示例#1
0
        public static bool IsValidExe(string fileName)
        {
            if (!File.Exists(fileName))
            {
                return(false);
            }

            try
            {
                using (var stream = File.OpenRead(fileName))
                {
                    IMAGE_DOS_HEADER dosHeader = GetDosHeader(stream);
                    if (dosHeader.e_magic != IMAGE_DOS_SIGNATURE)
                    {
                        return(false);
                    }

                    IMAGE_NT_HEADERS_COMMON ntHeader = GetCommonNtHeader(stream, dosHeader);
                    if (ntHeader.Signature != IMAGE_NT_SIGNATURE)
                    {
                        return(false);
                    }

                    if ((ntHeader.FileHeader.Characteristics & IMAGE_FILE_DLL) != 0)
                    {
                        return(false);
                    }

                    switch (ntHeader.FileHeader.Machine)
                    {
                    case IMAGE_FILE_MACHINE_I386:
                        return(IsValidExe32(GetNtHeader32(stream, dosHeader)));

                    case IMAGE_FILE_MACHINE_IA64:
                    case IMAGE_FILE_MACHINE_AMD64:
                        return(IsValidExe64(GetNtHeader64(stream, dosHeader)));
                    }
                }
            }
            catch (InvalidOperationException)
            {
                return(false);
            }

            return(true);
        }
示例#2
0
 static IMAGE_NT_HEADERS64 GetNtHeader64(Stream stream, IMAGE_DOS_HEADER dosHeader)
 {
     stream.Seek(dosHeader.e_lfanew, SeekOrigin.Begin);
     return(ReadStructFromStream <IMAGE_NT_HEADERS64>(stream));
 }
示例#3
0
 static IMAGE_NT_HEADERS_COMMON GetCommonNtHeader(Stream stream, IMAGE_DOS_HEADER dosHeader)
 {
     stream.Seek(dosHeader.e_lfanew, SeekOrigin.Begin);
     return(ReadStructFromStream <IMAGE_NT_HEADERS_COMMON>(stream));
 }