//打开文件 OPENFILENAME ofn; ZeroMemory(&ofn, sizeof(OPENFILENAME)); ofn.hwndOwner = hWnd; ofn.lStructSize = sizeof(ofn); ofn.lpstrFilter = "Executable Files (*.exe, *.dll)\0*.exe;*.dll\0All Files\0*.*\0\0"; ofn.lpstrFile = buffer; ofn.nMaxFile = MAX_FILE_LENGTH; ofn.Flags = OFN_FILEMUSTEXIST | OFN_PATHMUSTEXIST | OFN_LONGNAMES | OFN_EXPLORER | OFN_HIDEREADONLY ; GetOpenFileName(&ofn); HANDLE hFile = CreateFile(buffer, GENERIC_READ, FILE_SHARE_READ, NULL, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, NULL); //获得文件的内存映射句柄 HANDLE hMapping = CreateFileMapping(hFile, NULL, PAGE_READONLY, 0, 0, 0); //获得内存映射文件在进程内存中映射的地址 LPVOID pMapping = MapViewOfFile(hMapping,FILE_MAP_READ,0,0,0 ); BOOL bValidPE = FALSE; //PE文件以IMAGE_DOS_HEADER结构开头 PIMAGE_DOS_HEADER pDOSHeader = (PIMAGE_DOS_HEADER)pMapping; //PE文件必须以IMAGE_DOS_SIGNATURE开头 if(pDOSHeader->e_magic == IMAGE_DOS_SIGNATURE ) { //获得文件的PE Header结构 PIMAGE_NT_HEADERS pNTHeaders= (PIMAGE_NT_HEADERS)((LONG)pMapping+pDOSHeader->e_lfanew); //PE文件的PE Header结构的Signature必须等于IMAGE_NT_SIGNATURE if(pNTHeaders->Signature == IMAGE_NT_SIGNATURE) { bValidPE = TRUE; } }