如何检查PE文件（DLL，EXE）是否是COM组件？ [英] How to check whether a PE file (DLL,EXE) is a COM component?

问题描述

我需要写一个stub模块，当给定一个PE（DLL / EXE）作为输入时，它将确定它是一个正常的Win32 DLL / EXE或COM DLL / EXE。

解决方案

/ div>

我怀疑这是一个很难做到100％的准确性。一些想法：

• COM DLL将导出像DllRegisterServer和DllUnregisterServer这样的函数。您可以使用LoadLibrary（）加载Dll，然后使用GetProcAddress（）来检查是否存在这些函数。如果他们在那里，它很可能是一个COM DLL。




• 一个简单的win32 Dll将导出DllMain。你可以使用相同的技术来检查。如果你发现它很可能是它的win32。




• 我不知道一种方法来发现exe是否是COM服务器。使用ATL编写的服务器通常在其资源表中嵌入了一个注册脚本，但是它们不需要。而且你不需要使用ATL来编写COM服务器。使用无注册表com的服务将类似地具有嵌入的清单。您可以扫描注册表（在HKLM / Classes / Software /下），看看exe是否已注册，但可能是exe正在使用无注册表的com或只是尚未注册。

  li>
  

希望有帮助。

I need to write a stub module which, when given a PE (DLL/EXE) as input, will determine whether it is a normal Win32 DLL/EXE or COM DLL/EXE. I need to determine this programatically.

Are there any Windows APIs for this purpose?

解决方案

I suspect that this is something that would be very hard to do with near 100% accuracy. Some thoughts though:

• A COM DLL will export functions like DllRegisterServer and DllUnregisterServer. You could use LoadLibrary() to load the Dll, and then GetProcAddress() to check for the presence of these functions. If they're there then its highly likely that its a COM dll.

• A plain win32 Dll will export DllMain. You could use the same technique to check for that. If you find it then its very likely that its win32.

• I'm not aware of a way to discover if an exe is a COM server. Servers written using ATL often have a registration script embedded in their resource table, but they don't have to. And you don't need to use ATL to write a COM server. Services using "registry-less com" will similarly have an embedded manifest. You could scan the registry (below HKLM/Classes/Software/) to see if the exe is registered, but it may be that the exe is using registry-less com or just hasn't been regisered yet.

Hope that helps.

这篇关于如何检查PE文件（DLL，EXE）是否是COM组件？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！