java判断是否是exe文件
程序员文章站
2022-07-05 10:18:36
...
public static int myReadFileInt(int off,RandomAccessFile raf){
int ret=0;
try {
for(int i=0;i<4;i++){
raf.seek(off+i);
int tmp = raf.readUnsignedByte()<<(i*8);
ret+=tmp;
}
} catch (IOException e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
return ret;
}
public static int myReadFileShort(int off,RandomAccessFile raf){
int ret=0;
try {
for(int i=0;i<2;i++){
raf.seek(off+i);
int tmp = raf.readUnsignedByte()<<(i*8);
ret+=tmp;
}
} catch (IOException e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
return ret;
}
public static boolean fileIsExe(String fpath){
boolean bret = false;
try {
RandomAccessFile raf = new RandomAccessFile(fpath,"r");
int offDosHeader=0;
int offCommon=0;
int offFileHeader=0;
int offOptHeader=0;
raf.seek(offDosHeader);
byte[] mz = new byte[2];
raf.read(mz, 0, 2);
if((char)mz[0]!='M' && (char)mz[1]!='Z'){
raf.close(); //非PE
return false;
}
offCommon = myReadFileInt(60, raf);
offFileHeader = offCommon+4;
offOptHeader = offCommon+24;
int pe = myReadFileInt(offCommon, raf);
if(pe!=0x00004550){
raf.close(); //非PE
return false;
}
int Characteristics = myReadFileShort(offFileHeader+18, raf);
if((Characteristics & 0x0002)==0){
raf.close(); //非PE
return false;
}
int Machine = myReadFileShort(offFileHeader, raf);
if(Machine!=0x14c){
raf.close(); //64位
return false;
}
int Subsystem = myReadFileShort(offOptHeader+68, raf);
if(Subsystem==1){
raf.close(); //sys文件
return false;
}
int MajorSubsystemVersion = myReadFileShort(offOptHeader+48, raf);
int MinorSubsystemVersion = myReadFileShort(offOptHeader+50, raf);
if(MajorSubsystemVersion > 5 || (MajorSubsystemVersion == 5 && MinorSubsystemVersion > 1)){
raf.close(); //子系统版本过高
return false;
}
if(Subsystem==2 || Subsystem == 3){
if((Characteristics&0x2000)>1){
raf.close(); //dll
return false;
} else {
//exe
bret = true;
}
}
raf.close();
} catch (Exception e) {
// TODO Auto-generated catch block
e.printStackTrace();
return false;
}
return bret;
}
public static int bytestoint(byte[] b,int off,int cnt){
int ret=0;
for(int i=0;i<cnt;i++){
ret += (b[off+i]&0xff)<<(i*8);
}
return ret;
}
public static boolean fileIsExe(InputStream ism){
try {
byte[] dosheader = new byte[64];
ism.read(dosheader,0,64);
if(bytestoint(dosheader,0,2) != 0x5a4d){
return false; //不是MZ头
}
int offcomheader = bytestoint(dosheader,60,4);
byte[] tmp = new byte[offcomheader-64+24+70];
ism.read(tmp,0,offcomheader-64+24+70);
offcomheader = offcomheader-64;
int offfileheader = offcomheader+4;
int offoptheader = offcomheader+24;
if(bytestoint(tmp,offcomheader,4) != 0x00004550){
return false; //签名不是PE
}
int Characteristics = bytestoint(tmp,offfileheader+18,2);
if((Characteristics&0x0002)==0){
return false; //非PE
}
if(bytestoint(tmp,offfileheader,2) != 0x014C){
return false; //64位
}
int Subsystem = bytestoint(tmp,offoptheader+68,2);
if(Subsystem == 1){
return false; //sys驱动
}
int MajorSubsystemVersion = bytestoint(tmp,offoptheader+48,2);
int MinorSubsystemVersion = bytestoint(tmp,offoptheader+50,2);
if(MajorSubsystemVersion > 5 || (MajorSubsystemVersion == 5 && MinorSubsystemVersion > 1)){
//子系统版本过高
return false;
}
if(Subsystem==2 || Subsystem == 3){
if((Characteristics&0x2000)>1){
//是dll
return false;
} else {
//exe
return true;
}
}
} catch (IOException e) {
log.error("fileIsExe is error :"+e.getMessage());
}
return false;
}