📄 modpehandle.bas
字号:
Attribute VB_Name = "ModPEHandle"
'********************************************
''' 作者:kylinpoet or 獬独
''''2007-05-14 23:44 初稿
''''2007-05-15 13:32 修改
''''转载请保留作者 声明
'********************************************
Public Const GENERIC_READ As Long = &H80000000
Public Const GENERIC_WRITE As Long = &H40000000
Public Const FILE_SHARE_READ As Long = 1
Public Const FILE_SHARE_WRITE As Long = 2
Public Const CREATE_NEW As Long = 1
Public Const CREATE_ALWAYS As Long = 2
Public Const OPEN_EXISTING As Long = 3
Public Const OPEN_ALWAYS As Long = 4
Public Const TRUNCATE_EXISTING As Long = 5
Public Const INVALID_HANDLE_VALUE As Long = -1
Public Const FILE_ATTRIBUTE_NORMAL As Long = &H80
Public Const FILE_BEGIN As Long = 0
Public Const FILE_END As Long = 2
Public Type SECURITY_ATTRIBUTES
nLength As Long
lpSecurityDescriptor As Long
bInheritHandle As Long
End Type
Public Enum ImageSignatureTypes
IMAGE_DOS_SIGNATURE = &H5A4D ' MZ
IMAGE_OS2_SIGNATURE = &H454E ' NE
IMAGE_OS2_SIGNATURE_LE = &H454C ' LE
IMAGE_VXD_SIGNATURE = &H454C ' LE
IMAGE_NT_SIGNATURE = &H4550 ' PE00
End Enum
Public Type IMAGE_DOS_HEADER
e_magic As Integer ' Magic number
e_cblp As Integer ' Bytes on last page of file
e_cp As Integer ' Pages in file
e_crlc As Integer ' Relocations
e_cparhdr As Integer ' Size of header in paragraphs
e_minalloc As Integer ' Minimum extra paragraphs needed
e_maxalloc As Integer ' Maximum extra paragraphs needed
e_ss As Integer ' Initial (relative) SS value
e_sp As Integer ' Initial SP value
e_csum As Integer ' Checksum
e_ip As Integer ' Initial IP value
e_cs As Integer ' Initial (relative) CS value
e_lfarlc As Integer ' File address of relocation table
e_ovno As Integer ' Overlay number
e_res(0 To 3) As Integer ' Reserved words
e_oemid As Integer ' OEM identifier (for e_oeminfo)
e_oeminfo As Integer ' OEM information; e_oemid specific
e_res2(0 To 9) As Integer ' Reserved words
e_lfanew As Long ' File address of new exe header
End Type
Public Type IMAGE_FILE_Header
Machine As Integer
NumberOfSections As Integer
TimeDateStamp As Long
PointerToSymbolTable As Long
NumberOfSymbols As Long
SizeOfOptionalHeader As Integer
Characteristics As Integer
End Type
Public Type IMAGE_DATA_DIRECTORY
VirtualAddress As Long
Size As Long
End Type
Public Type IMAGE_OPTIONAL_HEADER
'
' Standard fields.
'
Magic As Integer
MajorLinkerVersion As Byte
MinorLinkerVersion As Byte
SizeOfCode As Long
SizeOfInitializedData As Long
SizeOfUninitializedData As Long
AddressOfEntryPoint As Long
BaseOfCode As Long
BaseOfData As Long
'
' NT additional fields.
'
ImageBase As Long
SectionAlignment As Long
FileAlignment As Long
MajorOperatingSystemVersion As Integer
MinorOperatingSystemVersion As Integer
MajorImageVersion As Integer
MinorImageVersion As Integer
MajorSubsystemVersion As Integer
MinorSubsystemVersion As Integer
Win32VersionValue As Long
SizeOfImage As Long
SizeOfHeaders As Long
Checksum As Long
Subsystem As Integer
DllCharacteristics As Integer
SizeOfStackReserve As Long
SizeOfStackCommit As Long
SizeOfHeapReserve As Long
SizeOfHeapCommit As Long
LoaderFlags As Long
NumberOfRvaAndSizes As Long
DataDirectory(0 To 15) As IMAGE_DATA_DIRECTORY
End Type
Public Type IMAGE_NT_HEADERS
Signature As Long
FileHeader As IMAGE_FILE_Header
OptionalHeader As IMAGE_OPTIONAL_HEADER
End Type
Public Type VERSION_NUMBER
MajorImageVersion As Integer
MinorImageVersion As Integer
End Type
Public Type IMAGE_SECTION_HEADER
SectionName(7) As Byte
VirtualSize As Long
VirtualAddress As Long
SizeOfRawData As Long
PointerToRawData As Long
PointerToRelocations As Long
PointerToLinenumbers As Long
NumberOfRelocations As Integer
NumberOfLinenumbers As Integer
Characteristics As Long
End Type
Type IMAGE_RESOURCE_DIR
Characteristics As Long
TimeStamp As Long
MajorVersion As Integer
MinorVersion As Integer
NamedEntries As Integer
IDEntries As Integer
End Type
Type RESOURCE_DIR_ENTRY
Name As Long
Offset As Long
End Type
Type RESOURCE_DATA_ENTRY
Offset As Long
Size As Long
CodePage As Long
Reserved As Long
End Type
Public Type IconDescriptor
ID As Long
Offset As Long
Size As Long
End Type
'
'Public Type IMAGE_NT_HEADERS
' Signature As Long
' FileHeader As IMAGE_FILE_HEADER
' OptionalHeader As IMAGE_OPTIONAL_HEADER
'End Type
'
'Public Type LIST_ENTRY
' Flk As Long
' Blk As Long
'End Type
'Public Type LOADED_IMAGE
' ModuleName As String
' hFile As Long
' MappedAddress As Long
' FileHeader As Long
' LastRvaSection As Long
' NumberOfSections As Long
' Sections As Long
' Characteristics As Long
' fSystemImage As Byte
' fDOSImage As Byte
' Lks As LIST_ENTRY
' SizeOfImage As Long
'End Type
Declare Function CreateFile Lib "kernel32" Alias "CreateFileA" ( _
ByVal lpFileName As String, _
ByVal dwDesiredAccess As Long, _
ByVal dwShareMode As Long, _
lpSecurityAttributes As SECURITY_ATTRIBUTES, _
ByVal dwCreationDisposition As Long, _
ByVal dwFlagsAndAttributes As Long, _
ByVal hTemplateFile As Long _
) As Long
Declare Function CloseHandle Lib "kernel32" ( _
ByVal hObject As Long _
) As Long
Declare Function ReadFile Lib "kernel32" ( _
ByVal hFile As Long, lpBuffer As Byte, _
ByVal dwNumberOfBytesToRead As Long, _
lpNumberOfBytesRead As Long, _
ByVal lpOverlapped As Long _
) As Long
Declare Function ReadFileLng Lib "kernel32" Alias "ReadFile" ( _
ByVal hFile As Long, lpAddress As Long, _
ByVal dwNumberOfBytesToRead As Long, _
lpNumberOfBytesRead As Long, _
ByVal lpOverlapped As Long _
) As Long
Declare Function WriteFile Lib "kernel32" ( _
ByVal hFile As Long, _
lpBuffer As Byte, _
ByVal dwNumberOfBytesToWrite As Long, _
lpNumberOfBytesWritten As Long, _
ByVal lpOverlapped As Long _
) As Long
Declare Function WriteFileLng Lib "kernel32" Alias "WriteFile" ( _
ByVal hFile As Long, _
lpAddress As Long, _
ByVal dwNumberOfBytesToWrite As Long, _
lpNumberOfBytesWritten As Long, _
ByVal lpOverlapped As Long _
) As Long
Declare Function SetFilePointer Lib "kernel32" ( _
ByVal hFile As Long, _
ByVal lDistanceToMove As Long, _
ByVal lpDistanceToMoveHigh As Long, _
ByVal dwMoveMethod As Long _
) As Long
Function isPE(strFilePath As String) As Boolean
On Error GoTo ErrHandle
Dim lngRet As Long
Dim hFile As Long
Dim lngBytesRead As Long
Dim lngPE_Header_OffSet As Long
Dim SAttributes As SECURITY_ATTRIBUTES
Dim my_IMAGE_DOS_HEADER As IMAGE_DOS_HEADER
Dim my_IMAGE_NT_HEADERS As IMAGE_NT_HEADERS
lngRet = CreateFile(strFilePath, _
GENERIC_READ Or GENERIC_WRITE, _
FILE_SHARE_READ Or FILE_SHARE_WRITE, _
SAttributes, _
OPEN_EXISTING, _
FILE_ATTRIBUTE_NORMAL, _
0)
If lngRet = INVALID_HANDLE_VALUE Then
isPE = False
Exit Function
End If
hFile = lngRet
SetFilePointer hFile, 0, 0, FILE_BEGIN
'从文件开始查看是否有 "MZ" 标志
ReadFileLng hFile, ByVal VarPtr(my_IMAGE_DOS_HEADER), 4, lngBytesRead, 0 '读取 ' Magic number
If my_IMAGE_DOS_HEADER.e_magic = IMAGE_DOS_SIGNATURE Then
SetFilePointer hFile, &H3C, 0, FILE_BEGIN
'&H3C = Offset to PE signature
ReadFileLng hFile, ByVal VarPtr(lngPE_Header_OffSet), 4, lngBytesRead, 0 '读取 e_lfanew字段
'读取PE signature 判断是否为正确的PE文件
SetFilePointer hFile, lngPE_Header_OffSet, 0, FILE_BEGIN
ReadFileLng hFile, ByVal VarPtr(my_IMAGE_NT_HEADERS), 4, lngBytesRead, 0
If my_IMAGE_NT_HEADERS.Signature = IMAGE_NT_SIGNATURE Then
isPE = True
Else
isPE = False
End If
Else
isPE = False
End If
CloseHandle hFile
Exit Function
ErrHandle:
isPE = False
CloseHandle hFile
End Function
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -