BOOL IsWindowsApp( CString strPathName )
{
if ( ! PathFileExists( strPathName ) )
return FALSE;
// 根据 PE 签名判断当前文件是否合法的 PE 文件
HANDLE hFile = CreateFile( strPathName, GENERIC_READ, FILE_SHARE_READ, NULL, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, NULL );
if ( hFile == INVALID_HANDLE_VALUE ) {
TRACE1( "Failed To Open File %s !\n", strPathName );
return FALSE;
}
HANDLE hMMFile = CreateFileMapping( hFile, NULL, PAGE_READONLY, 0, 0, NULL );
if ( hMMFile == INVALID_HANDLE_VALUE ) {
CloseHandle( hFile );
return FALSE;
}
LPVOID pvMem = MapViewOfFile( hMMFile, FILE_MAP_READ, 0, 0, 0 );
if ( ! pvMem ) {
CloseHandle( hMMFile );
CloseHandle( hFile );
return FALSE;
}
// 是否包含有 DOS 签名
if ( *( USHORT* ) pvMem != IMAGE_DOS_SIGNATURE ) {
UnmapViewOfFile( pvMem );
CloseHandle( hMMFile );
CloseHandle( hFile );
return FALSE;
}
// 是否包含有 NT 签名
if ( *( ( DWORD* ) ( ( PBYTE ) pvMem + ( ( PIMAGE_DOS_HEADER ) pvMem )->e_lfanew ) ) != IMAGE_NT_SIGNATURE ) {
UnmapViewOfFile( pvMem );
CloseHandle( hMMFile );
CloseHandle( hFile );
return FALSE;
}
LPVOID pvOptionalHeader = ( PBYTE ) pvMem + ( ( PIMAGE_DOS_HEADER ) pvMem )->e_lfanew + sizeof( DWORD ) + sizeof( IMAGE_FILE_HEADER );
IMAGE_OPTIONAL_HEADER ioh;
CopyMemory( & ioh, pvOptionalHeader, sizeof( IMAGE_OPTIONAL_HEADER ) );
if ( ioh.Subsystem == IMAGE_SUBSYSTEM_WINDOWS_GUI ) {
UnmapViewOfFile( pvMem );
CloseHandle( hMMFile );
CloseHandle( hFile );
return TRUE;
}
return FALSE;
}
{
if ( ! PathFileExists( strPathName ) )
return FALSE;
// 根据 PE 签名判断当前文件是否合法的 PE 文件
HANDLE hFile = CreateFile( strPathName, GENERIC_READ, FILE_SHARE_READ, NULL, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, NULL );
if ( hFile == INVALID_HANDLE_VALUE ) {
TRACE1( "Failed To Open File %s !\n", strPathName );
return FALSE;
}
HANDLE hMMFile = CreateFileMapping( hFile, NULL, PAGE_READONLY, 0, 0, NULL );
if ( hMMFile == INVALID_HANDLE_VALUE ) {
CloseHandle( hFile );
return FALSE;
}
LPVOID pvMem = MapViewOfFile( hMMFile, FILE_MAP_READ, 0, 0, 0 );
if ( ! pvMem ) {
CloseHandle( hMMFile );
CloseHandle( hFile );
return FALSE;
}
// 是否包含有 DOS 签名
if ( *( USHORT* ) pvMem != IMAGE_DOS_SIGNATURE ) {
UnmapViewOfFile( pvMem );
CloseHandle( hMMFile );
CloseHandle( hFile );
return FALSE;
}
// 是否包含有 NT 签名
if ( *( ( DWORD* ) ( ( PBYTE ) pvMem + ( ( PIMAGE_DOS_HEADER ) pvMem )->e_lfanew ) ) != IMAGE_NT_SIGNATURE ) {
UnmapViewOfFile( pvMem );
CloseHandle( hMMFile );
CloseHandle( hFile );
return FALSE;
}
LPVOID pvOptionalHeader = ( PBYTE ) pvMem + ( ( PIMAGE_DOS_HEADER ) pvMem )->e_lfanew + sizeof( DWORD ) + sizeof( IMAGE_FILE_HEADER );
IMAGE_OPTIONAL_HEADER ioh;
CopyMemory( & ioh, pvOptionalHeader, sizeof( IMAGE_OPTIONAL_HEADER ) );
if ( ioh.Subsystem == IMAGE_SUBSYSTEM_WINDOWS_GUI ) {
UnmapViewOfFile( pvMem );
CloseHandle( hMMFile );
CloseHandle( hFile );
return TRUE;
}
return FALSE;
}