FS := TFileStream.Create(F, fmOpenRead);
if FS.Size < $1000 then
begin //判断文件大小,小于0x1000的判定为非有效PE
result := 0;
exit;
end;
FS.ReadBuffer(doshead, sizeof(IMAGE_DOS_HEADER));
if doshead.e_magic <> IMAGE_DOS_SIGNATURE then
begin //判断Dos头
result := 0;
exit;
end;
FS.Seek(doshead._lfanew, SoFromBeginning);
FS.ReadBuffer(pehead, sizeof(IMAGE_NT_HEADERS));
if pehead.Signature <> IMAGE_NT_SIGNATURE then
begin //判断PE头
result := 0;
exit;
end;
if pehead.FileHeader.Characteristics and IMAGE_FILE_DLL = IMAGE_FILE_DLL
{//判断是EXE还是DLL}then
result := 2
else
result := 1;