用C写的验证是否是PE有效文件

 

 

#include <windows.h> #include <stdio.h> #define FILE_ABSOLUTE_PATH "d://warcraft3.exe" int main(int argc,char* argv[]) { HANDLE hFile =CreateFile(FILE_ABSOLUTE_PATH,GENERIC_READ,FILE_SHARE_READ, NULL,OPEN_EXISTING,FILE_ATTRIBUTE_NORMAL,NULL); if (INVALID_HANDLE_VALUE == hFile) { printf("the file is not a valid pe file"); return 0; } //验证PE的IMAGE_DOS_HEADER IMAGE_DOS_HEADER peDosHeader; DWORD dwReadDosHeaderSize; ReadFile(hFile,&peDosHeader,sizeof(IMAGE_DOS_HEADER),&dwReadDosHeaderSize,NULL); if (dwReadDosHeaderSize != sizeof(IMAGE_DOS_HEADER)) { printf("the file is not a valid pe file"); CloseHandle(hFile); return 0; } //检验IMAGE_DOS_SIGNATURE if (IMAGE_DOS_SIGNATURE != peDosHeader.e_magic) { printf("the file is not a valid pe file"); CloseHandle(hFile); return 0; } //定位到PE头 if (::SetFilePointer (hFile,peDosHeader.e_lfanew,NULL,FILE_BEGIN) == -1) { printf("you failed to find pe headers"); CloseHandle(hFile); return 0; } //读取PE头 IMAGE_NT_HEADERS PEHeaders; DWORD dwReadPEHeadersSize; ReadFile(hFile,&PEHeaders,sizeof(IMAGE_NT_HEADERS),&dwReadPEHeadersSize,NULL); if(dwReadPEHeadersSize != sizeof(IMAGE_NT_HEADERS)) { printf("the file is not a valid pe file"); CloseHandle(hFile); return 0; } //验证IMAGE_NT_SIGNATURE if (IMAGE_NT_SIGNATURE != PEHeaders.Signature) { printf("the file is not a valid pe file"); CloseHandle(hFile); return 0; } printf("the file is a valid pe file"); CloseHandle(hFile); return 0; }