public static bool IsValidEXE(string fileName)
{
if (!File.Exists(fileName))
{
return(false);
}
try
{
using (var stream = File.OpenRead(fileName))
{
IMAGE_DOS_HEADER dosHeader = GetDosHeader(stream);
if (dosHeader.e_magic != Consts.IMAGE_DOS_SIGNATURE)
{
return(false);
}
IMAGE_NT_HEADERS_COMMON ntHeader = GetCommonNtHeader(stream, dosHeader);
if (ntHeader.Signature != Consts.IMAGE_NT_SIGNATURE)
{
return(false);
}
//Return false for DLL
//if ((ntHeader.FileHeader.Characteristics & Consts.IMAGE_FILE_DLL) != 0)
// return false;
switch (ntHeader.FileHeader.Machine)
{
case Consts.IMAGE_FILE_MACHINE_I386:
return(IsValidExe32(GetNtHeader32(stream, dosHeader)));
case Consts.IMAGE_FILE_MACHINE_IA64:
case Consts.IMAGE_FILE_MACHINE_AMD64:
return(IsValidExe64(GetNtHeader64(stream, dosHeader)));
}
}
}
catch (InvalidOperationException)
{
return(false);
}
return(true);
}
static IMAGE_NT_HEADERS64 GetNtHeader64(Stream stream, IMAGE_DOS_HEADER dosHeader)
{
stream.Seek(dosHeader.e_lfanew, SeekOrigin.Begin);
return(ReadStructFromStream <IMAGE_NT_HEADERS64>(stream));
}
static IMAGE_NT_HEADERS_COMMON GetCommonNtHeader(Stream stream, IMAGE_DOS_HEADER dosHeader)
{
stream.Seek(dosHeader.e_lfanew, SeekOrigin.Begin);
return(ReadStructFromStream <IMAGE_NT_HEADERS_COMMON>(stream));
}
