1-4使用程序判断PE文件有效性

//function BottonClick
<!--more-->

//从编辑框获取文件路径和文件名
char szFile[MAX_PATH] = {0};
GetDlgItemText(IDC_EDIT1,szFile,MAX_PATH);

//打开文件
HANDLE hFile = CreateFile(szFile,GENERIC_READ,FILE_SHARE_READ,NULL,OPEN_EXISTING,FILE_ATTRIBUTE_NORMAL,NULL);

//创建一个内核映射对象
HANDLE hMap = CreateFileMapping(hFile,NULL,PAGE_READONLY,0,0,NULL);

//把文件映射入内存
LPVOID lpBase = MapViewOfFile(hMap,FILE_MAP_READ,0,0,0);

//判断文件是否是有效PE文件


//释放内存映射
CloseHandle(hMap);

//关闭文件
CloseHandle(hFile);



//function IsPeFile
BOOL IsPeFile(LPVOID lpBase)
{
    PIMAGE_DOS_HEADER pimgDosHdr = NULL;
    PIMAGE_NT_HEADERS pimgNtHdr = NULL;
    
    pimgDosHdr = (PIMAGE_DOS_HEADER)lpBase;
    if(pimgDosHdr->e_magic != IMAGE_DOS_SIGNATURE)
    {
        return FALSE;
    }
    
    pimgNtHdr = (PIMAGE_NT_HEADERS)((DWORD)lpBase + (DWORD)pimgDosHdr->e_lfanew)
    if(pimgNtHdr->Signature != IMAGE_NT_SIGNATURE)
    {
        return FALSE;
    }
    
    return TRUE;
}