先上代码吧
BOOL IsMicroSoft(TCHAR *pFile)
{
BOOL bRet = FALSE;
PBYTE pInfo = NULL;
TCHAR *pCompany;
DWORD dwSize;
LANGANDCODEPAGE *plcp;
UINT nSize;
TCHAR *pToGet = new TCHAR[MAX_PATH];
ZeroMemory(pToGet, MAX_PATH * sizeof(TCHAR));
dwSize = GetFileVersionInfoSize(pFile, 0);
if (dwSize > 0)
{
pInfo = new BYTE[dwSize];
if (GetFileVersionInfo(pFile, 0, dwSize, pInfo))
{
//plcp指向的是pInfo里的数据,也就是取得一个指针而已
if (VerQueryValue(pInfo, _T("\\VarFileInfo\\Translation"), (PVOID*)&plcp, &nSize))
{
wsprintf(pToGet, _T("\\StringFileInfo\\%04X%04X\\CompanyName"), plcp->wLanguage, plcp->wCodePage);
if (VerQueryValue(pInfo, pToGet, (PVOID*)&pCompany, &nSize))
{
if (lstrcmp(_T("Microsoft Corporation"), pCompany) == 0) bRet = TRUE;
}
}
}
delete[] pInfo;
}
delete[] pToGet;
return bRet;
}
我这个函数是判断是不是微软的版本,比较简单,也容易伪造,但也不失为一种方法。