判断是否PE头(上课代码) 

// 01 判断是否是PE文件.cpp : 定义控制台应用程序的入口点。
//

#include "stdafx.h"
#include <windows.h>



bool  IsPeFile(TCHAR* szPath)
{
    //1 将PE文件读取到内存
    HANDLE hFile = CreateFile(
        szPath,
        GENERIC_READ,
        0,
        NULL, OPEN_EXISTING,
        FILE_ATTRIBUTE_NORMAL
        , NULL
        );
    DWORD dwSize = GetFileSize(hFile, NULL);
    DWORD dwRubbish = 0;
    unsigned char * pBuf = new unsigned char[dwSize];
    ReadFile(hFile, pBuf, dwSize, &dwRubbish, NULL);
    //2 判断是否是PE文件
    PIMAGE_DOS_HEADER pDos = (PIMAGE_DOS_HEADER)pBuf;
    if (pDos->e_magic != IMAGE_DOS_SIGNATURE)
    {
        return 0;
    }
    PIMAGE_NT_HEADERS  pNt = (PIMAGE_NT_HEADERS)(pBuf + pDos->e_lfanew);
    if (pNt->Signature != IMAGE_NT_SIGNATURE)
    {

        return 0;
    }
    delete []pBuf;
    return 1;
}
int _tmain(int argc, _TCHAR* argv[])
{
    BOOL bSuccess = IsPeFile(L"D:\\Test.exe");
    if (bSuccess==TRUE)
    {
        printf("");
    }
    else
    {
        printf("不是");
    }
}

 

posted @ 2016-03-28 15:46  天还是那么蓝  阅读(277)  评论(0编辑  收藏  举报