判断应用程序是控制台程序还是窗体程序
pe结构参考:
public static uint16 is64bit(string pfilepath, out uint16 subsystem)
{
ushort architecture = 0;
subsystem = 0;
try
{
using (system.io.filestream fstream = new system.io.filestream(pfilepath, system.io.filemode.open, system.io.fileaccess.read))
{
using (system.io.binaryreader breader = new system.io.binaryreader(fstream))
{
if (breader.readuint16() == 23117) //check the mz signature
{
fstream.seek(0x3a, system.io.seekorigin.current); //seek to e_lfanew.
fstream.seek(breader.readuint32(), system.io.seekorigin.begin); //seek to the start of the nt header.
if (breader.readuint32() == 17744) //check the pe\0\0 signature.
{
fstream.seek(20, system.io.seekorigin.current); //seek past the file header,
architecture = breader.readuint16(); //read the magic number of the optional header.
fstream.seek(0x42, system.io.seekorigin.current); //0x44h
subsystem = breader.readuint16();
}
}
}
}
}
catch (exception) { /* todo: any exception handling you want to do, personally i just take 0 as a sign of failure */}
//if architecture returns 0, there has been an error.
return architecture;
}
@@#
machinetype = x64 == 0x10b ? "32" : (x64 == 0x20b ? "64" : ""),
subsystem = subsystem == 2 ? "gui" : (subsystem == 3 ? "cui" : ""),
@@#
处理结果
另可使用dumpbin查看exe或dll的头信息