Skip to content

Instantly share code, notes, and snippets.

@Rurik

Rurik/getNETversion.py

Created September 30, 2014 14:48
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save Rurik/f6a05d9fb50ed5085223 to your computer and use it in GitHub Desktop.
Save Rurik/f6a05d9fb50ed5085223 to your computer and use it in GitHub Desktop.
Download ZIP
Determine the .NET version used to compile a .NET executable.
Raw
getNETversion.py
def get_NET_version(data):
"""
Code to extract .NET compiled version.
typedef struct t_MetaData_Header {
DWORD Signature; // BSJB
WORD MajorVersion;
WORD MinorVersion;
DWORD Unknown1;
DWORD VersionSize;
PBYTE VersionString;
WORD Flags;
WORD NumStreams;
PBYTE Streams;
} METADATA_HEADER, *PMETADATA_HEADER;
"""
offset = data.find('BSJB')
if offset > 0:
hdr = data[offset:offset+32]
magic = hdr[0:4]
major = struct.unpack('i', hdr[4:8])[0]
minor = struct.unpack('i', hdr[8:12])[0]
size = struct.unpack('i', hdr[12:16])[0]
return hdr[16:16+size].strip('\x00')
return
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment