PowerTip: Read .exe Magic Number with PowerShell


Summary: Learn how to use Windows PowerShell to see an .exe magic number.

Hey, Scripting Guy! Question How can I use Windows PowerShell to see the "magic number" associated with an executable file in Windows?

Hey, Scripting Guy! Answer The term magic number refers to the bytes that occur at the beginning of every file and identify the format of file.
           Use this command to read a Windows executable file header with Windows PowerShell:

 [char[]](gc $env:windir\notepad.exe -Encoding Byte -ReadCount 1 -TotalCount 2)

Comments (1)

  1. It’s worth mentioning how to get it in HEX format, typically more useful than a Byte array:

    [System.BitConverter]::ToString((Get-Content cowgirl.jpg -ReadCount 1 -TotalCount 4 -Encoding Byte))

    Then you can use http://en.wikipedia.org/wiki/List_of_file_signatures to figure out the file type.

Skip to main content