Menu
I'm trying to calculate SHA1 hash values in Python against binary files for later comparison. To make sure things are working, I used several methods to check the validity of my result. And, I'm glad I did. Powershell and Python return different values. 7zip's SHA1 function agrees with Powershell's results and Microsoft's FCIV agrees with Python's results.
Python:
import hashlib
with open("C:\\Windows\\system32\\wbem\\wmiutils.dll", "rb") as f:
print(hashlib.sha1(f.read()).hexdigest())
Powershell:
PS C:\> Get-FileHash C:\Windows\System32\wbem\wmiutils.dll -Algorithm SHA1
Results:
Python: d25f5b57d3265843ed3a0e7b6681462e048b29a9
Powershell: B8C757BA70F6B145AD191A1B09C225FBA2BD55FB
EDIT: 32-bit Python and 64-bit Powershell against a system32 dll. That was the problem. I have some homework to do but basically, 32-bit and 64-bit applications receive a different file and thus, different hash results. I launched 64-bit python and ran the exact same code against the dll and as a 64-bit powershell process. Received consistent results when running both processes as 32-bit.
EDIT2: Found this resource that explains things a bit. At least it helped me understand what's going on: https://www.sepago.com/blog/2008/04/20/windows-x64-all-the-same-yet-very-different-part-7-file-system-and-registry
738
This is happening because you are running a 32bit version of Python and accessing a system dll -- Windows magically redirects you to the 32bit version of the dll, while PowerShell is running as a 64bit process and sees the 64bit version of the DLLs.
I am not sure if I am glad I know this or saddened by it.
158
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
