Home » Tipps & Tricks » Dateien/Verzeichnisse » Dateieigenschaften » Prüfen, ob eine Datei eine Win32-EXE (PE-Format) ist
Prüfen, ob eine Datei eine Win32-EXE (PE-Format) ist
const IMAGE_DOS_SIGNATURE = $5A4D; IMAGE_NT_SIGNATURE = $00004550; type PIMAGE_DOS_HEADER = ^IMAGE_DOS_HEADER; IMAGE_DOS_HEADER = packed record e_magic, e_cblp, e_cp, e_crlc, e_cparhdr, e_minalloc, e_maxalloc, e_ss, e_sp, e_csum, e_ip, e_cs, e_lfarlc, e_ovno: WORD; e_res: packed array[0..3] of word; e_oemid, e_oeminfo: word; e_res2: packed array[0..9] of word; e_lfanew: Longint; end; function isexe(s: string): boolean; var hfile, hmap, test: DWORD; pEXE: PChar; begin result := false; hfile := createfile(pchar(s), GENERIC_READ, FILE_SHARE_READ, nil, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, 0); if hfile INVALID_HANDLE_VALUE then try hmap := CreateFileMapping(hFile, nil, PAGE_READONLY, 0, 0, nil); if hmap 0 then try pEXE := MapViewOfFile(hMap, FILE_MAP_READ, 0, 0, 0); result := PWORD(pEXE)^ = IMAGE_DOS_SIGNATURE; if result then begin MessageBox(0, pchar(format('DOS-Header found' + #13#10 + 'PE offset: 0x%8.8x', [PIMAGE_DOS_HEADER(pEXE)^.e_lfanew])), '', MB_OK); result := false; pEXE := pEXE + PIMAGE_DOS_HEADER(pEXE)^.e_lfanew; result := PDWORD(pEXE)^ = IMAGE_NT_SIGNATURE; if result then begin MessageBox(0, 'Yepp, it''s a PE', '', MB_OK); test := PIMAGE_FILE_HEADER(pEXE)^.TimeDateStamp; MessageBox(0, pchar(format('%8.8x (%d) - %d', [test, test, test])), '', MB_OK); end; UnmapViewOfFile(pEXE); end; finally closehandle(hmap); end; finally closehandle(hfile); end; end;