-
-
[求助]pe文件判断的问题
-
2006-4-25 00:27
-
以下是主要的代码,调用时lpMem的值老是0
在下是新手,还请前辈指教
BOOL LoadFile(LPSTR pszFileName)
{
HANDLE hFile;
BOOL bSuccess=FALSE;
char buf[20];
hFile=CreateFile(pszFileName,GENERIC_READ,FILE_SHARE_READ|FILE_SHARE_WRITE,NULL,OPEN_EXISTING ,FILE_ATTRIBUTE_ARCHIVE,0);
if(hFile!=INVALID_HANDLE_VALUE)
{
DWORD dwFileSize;
HANDLE hMapFile;
LPVOID lpMem;
dwFileSize=GetFileSize(hFile,0);
hMapFile=CreateFileMapping(hFile,NULL,PAGE_READONLY,0,0,NULL);
if(hMapFile=NULL)
{
MessageBox(NULL,"创建映象失败","info",MB_ICONINFORMATION|MB_OK);
CloseHandle(hMapFile);
return bSuccess;
}
lpMem=MapViewOfFile(hMapFile,FILE_MAP_READ,0,0,0);
if(lpMem=NULL)
MessageBox(NULL,"映射文件失败","info",MB_ICONINFORMATION|MB_OK);
if(IsPeFile(lpMem)==FALSE)
{
wsprintf(buf,"value is %d",(DWORD)lpMem);//提示的地方
MessageBox(NULL,buf,"info",MB_ICONINFORMATION|MB_OK);
}
else
{
MessageBox(NULL,"是PE格式的文件","info",MB_ICONINFORMATION|MB_OK);
bSuccess=TRUE;
}
UnmapViewOfFile(lpMem);
CloseHandle(hMapFile);
CloseHandle(hFile);
}
return bSuccess;
}
BOOL IsPeFile(LPVOID ImageBase)
{
PIMAGE_DOS_HEADER pDH=NULL;
PIMAGE_NT_HEADERS pNtH=NULL;
if(!ImageBase)
return FALSE;
pDH=(PIMAGE_DOS_HEADER)ImageBase;
if(pDH->e_magic!=IMAGE_DOS_SIGNATURE)
return FALSE;
pNtH=(PIMAGE_NT_HEADERS32)((DWORD)pDH+pDH->e_lfanew);
if(pNtH->Signature!=IMAGE_NT_SIGNATURE)
return FALSE;
return TRUE;
}
在下是新手,还请前辈指教
BOOL LoadFile(LPSTR pszFileName)
{
HANDLE hFile;
BOOL bSuccess=FALSE;
char buf[20];
hFile=CreateFile(pszFileName,GENERIC_READ,FILE_SHARE_READ|FILE_SHARE_WRITE,NULL,OPEN_EXISTING ,FILE_ATTRIBUTE_ARCHIVE,0);
if(hFile!=INVALID_HANDLE_VALUE)
{
DWORD dwFileSize;
HANDLE hMapFile;
LPVOID lpMem;
dwFileSize=GetFileSize(hFile,0);
hMapFile=CreateFileMapping(hFile,NULL,PAGE_READONLY,0,0,NULL);
if(hMapFile=NULL)
{
MessageBox(NULL,"创建映象失败","info",MB_ICONINFORMATION|MB_OK);
CloseHandle(hMapFile);
return bSuccess;
}
lpMem=MapViewOfFile(hMapFile,FILE_MAP_READ,0,0,0);
if(lpMem=NULL)
MessageBox(NULL,"映射文件失败","info",MB_ICONINFORMATION|MB_OK);
if(IsPeFile(lpMem)==FALSE)
{
wsprintf(buf,"value is %d",(DWORD)lpMem);//提示的地方
MessageBox(NULL,buf,"info",MB_ICONINFORMATION|MB_OK);
}
else
{
MessageBox(NULL,"是PE格式的文件","info",MB_ICONINFORMATION|MB_OK);
bSuccess=TRUE;
}
UnmapViewOfFile(lpMem);
CloseHandle(hMapFile);
CloseHandle(hFile);
}
return bSuccess;
}
BOOL IsPeFile(LPVOID ImageBase)
{
PIMAGE_DOS_HEADER pDH=NULL;
PIMAGE_NT_HEADERS pNtH=NULL;
if(!ImageBase)
return FALSE;
pDH=(PIMAGE_DOS_HEADER)ImageBase;
if(pDH->e_magic!=IMAGE_DOS_SIGNATURE)
return FALSE;
pNtH=(PIMAGE_NT_HEADERS32)((DWORD)pDH+pDH->e_lfanew);
if(pNtH->Signature!=IMAGE_NT_SIGNATURE)
return FALSE;
return TRUE;
}
[培训]内核驱动高级班,冲击BAT一流互联网大厂工 作,每周日13:00-18:00直播授课
|
|
|---|---|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
