如何判断文件是EXE还是DLL?
Meh*_*dad 12 dll executable file-extension portable-executable
如果你已经搞乱了文件扩展名,你怎么能告诉一个可执行文件除了DLL?
他们似乎都有切入点和一切......
如果这里有兴趣的人是C#中的代码,则测试32位PE文件.
public static class PECheck
{
public static bool IsDll(Stream stream)
{
using (BinaryReader reader = new BinaryReader(stream))
{
byte[] header = reader.ReadBytes(2); //Read MZ
if (header[0] != (byte)'M' && header[1] != (byte)'Z')
throw new Exception("Invalid PE file");
stream.Seek(64 - 4, SeekOrigin.Begin);//read elf_new this is the offset where the IMAGE_NT_HEADER begins
int offset = reader.ReadInt32();
stream.Seek(offset, SeekOrigin.Begin);
header = reader.ReadBytes(2);
if (header[0] != (byte)'P' && header[1] != (byte)'E')
throw new Exception("Invalid PE file");
stream.Seek(20, SeekOrigin.Current); //point to last word of IMAGE_FILE_HEADER
short readInt16 = reader.ReadInt16();
return (readInt16 & 0x2000) == 0x2000;
}
}
}
查看本文以获得有关Windows上可移植可执行文件的详细说明.
然后查看关于PE头的部分.此外,代码在C中显示了使用Win32打开和检查PE文件的方法.您要查找的信息存储在IMAGE_FILE_HEADER中.特别是在Characteristics包含标志的字段中,IMAGE_FILE_DLL 0x2000如果它是dll.
这应该为您提供足够的信息来创建一个小实用程序,如果您正在寻找的话,它将确定一堆文件.
用于参考目的的最相关的代码位,从上面的文章复制并编辑以删除无关的细节/错误处理.
void DumpFile(LPWSTR filename)
{
HANDLE hFile = CreateFile(filename, GENERIC_READ, FILE_SHARE_READ, NULL, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, 0);
HANDLE hFileMapping = CreateFileMapping(hFile, NULL, PAGE_READONLY, 0, 0, NULL);
LPVOID lpFileBase = MapViewOfFile(hFileMapping, FILE_MAP_READ, 0, 0, 0);
PIMAGE_DOS_HEADER pDosHeader = (PIMAGE_DOS_HEADER)lpFileBase;
PIMAGE_NT_HEADERS pNTHeader = (PIMAGE_NT_HEADERS)((DWORD)pDosHeader + (DWORD)pDosHeader->e_lfanew);
if ((pNTHeader->FileHeader.Characteristics & IMAGE_FILE_DLL))
printf("dll");
if ((pNTHeader->FileHeader.Characteristics & IMAGE_FILE_EXECUTABLE_IMAGE))
printf("exe");
else
printf("????");
UnmapViewOfFile(lpFileBase);
CloseHandle(hFileMapping);
CloseHandle(hFile);
}
| 归档时间: |
|
| 查看次数: |
8995 次 |
| 最近记录: |