对于EXE
Here is same question for manged exe.
对于DLL(和EXE)
使用ImageNtHeader(…)获取文件的PE数据,然后检查IMAGE_FILE_HEADER.Machine字段.
Here is some code我发现使用谷歌代码搜索
没有清理并且没有错误检查
- // map the file to our address space
- // first,create a file mapping object
- hMap = CreateFileMapping(
- hFile,NULL,// security attrs
- PAGE_READONLY,// protection flags
- 0,// max size - high DWORD
- 0,// max size - low DWORD
- NULL ); // mapping name - not used
- // next,map the file to our address space
- void* mapAddr = MapViewOfFileEx(
- hMap,// mapping object
- FILE_MAP_READ,// desired access
- 0,// loc to map - hi DWORD
- 0,// loc to map - lo DWORD
- 0,// #bytes to map - 0=all
- NULL ); // suggested map addr
- peHdr = ImageNtHeader( mapAddr );
