Пример #1
0
        public static bool IsValidEXE(string fileName)
        {
            if (!File.Exists(fileName))
            {
                return(false);
            }

            try
            {
                using (var stream = File.OpenRead(fileName))
                {
                    IMAGE_DOS_HEADER dosHeader = GetDosHeader(stream);
                    if (dosHeader.e_magic != Consts.IMAGE_DOS_SIGNATURE)
                    {
                        return(false);
                    }

                    IMAGE_NT_HEADERS_COMMON ntHeader = GetCommonNtHeader(stream, dosHeader);
                    if (ntHeader.Signature != Consts.IMAGE_NT_SIGNATURE)
                    {
                        return(false);
                    }

                    //Return false for DLL
                    //if ((ntHeader.FileHeader.Characteristics & Consts.IMAGE_FILE_DLL) != 0)
                    //    return false;

                    switch (ntHeader.FileHeader.Machine)
                    {
                    case Consts.IMAGE_FILE_MACHINE_I386:
                        return(IsValidExe32(GetNtHeader32(stream, dosHeader)));

                    case Consts.IMAGE_FILE_MACHINE_IA64:
                    case Consts.IMAGE_FILE_MACHINE_AMD64:
                        return(IsValidExe64(GetNtHeader64(stream, dosHeader)));
                    }
                }
            }
            catch (InvalidOperationException)
            {
                return(false);
            }

            return(true);
        }
Пример #2
0
 static IMAGE_NT_HEADERS64 GetNtHeader64(Stream stream, IMAGE_DOS_HEADER dosHeader)
 {
     stream.Seek(dosHeader.e_lfanew, SeekOrigin.Begin);
     return(ReadStructFromStream <IMAGE_NT_HEADERS64>(stream));
 }
Пример #3
0
 static IMAGE_NT_HEADERS_COMMON GetCommonNtHeader(Stream stream, IMAGE_DOS_HEADER dosHeader)
 {
     stream.Seek(dosHeader.e_lfanew, SeekOrigin.Begin);
     return(ReadStructFromStream <IMAGE_NT_HEADERS_COMMON>(stream));
 }