-
Notifications
You must be signed in to change notification settings - Fork 5
Home
Lloyd Kinsella edited this page Jun 30, 2016
·
2 revisions
To begin add a using reference to Workshell.PE library. You then get an instance of ExecutableImage either from a file or a Stream.
For example:
ExecutableImage image = ExecutableImage.FromFile(@"C:\Windows\System32\kernel32.dll");
You can perform a basic verification of a Portable Executable using IsValid(), for example:
var valid = Executable.IsValid(@"C:\Windows\explorer.exe");
This attempts to read in the executable and returns false if for any reason it cannot. It reads in the core headers and iterates over the sections.
In future we may also add checksum and certificate/signed checks.