源码：小工具PECheck

下午用PD重写了个检测PE有效性的东西，用PD真的写到我整个人都思密达了……我也比较欣赏PB组改变微软大叔原有语法的风格……融为一个标准的C+VB+DELPHI的大杂烩……下为源代码……因为我觉得要对得起meta标签里面“源码”二字……据说除了上一个IFEO枚举的小东西就没放过源码了……虽然对高手来说源码没太大意义……但是如果你也在学PD……倒可以参考下……PD的控件操作太TM变态了……

Dim WFD As WIN32_FIND_DATA
Dim fHandle As Dword
Dim fFindFile As Long
Dim Path As String
Dim BDet As String
Dim FileData() As Byte
Dim IsPE As Long
Dim fWord As Long, e_lfanew As Dword, tempSign As Dword, fileCount As Long
Dim tsPTR As Integer Ptr, NumberOfSections As Long, SizeOfOptionalHeader As Long
Dim chkI As Long, chkII As Long, RNFiles() As String, fCount As Long
Dim Result As String 
'--------------------------------------
Control Get Check nCbHndl,%ID_FORM1_CHKI To chkI
Control Get Check nCbHndl,%ID_FORM1_CHKII To chkII
Path=VD_GetText(nCbHndl,%ID_FORM1_TXTFOLDER) 
'--------------------------------------
If Right$(Path,1)<>"\" Then Path=Path & "\"
fHandle=FindFirstFile(Path & "*.*",WFD)
If (fHandle<>-1)  Then       '-1=Invalid handle
  Do
    fFindFile=FindNextFile(fHandle,WFD)
    If ((GetFileAttributes(path & wfd.cFileName) And &H10)=0 And fFindFile<>0 )Then
          '&H10=>FILE_ATTRIBUTE_DIRECTORY
            Open Path & WFD.cfilename For Binary As #1  
               ReDim FileData(0 To Lof(1))
               Get #1, , FileData()
                CopyMemory VarPtr(fWord), VarPtr(FileData(0)), 2
                 If fWord<>&H5A4D Then
                    IsPe=0    'MZ Header
                  Else
                    CopyMemory VarPtr(e_lfanew),VarPtr(FileData(&H3C)),4 'e_lfanew
                    tsPTR=VarPtr(tempSign)
                    CopyMemory tsPTR,VarPtr(FileData(e_lfanew)),4
                    If tempSign<>&H4550 Then
                      IsPe=0
                    Else
                      @tsPTR=0
                      CopyMemory tsPTR,VarPtr(FileData(e_lfanew+4)),2  
                      If tempSign<>&H14C Then
                        IsPe=0
                       Else
                        @tsPTR=0
                        CopyMemory VarPtr(NumberOfSections),VarPtr(FileData(e_lfanew+6)),2
                       
                        If NumberOfSections<=0 Or NumberOfSections>=&H100 Then
                          IsPe=0
                         Else
                          CopyMemory tsPTR,VarPtr(FileData(e_lfanew+&H18)),2
                           If tempSign<>&H10B Then IsPe=0 Else IsPe=1
                        End If
                      End If
                    End If
                  End If
          Close #1
        
       If IsPE Then
         Result=Result & WFD.cfilename & " : PE File : "
         If chkI = 1 Then
         fCount+=1
          ReDim Preserve RNFiles(1 To fCount) As String
           RNFiles(fCount) = WFD.cfilename
         Else
          Result=Result & "No Action"
         End If  
       Else
         Result=Result & WFD.cfilename & " : Invalid-PE File : "
         If chkII = 1 Then
          Result=Result & "Deleted"
          tempSign=DeleteFile(Path & WFD.cfilename)
          If tempSign=0 Then Result=Result & "(Failed)" Else Result=Result & "(Succeed)"
         Else
          Result=Result & "No Action"
         End If
       End If
       Result=Result & $CrLf
    End If 
    fileCount+=1
    If fileCount Mod 8 = 0 Then VD_Text(nCbHndl,%ID_FORM1_TXTRESULT,Result)
    Dialog DoEvents 0
  Loop Until (fFindFile=0) 
  If chkI = 1 Then
   For fCount = 1 To UBound(RNFiles)    
     tempSign=MoveFile(Path & RNFiles(fCount),Path & "VD_" & RNFiles(fCount))
     If tempSign=0 Then
       Replace RNFiles(fCount) & " : PE File : " With RNFiles(fCount) & _
                               " : PE File : Renaming(Failed)" In Result$
      Else
       Replace RNFiles(fCount) & " : PE File : " With RNFiles(fCount) & _
                               " : PE File : Renaming(Succeed)" In Result$
     End If
    Next fCount
  End If
  fFindFile=FindClose(fHandle)
  VD_Text(nCbHndl,%ID_FORM1_TXTRESULT,Result)
End If