bool isPE64(TCHAR *filename)
{
DWORD access_mode = (GENERIC_READ | GENERIC_WRITE);
//共享模式
DWORD share_mode = FILE_SHARE_READ | FILE_SHARE_WRITE;
HANDLE hFile =
CreateFile(filename,
access_mode,
share_mode,
NULL,
OPEN_ALWAYS,
FILE_FLAG_SEQUENTIAL_SCAN,
NULL);
if (hFile == INVALID_HANDLE_VALUE) {
return false;
}
DWORD high_size;
DWORD file_size = GetFileSize(hFile, &high_size);
DWORD mmf_size = 512 * 1024;
DWORD size_high = 0;
//创建文件映射,如果要创建内存页面文件的映射,第一个参数设置为INVALID_HANDLE_VALUE
HANDLE hFm = CreateFileMapping(hFile,
NULL,
PAGE_READWRITE,
size_high,
mmf_size,
NULL);
if (hFm == NULL){
CloseHandle(hFile);
return false;
}
size_t view_size = 1024 * 256;
DWORD view_access = FILE_MAP_ALL_ACCESS;
//获得映射视图
char* base_address = (char*)MapViewOfFile(hFm, view_access, 0, 0, view_size);
if (base_address != NULL){
bool flag;
IMAGE_DOS_HEADER *pDos = (IMAGE_DOS_HEADER*)base_address;
IMAGE_NT_HEADERS *pNt = (IMAGE_NT_HEADERS*)(pDos->e_lfanew + (char*)pDos);
if (pNt->FileHeader.Machine == IMAGE_FILE_MACHINE_IA64 || pNt->FileHeader.Machine == IMAGE_FILE_MACHINE_AMD64)
flag = true;
else
flag = false;
//卸载映射
UnmapViewOfFile(base_address);
//关闭内存映射文件
CloseHandle(hFm);
//关闭文件
CloseHandle(hFile);
return flag;
}
else{
return false;
}
}IMAGE_FILE_HEADER 中的Machine定义了PE文件的运行环境,因此判断该变量就可以获取其可运行的环境
扫一扫
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
