public static bool IsValidEXE(string fileName) { if (!File.Exists(fileName)) { return(false); } try { using (var stream = File.OpenRead(fileName)) { IMAGE_DOS_HEADER dosHeader = GetDosHeader(stream); if (dosHeader.e_magic != Consts.IMAGE_DOS_SIGNATURE) { return(false); } IMAGE_NT_HEADERS_COMMON ntHeader = GetCommonNtHeader(stream, dosHeader); if (ntHeader.Signature != Consts.IMAGE_NT_SIGNATURE) { return(false); } //Return false for DLL //if ((ntHeader.FileHeader.Characteristics & Consts.IMAGE_FILE_DLL) != 0) // return false; switch (ntHeader.FileHeader.Machine) { case Consts.IMAGE_FILE_MACHINE_I386: return(IsValidExe32(GetNtHeader32(stream, dosHeader))); case Consts.IMAGE_FILE_MACHINE_IA64: case Consts.IMAGE_FILE_MACHINE_AMD64: return(IsValidExe64(GetNtHeader64(stream, dosHeader))); } } } catch (InvalidOperationException) { return(false); } return(true); }
static IMAGE_NT_HEADERS64 GetNtHeader64(Stream stream, IMAGE_DOS_HEADER dosHeader) { stream.Seek(dosHeader.e_lfanew, SeekOrigin.Begin); return(ReadStructFromStream <IMAGE_NT_HEADERS64>(stream)); }
static IMAGE_NT_HEADERS_COMMON GetCommonNtHeader(Stream stream, IMAGE_DOS_HEADER dosHeader) { stream.Seek(dosHeader.e_lfanew, SeekOrigin.Begin); return(ReadStructFromStream <IMAGE_NT_HEADERS_COMMON>(stream)); }