File Magic Number

In many OSes, different type of files have different starting bytes. The typical starting numbers are called magic number. Usually the command ‘file’ checks the magic number to decide what’s the file type

Examples of ‘file’ command:

[ec2-user@ip-172-31-16-100 webchecker]$ file dnstest.py
dnstest.py: a /usr/bin/python script text executable
[ec2-user@ip-172-31-16-100 webchecker]$ file /bin/ls
/bin/ls: ELF 64-bit LSB executable, x86-64, version 1 (SYSV), dynamically linked (uses shared libs), for GNU/Linux 2.6.18, stripped
[ec2-user@ip-172-31-16-100 webchecker]$ file hostname.conf
hostname.conf: ASCII text

when we write the script, either with python, perl or bash. We actually set the magic number for the file. The script may start with a "shebang" (#!, 23 21) followed by the path to an interpreter,

we may use readelf command to get the magic number

[ec2-user@ip-172-31-16-100 webchecker]$ readelf -h /usr/bin/python
ELF Header:
  Magic:   7f 45 4c 46 02 01 01 00 00 00 00 00 00 00 00 00
  Class:                             ELF64
  Data:                              2's complement, little endian
  Version:                           1 (current)
  OS/ABI:                            UNIX - System V
  ABI Version:                       0
  Type:                              EXEC (Executable file)
  Machine:                           Advanced Micro Devices X86-64
  Version:                           0x1
  Entry point address:               0x400620
  Start of program headers:          64 (bytes into file)
  Start of section headers:          7048 (bytes into file)
  Flags:                             0x0
  Size of this header:               64 (bytes)
  Size of program headers:           56 (bytes)
  Number of program headers:         8
  Size of section headers:           64 (bytes)
  Number of section headers:         31

  Section header string table index: 30