Reverse Engineering

File extensions

File extensions are words appended to the filename, after a dot

  • lecture.pptx

File extensions are a basic mechanism to know how to handle a file.

  • Operating systems use extensions to select the correct process.

  • Applications use it to filter which files are adequate (.e.g images). Mostly a usability aspect.

  • Humans use extensions to differentiate files.

Popular file extensions:

  • compressed files: zip, rar, bz2, gz, 7z;

  • executable files: exe, dll, so, com;

  • images: jpg, tiff, bmp, fits, png.

Knowing the file extension is important to apply the correct analysis process.

  • Analyzing a JPG is different from analyzing an EXE, or even a PNG.

Extensions are misleading!

Windows hides extensions of known file types.

  • Sample.pptx becomes only Sample.

Executable files may have an embedded icon.

  • Freely defined by the developer.

  • Explorer will show that icon.

A file named Sample.pptx.exe will be shown as Sample.pptx.

  • Users recognize the extension and may think the file is safe.

In a RE task, consider that a file may have bogus extensions.

PreviousFilesNextFile Signature

Last updated