Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Why do I get a different SHA1 hash between Powershell and 32bit-Python on a system DLL?

I'm trying to calculate SHA1 hash values in Python against binary files for later comparison. To make sure things are working, I used several methods to check the validity of my result. And, I'm glad I did. Powershell and Python return different values. 7zip's SHA1 function agrees with Powershell's results and Microsoft's FCIV agrees with Python's results.

Python:

import hashlib
with open("C:\\Windows\\system32\\wbem\\wmiutils.dll", "rb") as f:
     print(hashlib.sha1(f.read()).hexdigest())

Powershell:

PS C:\> Get-FileHash C:\Windows\System32\wbem\wmiutils.dll -Algorithm SHA1

Results:

Python: d25f5b57d3265843ed3a0e7b6681462e048b29a9
Powershell: B8C757BA70F6B145AD191A1B09C225FBA2BD55FB

EDIT: 32-bit Python and 64-bit Powershell against a system32 dll. That was the problem. I have some homework to do but basically, 32-bit and 64-bit applications receive a different file and thus, different hash results. I launched 64-bit python and ran the exact same code against the dll and as a 64-bit powershell process. Received consistent results when running both processes as 32-bit.

EDIT2: Found this resource that explains things a bit. At least it helped me understand what's going on: https://www.sepago.com/blog/2008/04/20/windows-x64-all-the-same-yet-very-different-part-7-file-system-and-registry

like image 738
mustbenewhere Avatar asked Sep 30 '15 02:09

mustbenewhere


1 Answers

This is happening because you are running a 32bit version of Python and accessing a system dll -- Windows magically redirects you to the 32bit version of the dll, while PowerShell is running as a 64bit process and sees the 64bit version of the DLLs.

I am not sure if I am glad I know this or saddened by it.

like image 158
MK. Avatar answered Oct 12 '22 22:10

MK.