The judgment file is an executable actually called the API function getBinaryType to complete. But I don't want to use this method, because there is still other methods to judge, although this is more trouble, it is not necessarily special, but I think this can make us understand the file. Ok, Let's Go!
In the Windows operating system, the 25th byte of the executable file is 0x40, so the program can be written to read the contents of the 25th byte of the file to determine if the file is an executable file. The program I have written here is written in C language. The 25th byte of the file I can complete the read operation with the FSeek () function in the buffer I / O system, which can set the file location, the call method is: int FSeek (file * fp, long int Num_bytes, int origin; where FP is a file pointer returned when calling fopen (), Num_bytes is a long-intensive amount, indicating the number of bytes from the origin position to the current location. Specific related operations are explained in the code. code show as below:
#include
Main (int Argv, char * argc [])
{
File * fp;
Char C;
/ * Judgment whether the file name to be judged * /
IF (argv! = 2)
{
Printf ("USAGE:% s FileName / N", Argc [0]);
Exit (1);
}
/ * Determine if the file can be opened correctly * /
IF ((fp = fopen (AGRC [1], "RB")) == NULL)
{
Printf ("can not file open / n");
Exit (1);
}
FSeek (FP, 24L, 1, Seek_set);
The first byte of the C language starts from 0, so the 25th byte should be 24, and the Laudes after 24 are long plastic, this is very important * /
/ * Seet_set is a macro name, seek_set's integer amount is 0, meaning the beginning of the file as a starting point * /
Fread (& C, 1, 1, FP);
/ * FREAD () function reads the current 1 character (ie, the 25-byte character) reads the C variable * /
IF (c == 0x40)
Printf ("% s is exefile", argv [1]);
Else
Printf ("% s not exefile", argv [1]);
Fclose (fp);
}
Ok, the code is like this, compiling under Turbo C 2.0 is no problem. But after I test, I found a problem. I tested itself with this file and found that it is an unhappy file, fell! I tested other EXE files compiled with Turbo C 2.0, and I also prompted not to execute files. I added a statement behind Else, which is Printf ("% c", c); so I know, the 25th byte of the EXE file compiled with Turbo C 2.0 is 0x22. However, I feel that I need to test it, I found an Exe file of the console compiled with VC, OK! Tip is an executable file. Try 98 DOS command under the / windows / command / directory to see, prompts their 25th byte to 0x1e, try ping and netstat 32-bit network commands, prompting them to be executable. In this way, I changed the final judgment of the last line. code show as below:
IF (c == 0x40) Printf ("% s IS 32bit EXEFILE / N", argv [1]); ELSE IF (C == 0x22 || C == 0x1e) Printf ("% S IS 16bit EXEFILE / N" , argv [1]); Else Printf ("% s not exefile / n", argv [1]); this seems perfect. I am fool, please give me the past master!
