件打开等等。

然而，扩展名完全是可以随便改改的。我们可以给文件设置一个任意的扩展名，当然也可以不设置扩展名。这样一来我们就不能了解到这个文件究竟是做什么的，究竟是个什么样的文件。我们或许也会疑惑，为什么一个软件，比如视频播放器，就能用正确的方式打开.mp4 .rmvb .wmv 等等的视频？

事实上，所有的文件都是以二进制的形式进行存储的，本质上没有差别。之所以使用的方法不同，只是因为我们理解他的方式不同。在每一个文件（包括图片，视频或其他的非 ASCII 文件）的开头（十六进制表示）实际上都有一片区域来显示这个文件的实际用法，这就是文件头标志。

Linux 下我们可以用 file 命令直接查看文件的实际格式，但是他本质上也是利用文件头标志来进行文件类型判断的。

每次都要开 excel 搜,有时候还搜不出来,干脆直接 Ctrl+cv 复制到这边搜吧

NTDS.dit AC 74 F4 04 EF CD AB 89
system 72 65 67 66
123 00 00 1A 00 05 10 04
3gg; 3gp; 3g2 00 00 00 nn 66 74 79 70 33 67 70
7z 37 7A BC AF 27 1C
aba 00 01 42 41
abi 41 4F 4C 49 4E 44 45 58
aby; idx 41 4F 4C 44 42
accdb 00 01 00 00 53 74 61 6E 64 61 72 64 20 41 43 45 20 44 42
ACM 4D 5A
ADF 44 4F 53
adx 03 00 00 00 41 50 50 52
AIFF 46 4F 52 4D 00
ain 21 12
ami 5B 76 65 72 5D
amr 23 21 41 4D 52
ANI 52 49 46 46
API 4D 5A 90 00 03 00 00 00
arc 1A 0x
arc 41 72 43 01
arj 60 EA
ARJ 60 EA 27
ART 4A 47 03 0E 00 00 00
ART 4A 47 04 0E 00 00 00
asf 30 26 B2 75 8E 66 CF 11
asf; wma; wmv 30 26 B2 75 8E 66 CF 11 A6 D9 00 AA 00 62 CE 6C
asx 3C
au 2E 73 6E 64
avi 41 56 49 20
AX 4D 5A
AX 4D 5A 90 00 03 00 00 00
bag 41 4F 4C 20 46 65 65 64 62 61 67
BAS 20 20 20
bin 42 4C 49 32 32 33 51
bmp 42 4D
BMP 42 4D 3E
bz; bz2 42 5A 68
BZ2; TAR.BZ2; TBZ2; TB2 42 5A 68
CAB 49 53 63
CAB; HDR 49 53 63 28
CAB 4D 53 43 46
cat 30
CBD 43 42 46 49 4C 45
CCD 5B 43 6C
CDR 45 4C 49 54 45 20 43 6F 6D 6D 61 6E 64 65 72 20
CDR, DVF 4D 53 5F 56 4F 49 43 45
CHI; CHM 49 54 53 46
CHM 49 54 53
CLB 43 4D 58 31
CLB 43 4F 4D 2B
cnt 3A 42 61 73 65
COM, DLL, DRV, EXE, PIF, QTS, QTX, SYS 4D 5A
COM 4D 5A EE
COM E9 3B 03
CPE 46 41 58 43 4F 56 45 52 2D 56 45 52
CPL 4D 5A
CPT 43 50 54 37 46 49 4C 45
CPT 43 50 54 46 49 4C 45
CPX 5B 57 69
cru; crush 43 52 55 53 48
CRU 43 52 55 53 48 20 76
CRW 49 49 1A 00 00 00 48 45 41 50 43 43 44 52 02 00
CTF 43 61 74 61 6C 6F 67 20 33 2E 30 30 00
CUR 00 00 02 00 01 00 20 20
dat 1A 52 54 53 20 43 4F 4D 50 52 45 53 53 45 44 20 49 4D 41 47 45 20 56 31 2E 30 1A
dat 41 56 47 36 5F 49 6E 74 65 67 72 69 74 79 5F 44 61 74 61 62 61 73 65
DAT 43 52 45 47
DAT 43 6C 69 65 6E 74 20 55 72 6C 43 61 63 68 65 20 4D 4D 46 20 56 65 72 20
DAT 45 52 46 53 53 41 56 45 44 41 54 41 46 49 4C 45
DAT 49 6E 6E 6F 20 53 65 74 75 70 20 55 6E 69 6E 73 74 61 6C 6C 20 4C 6F 67 20 28 62 29
db 00 06 15 61 00 00 00 02 00 00 04 D2 00 00 10 00
DB 44 42 46 48
dba 00 01 42 44
dbx CF AD 12 FE
dbx CF AD 12 FE C5 FD 74 6F
dci 3C 21 64 6F 63 74 79 70
dcx 3A DE 68 B1
DDB 00 01 00
dib 42 4D
DLL 4D 5A 90
DMP 4D 44 4D 50 93 A7
DMS 44 4D 53 21
doc 0D 44 4F 43
doc 12 34 56 78 90 FF
doc 31 BE 00 00 00 AB 00 00
doc 7F FE 34 0A
dot; ppt; xla; ppa; pps; pot; msi; sdw; db D0 CF 11 E0
doc; dot; xls; xlt; xla; ppt; apr ;ppa; pps; pot; msi; sdw; db D0 CF 11 E0 A1 B1 1A E1
DPL 4D 5A 50
DRV 4D 5A 16
drw 01 FF 02 04 03 02
ds4 4D 47 58 20 69 74 70 64
DSN 4D 56
dsp 23 20 4D 69 63 72 6F 73 6F 66 74 20 44 65 76 6 56C 6F 70 65 72 20 53 74 75 64 69 6F
dss 02 64 73 73
dtd 07 64 74 32 64 64 74 64
dtd 3C 21 45 4E 54 49 54 59
DVR 44 56 44
dwg 41 43 31
Enn (where nn are numbers) 45 56 46
ECO 2A 50 52
elf 7F 45 4C 46 01 01 01 00
emf 01 00 00 00 58 00 00 00
eml 44 65 6C 69 76 65 72 79 2D 64 61 74 65 3A
EML 46 72 6F 6D 20 20 20
EML 46 72 6F 6D 20 3F 3F 3F
EML 46 72 6F 6D 3A 20
EML 52 65 63
enc 00 5C 41 B1 FF
enl [32 byte offset] 40 40 40 20 00 00 40 40 40 40
eps 25 21 50 53
eps 25 21 50 53 2D 41 64 6F 62 65
eps 25 21 50 53 2D 41 64 6F 62 65 2D 33 2E 30 20 45 50 53 46 2D 33 20 30
EPS C5 D0 D3
eth 1A 35 01 00
evt 30 00 00 00 4C 66 4C 65
evt 03 00 00 00 C4 66 C4 56
EVTX 45 6C 66 46 69 6C 65 00
exe; dll; drv; vxd; sys; ocx; vbx 4D 5A
exe; dll; drv; vxd; sys; ocx; vbx 4D 5A
exe; com; 386; ax; acm; sys; dll; drv; flt; fon; ocx; scr; lrc; vxd; cpl; x32 4D 5A
EXE, DLL, OCX, OLB, IMM, IME 4D 5A 90
fli 00 11 AF
flt 00 01 01
FLT 4D 5A 90 00 03 00 00 00
FLV 46 4C 56 01
fm 3C 4D 61 6B 65 72 46 69 6C 65 20
fm3 00 00 1A 00 07 80 01 00
fmt 20 00 68 00 20 0
FNT 43 48 41
FON 4D 5A
GBC 87 F5 3E
gid 3F 5F 03 00
GID 4C 4E 02 00
GIF 47 49 46 38
gif 47 49 46 38 37 61
gif 47 49 46 38 39 61
GTD 7B 50 72
GX2 47 58 32
gz; tar; tgz 1F 8B
gz; tgz 1F 8B 08
hap 91 33 48 46
HDMP 4D 44 4D 50 93 A7
hdr 23 3F 52 41 44 49 41 4E 43 45 0A
HLP 3F 5F 03
hlp 3F 5F 03 00
HLP 4C 4E 02 00
hlp [7 byte offset] 00 00 FF FF FF FF
hqx 28 54 68 69 73 20 66 69 6C 65
hqx 28 54 68 69 73 20 66 69 6C 65 20 6D 75 73 74 20 62 65 20 63 6F 6E 76 65 72 74 65 64 20 77 69 74 68 20 42 69 6E 48 65 78 20
HTM 3C 21 44
htm; html 3C 21 44 4F 43 54
htm; html 3C 48 54 4D 4C 3E
htm; html 3C 68 74 6D 6C 3E
html 68 74 6D 6C 3E
ico 00 00 01 00 00
ico 00 00 01 00 01 00 20 20
IFF 46 4F 52 4D
IFO 44 56 44
IME 4D 5A 90
img 00 01 00 08 00 01 00 01 01
IMG 00 FF FF
IMM 4D 5A 90
ind 41 4F 4C 49 44 58
ISO 43 44 30 30 31
ivr 2E 52 45 43
JAR 4A 41 52 43 53 00
jar 5F 27 A8 89
jpg; jpeg FF D8 FF
jpg; jpe; jpeg FF D8 FF E0 00
jpg; jpe; jpeg FF D8 FF FE 00
KGB 4B 47 42 5F 61 72 63 68 20 2D
KOZ 49 44 33 03 00 00 00
LDB 42 49 4C
lha 2D 6C 68 35 2D
lha; lzh [2 byte offset] 2D 6C 68
LHP 3F 5F 03
lhp 3F 5F 03 00
lib 21 3C 61 72 63 68 3E 0A
LIB 2A 24 20
LIT 49 54 4F 4C 49 54 4C 53
LNK 4C 00 00
lnk 4C 00 00 00
lnk 4C 00 00 00 01 14 02
LNK 4C 00 00 00 01 14 02 00
log 2A 2A 2A 20 20 49 6E 73 74 61 6C 6C 61 74 69 6F 6E 20 53 74 61 72 74 65 64 20
lzh lh
lwp 57 6F 72 64 50 72 6F
m3u 23 45 58
m4a 00 00 00 20 66 74 79 70 4D 34 41 20 00 00 00 00
m4a; m4v 00 00 00 20 66 74 79 70 4D 34 41 20 00 00 00 00
manifest 3C 3F 78 6D 6C 20 76 65 72 73 69 6F 6E 3D
MAR 4D 41 52 31 00
MAR 4D 41 52 43
MAR 4D 41 72 30 00
max D0 CF 11
mdb 00 01 00 00 53 74 61 6E 64 61 72 64 20 4A 65 74 20 44 42
mdb; mda; mde; mdt 53 74 61 6E 64 61 72 64 20 4A
MDF 00 FF FF
mdf 00 FF FF FF FF FF FF FF FF FF FF 00 00 02 00 01
mdf 01 0F 00 00
MDI 45 50
MDS 4D 45 44
MID; MIDI 4D 54 68 64
mkv 1A 45 DF A3 93 42 82 88 6D 61 74 72 6F 73 6B 61
MLS 4D 49 4C 45 53
MLS 4D 4C 53 57
MLS 4D 56 32 31 34
MLS 4D 56 32 43
MMF 4D 4D 4D 44 00 00
mny 00 01 00 00 4D 53 49 53 41 4D 20 44 61 74 61 62 61 73 65
MOV 00 00 0F
MOV 00 00 77
mov 6D 6F 6F 76
mov 6D 64 61 74
mp 0C ED
MP3 49 44 33
MP3 FF FB 50
mp4 00 00 00 18 66 74 79 70 33 67 70 35
MPA 00 00 01
mpg; mpeg 00 00 01 B3
mpg 00 00 01 BA
MSC 3C 3F 78
msc 3C 3F 78 6D 6C 20 76 65 72 73 69 6F 6E 3D 22 31 2E 30 22 3F 3E 0D 0A 3C 4D 4D 43 5F 43 6F 6E 73 6F 6C 65 46 69 6C 65 20 43 6F 6E 73 6F 6C 65 56 65 72 73 - 69 6F 6E 3D 22
msi 23 20
MSV 4D 53 5F 56 4F 49 43 45
NES 4E 45 53
NLS C2 20 20
nri 0E 4E 65 72 6F 49 53 4F
ntf 1A 00 00
nsf; ntf 1A 00 00 03 00 00
nsf 1A 00 00 03 00 00 11 00
nsf 1A 00 00 04 00 00
ntf 30 31 4F 52 44 4E 41 4E 43 45 20 53 55 52 56 45 59 20 20 20 20 20 20 20
obj 4C 01
OCX 4D 5A
OCX 4D 5A 90
OLB 4D 5A
OLB 4D 5A 90
org; pfc 41 4F 4C 56 4D 31 30 30
pak 1A 0B
PAT 47 46 31 50 41 54 43 48
PAT 47 50 41 54
PBK 5B 41 44
PCB 17 A1 50
PCS 0A 05 01
pcx 0A nn 01 01
pcx 0A 05 01 08
pdb [11 byte offset] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
PDF 25 50 44
pdf; fdf 25 50 44 46
pdf 25 50 44 46 2D 31 2E
PDG 48 48 02
pf 11 00 00 00 53 43 43 41
pic 01 00 00 00 01
PJT 00 00 07
PLL 24 53 6F
PNG 89 50 4E 47
png 89 50 4E 47 0D 0A 1A 0A
PPC 52 65 63
PPT D0 CF 11
ppt [512 byte offset] 00 6E 1E F0
ppt [512 byte offset] 0F 00 E8 03
PPZ 4D 53 43 46
prc 42 4F 4F 4B 4D 4F 42 49
PRG 23 44 45
ps 25 21 50 53 2D 41 64 6F 62 65
PSD 38 42 50
psd 38 42 50 53
psp 7E 42 4B 00
pst 21 42 44 4E
pwl E3 82 85 96
qbb 45 86 00 00 06 00
qdf AC 9E BD 8F
qph 03 00 00 00
qt 6D 64 61 74
qxd 00 00 4D 4D 58 50 52
ra 2E 52 4D 46 00 00 00 12 00
ra; ram 2E 72 61 FD
ra 2E 72 61 FD 00
RAR 52 61 72
rar 52 61 72 21
RAW 06 05 00
reg 52 45 47 45 44 49 54 34
rgb 01 DA 01 01 00 03
RM 2E 52 4D
rm; rmvb 2E 52 4D 46
rpm ED AB EE DB
RTD 43 23 2B 44 A4 43 4D A5 48 64 72
RTF 7B 5C 72
rtf 7B 5C 72 74 66
sav 24 46 4C 32 40 28 23 29 20 53 50 53 53 20 44 41 54 41 20 46 49 4C 45
SBV 46 45 44 46
SCH 2A 76 65
scm 80 53 43
SH3 48 48 47 42 31
SHD 4B 49 00 00
sit 53 49 54 21
sit 53 74 75 66 66 49 74
sle 3A 56 45 52 53 49 4F 4E
sle 41 43 76
sly; srt; slt 53 52 01 00
SMD 00 FF FF
snm 00 1E 84 90 00 00 00 00
SNP 4D 53 43 46
sol 00 BF
spl 00 00 01 00
SCR 4D 5A
SUB FF FF FF
SWF 43 57 53
SWF 46 57 53
syw 41 4D 59 4F
TAG 00 00 02
tar; cpio 30 37 30 37 30 37
tar.z 1F 9D 90
tga 00 00 10 00 00
TGA 00 00 02
tga 00 00 02 00 00
TIF; TIFF 49 20 49
tif; tiff 49 49 2A
tif; tiff 49 49 2A 00
TIF; TIFF 4D 4D 00 2A
tif; tiff 4D 4D 2A
TIF; TIFF 4D 4D 00 2B
TLB 4D 53 46 54 02 00 01 00
tr1 01 10
TST 00 01 00
TTF 00 01 00
ufa 55 46 41
VBX 4D 5A
VCD 45 4E 54 52 59 56 43 44 02 00 00 01 02 00 18 58
vcf 42 45 47 49 4E 3A 56 43 41 52 44 0D 0A
vob 00 00 01 BA
VXD, 386 4D 5A
WAV 52 49 46
wav 57 41 56 45
wav 57 41 56 45 66 6D 74
wb2 00 00 02 00
wb3 [24 byte offset] 3E 00 03 00 FE FF 09 00 06
wk1; wks 20 00 60 40 60
wk1 00 00 02 00 06 04 06 00 08 00 00 00 00 00
wk3 00 00 1A 00 00 10 04 00
wk4; wk5 00 00 1A 00 02 10 04 00
wks 0E 57 4B 53
WMA 30 26 B2
wmf 01 00 09 00
wmf 01 00 09 00 00 03
wmf 02 00 09 00
wmf D7 CD C6 9A
WMV 30 26 B2
wp FF 57 50 43
wpd FF 57 50 43
wpg FF 57 50 47
wri 31 BE
WRI 31 BE 00
wri 32 BE
ws 1D 7D
XBE 58 42 45
xdr 3C
xls 09 02 06 00 00 00 10 00 B9 04 5C 00
xls 09 04 06 00 00 00 10 00 F6 05 5C 00
XLS D0 CF 11
xls D0 CF 11 E0
xls [512 byte offset] 09 08 10 00 00 06 05 00
XML 3C 3F 78
xml 3C 3F 78 6D 6C
xml FF FE 3C 00 52 00 4F 00 4F 00 54 00 53 00 54 00 55 00 42 00
XMV 00 50 01
XSL FF FE 3C
xul 72 73 69 6F 6E 3D 22 31 3C 3F 78 6D 6C 20 76 65 2E 30 22 3F 3E
z 1F 9D
Z 1F 9D 8C
ZIP 50 4B 03
zip; jar; zipx 50 4B 03 04
zip 50 4B 30 30
Zip 50 4B 30 30 50 4B 03 04
zoo 5A 4F 4F 20

Source & Reference

点击关注，共同学习！
安全狗的自我修养

github haidragon

https://github.com/haidragon

posted @ 2022-10-30 14:25 syscallwww 阅读(212) 评论(0) 编辑收藏举报

会员力量，点亮园子希望

刷新页面返回顶部

文件头-笔记

文件头

Source & Reference

公告