Prüfen, ob eine Datei eine Win32-EXE (PE-Format) ist |
|
| System | Win9x, WinNT, Win2000, WinXP, Vista, Win7 |
|---|---|
| Ab Delphi-Version | Delphi 1 |
| Letzte Änderung | 28.09.2010 |
const
IMAGE_DOS_SIGNATURE = $5A4D;
IMAGE_NT_SIGNATURE = $00004550;
type
PIMAGE_DOS_HEADER = ^IMAGE_DOS_HEADER;
IMAGE_DOS_HEADER = packed record
e_magic, e_cblp, e_cp, e_crlc, e_cparhdr, e_minalloc,
e_maxalloc, e_ss, e_sp, e_csum, e_ip, e_cs, e_lfarlc,
e_ovno: WORD;
e_res: packed array[0..3] of word;
e_oemid, e_oeminfo: word;
e_res2: packed array[0..9] of word;
e_lfanew: Longint;
end;
function isexe(s: string): boolean;
var hfile, hmap, test: DWORD;
pEXE: PChar;
begin
result := false;
hfile := createfile(pchar(s), GENERIC_READ, FILE_SHARE_READ, nil, OPEN_EXISTING,
FILE_ATTRIBUTE_NORMAL, 0);
if hfile INVALID_HANDLE_VALUE then
try
hmap := CreateFileMapping(hFile, nil, PAGE_READONLY, 0, 0, nil);
if hmap 0 then
try
pEXE := MapViewOfFile(hMap, FILE_MAP_READ, 0, 0, 0);
result := PWORD(pEXE)^ = IMAGE_DOS_SIGNATURE;
if result then begin
MessageBox(0, pchar(format('DOS-Header found' + #13#10 + 'PE offset: 0x%8.8x',
[PIMAGE_DOS_HEADER(pEXE)^.e_lfanew])), '', MB_OK);
result := false;
pEXE := pEXE + PIMAGE_DOS_HEADER(pEXE)^.e_lfanew;
result := PDWORD(pEXE)^ = IMAGE_NT_SIGNATURE;
if result then begin
MessageBox(0, 'Yepp, it''s a PE', '', MB_OK);
test := PIMAGE_FILE_HEADER(pEXE)^.TimeDateStamp;
MessageBox(0, pchar(format('%8.8x (%d) - %d', [test, test, test])), '', MB_OK);
end;
UnmapViewOfFile(pEXE);
end;
finally
closehandle(hmap);
end;
finally
closehandle(hfile);
end;
end;
IMAGE_DOS_SIGNATURE = $5A4D;
IMAGE_NT_SIGNATURE = $00004550;
type
PIMAGE_DOS_HEADER = ^IMAGE_DOS_HEADER;
IMAGE_DOS_HEADER = packed record
e_magic, e_cblp, e_cp, e_crlc, e_cparhdr, e_minalloc,
e_maxalloc, e_ss, e_sp, e_csum, e_ip, e_cs, e_lfarlc,
e_ovno: WORD;
e_res: packed array[0..3] of word;
e_oemid, e_oeminfo: word;
e_res2: packed array[0..9] of word;
e_lfanew: Longint;
end;
function isexe(s: string): boolean;
var hfile, hmap, test: DWORD;
pEXE: PChar;
begin
result := false;
hfile := createfile(pchar(s), GENERIC_READ, FILE_SHARE_READ, nil, OPEN_EXISTING,
FILE_ATTRIBUTE_NORMAL, 0);
if hfile INVALID_HANDLE_VALUE then
try
hmap := CreateFileMapping(hFile, nil, PAGE_READONLY, 0, 0, nil);
if hmap 0 then
try
pEXE := MapViewOfFile(hMap, FILE_MAP_READ, 0, 0, 0);
result := PWORD(pEXE)^ = IMAGE_DOS_SIGNATURE;
if result then begin
MessageBox(0, pchar(format('DOS-Header found' + #13#10 + 'PE offset: 0x%8.8x',
[PIMAGE_DOS_HEADER(pEXE)^.e_lfanew])), '', MB_OK);
result := false;
pEXE := pEXE + PIMAGE_DOS_HEADER(pEXE)^.e_lfanew;
result := PDWORD(pEXE)^ = IMAGE_NT_SIGNATURE;
if result then begin
MessageBox(0, 'Yepp, it''s a PE', '', MB_OK);
test := PIMAGE_FILE_HEADER(pEXE)^.TimeDateStamp;
MessageBox(0, pchar(format('%8.8x (%d) - %d', [test, test, test])), '', MB_OK);
end;
UnmapViewOfFile(pEXE);
end;
finally
closehandle(hmap);
end;
finally
closehandle(hfile);
end;
end;
Ähnliche Seiten:
- Datei mit zugeordneter Anwendung öffnen
- Programm ohne sichtbares Fenster starten
- Größe einer Datei ermitteln
- Feststellen, ob eine Datei existiert
- Erstellungsdatum von Dateien ermitteln
- Letzten Dateizugriff ermitteln
- Ist eine Datei in Benutzung
- Dateiversion ermitteln
- Datei nach einem bestimmten String durchsuchen
- Anwendung ermitteln, die mit einer Dateiendung verknüpft ist