判断是否为有效PE文件:
(c 版读写文件)
//通过判断DOS头标志和PE头标志以及PE头属性值来确定文件是否可执行文件
BOOL IsExeFile(HANDLE hFile)
{
DWORD nCount;
BOOL bResult = FALSE;
IMAGE_DOS_HEADER dosHeader;
IMAGE_NT_HEADERS ntHeader;
ReadFile(hFile,&dosHeader,sizeof(dosHeader),&nCount,NULL);
if (nCount == sizeof(dosHeader))
{
//有效的DOS头
if (IMAGE_DOS_SIGNATURE == dosHeader.e_magic)
{
if (SetFilePointer(hFile,dosHeader.e_lfanew,NULL,FILE_BEGIN) != -1)
{//NT头检查
ReadFile(hFile,&ntHeader,sizeof(ntHeader),&nCount,NULL);
if(nCount == sizeof(ntHeader))
if(IMAGE_NT_SIGNATURE == ntHeader.Signature)
if(ntHeader.FileHeader.Characteristics & IMAGE_FILE_EXECUTABLE_IMAGE)
{
bResult = TRUE;
}