public static bool IsValidPEFile(FileStream stream)
{
try
{
IMAGE_DOS_HEADER dosHeader = GetDosHeader(stream);
if (dosHeader.e_magic != IMAGE_DOS_SIGNATURE)
{
return(false);
}
IMAGE_NT_HEADERS_COMMON ntHeader = GetCommonNtHeader(stream, dosHeader);
if (ntHeader.Signature != IMAGE_NT_SIGNATURE)
{
return(false);
}
switch ((MachineType)ntHeader.FileHeader.Machine)
{
case MachineType.IMAGE_FILE_MACHINE_I386:
return(IsValidExe32(GetNtHeader32(stream, dosHeader)));
case MachineType.IMAGE_FILE_MACHINE_IA64:
case MachineType.IMAGE_FILE_MACHINE_AMD64:
return(IsValidExe64(GetNtHeader64(stream, dosHeader)));
}
}
catch (InvalidOperationException)
{
return(false);
}
return(true);
}
static IMAGE_NT_HEADERS64 GetNtHeader64(Stream stream, IMAGE_DOS_HEADER dosHeader)
{
stream.Seek(dosHeader.e_lfanew, SeekOrigin.Begin);
return(ReadStructFromStream <IMAGE_NT_HEADERS64>(stream));
}
static IMAGE_NT_HEADERS_COMMON GetCommonNtHeader(Stream stream, IMAGE_DOS_HEADER dosHeader)
{
stream.Seek(dosHeader.e_lfanew, SeekOrigin.Begin);
return(ReadStructFromStream <IMAGE_NT_HEADERS_COMMON>(stream));
}
