pythonhashcommand-linecertutil

Is there any way to find out the hash value of two files?

I have the python code which generates the hash value of two files. The first file is located in c:\windows\system32\wscript.exe and another file which is the clone of the first file which is located in d:\clone.exe.

python code

import os
strcommand ='certutil -hashfile c:\windows\system32\wscript.exe md2'
p=os.popen(strcommand ).read()
print(str(p).split('\n')[1])

strcommand1='certutil -hashfile d:\clone.exe md2'
p=os.popen(strcommand1 ).read()
print(str(p).split('\n')[1])

The output is 

D:\pythonprogram>python clonefinder.py
4cef03889db08179b57035e4463a84d5
db1cefe474ce12678ea4d6c61dc42291

But when I use the command which is used in python in command prompt the hash values of the two files are same

Command prompt

D:\pythonprogram>certutil -hashfile c:\windows\system32\wscript.exe md2
MD2 hash of c:\windows\system32\wscript.exe:
db1cefe474ce12678ea4d6c61dc42291
CertUtil: -hashfile command completed successfully.

D:\pythonprogram>certutil -hashfile d:\clone.exe md2
MD2 hash of d:\clone.exe:
db1cefe474ce12678ea4d6c61dc42291
CertUtil: -hashfile command completed successfully.

I want the hash values to be the same if I am executing the python program

any help with this?

Solution

  • Windows can be a rather funny operating system and due to its age, some magic has been added to allow old windows code to still work with windows 7/8/10 Under some circumstances you can see different versions of files in directories like C:\windows. Depending on your privileges / depending on whether you start a 32 bit / 64 bit application. I do not know all these mechanics by heart, but had already some bad surprises.

    To be 100% sure, that you do not execute the certutil command in two different environments. I propose following.

    1. open one cmd.exe window
    2. type the certutil commands from that window
    3. now call the python script also from the same window with C:\Path_to_your_python\python.exe name_of_your_python_script.py use the version of the python script where you prefixed the regexp string with the r (r"regex")

    If you still have different results, then check whether you have a 32 bit version or 64 bit version of python installed. C:\Path_to_your_python\python.exe -V

    If you have a 32 bit version, then I suggest to install a 64 bit version of python to test again.