hFile=CreateFile(filename,GENERIC_READ,FILE_SHARE_READ,0,OPEN_EXISTING,FILE_ATTRIBUTE_NORMA,0); //open a file
if(hFile!=INVALID_HANDLE_VALUE)
{
hMap=CreateFileMapping(hFile,0,PAGE_READONLY,0,0,0);
if(hMap)
{

pMap=MapViewOfFile(hMap,FILE_MAP_READ,0,0,0);

;below i want examine is or not a pe file


IMAGE_DOS_HEADER pMap; //in the asm we can do this assume edi:ptr IMAGE_DOS_HEADER.but i don't know what do this in the vc


if(pMap.e_magic == IMAGE_DOS_SIGNATURE)
{
; pass test above declare the IMAGE_DOS_HEADER is not right
}
else
MessageBox("not PE file ");


}
}
else
MessageBox("not pe file");
}


my question is hot to use similar assume edi:ptr IMAGE_DOS_HEADER

thanks a lot
Posted on 2003-04-28 14:20:53 by fipl
From Iczelion's PE tutorial "Detecting a Valid PE File":




.
.
.
mov edi, pMapping
assume edi:ptr IMAGE_DOS_HEADER
.if [edi].e_magic==IMAGE_DOS_SIGNATURE
add edi, [edi].e_lfanew
assume edi:ptr IMAGE_NT_HEADERS
.if [edi].Signature==IMAGE_NT_SIGNATURE
mov ValidPE, TRUE
.else
mov ValidPE, FALSE
.endif
.else
mov ValidPE,FALSE
.endif



http://spiff.tripnet.se/~iczelion/pe-tut2.html
Posted on 2003-04-29 02:19:46 by Vortex
i want describe it in vc..
Thank a lot..
Posted on 2003-04-29 03:32:27 by fipl
IMAGE_DOS_HEADER *dos_head = pMap;
if (dos_head->e_magic != IMAGE_DOS_SIGNATURE)
{
MessageBox(0,0,"not PE file ",0);
return;
}
header = (const void *)((char *)dos_head + dos_head->e_lfanew);
if (header->signature != IMAGE_NT_SIGNATURE)
{
MessageBox(0,0,"not PE file ",0);
return;
}


Of course using asm is much easier as I don't really like playing with typecasting.
Posted on 2003-04-29 07:13:57 by roticv

i want describe it in vc..
Thank a lot..


Please dont post in "Main" then, as its ment for assembler only.

Thread moved.
Posted on 2003-04-29 09:47:33 by bazik