Php checks whether the exe file is normal. Php determines whether the exe file is normal? Phpincludeexeinfo.php?#penewpe_viewer(cmd.exe); $ pe-out ();? Usually the virus is shelled, and the node name of the program after shelling is no longer common. t php to determine whether the exe file is normal
Include "ExeInfo. php ";
$ Pe = new PE_VIEWER ('cmd.exe ');
$ Pe-> out ();
?>
Normally, the virus is shelled. the node names of programs after shelling are no longer common. text,. data,. rdata,. rsrc, etc., but the node names that contain characters such as UPX and Aspack;
2. Generally, the entry point of a program is 10000, and most of them are a little more than 1000. if the value of the program entry point is too large, it is doubtful;
3. analyze the import table. Generally, the virus KERNEL32.DLL import table only has a few functions, such as LoadLibrary and GetProcAddress.
Of course, the above judgment is not accurate. some hacker programs and programs that require confidentiality will also be shelled.
This script can obtain the basic information of the exe file and output it in xml format. Currently, table information is not included. You can view the output information to determine whether the exe file is normal.
Http://www.bkjia.com/PHPjc/629749.htmlwww.bkjia.comtruehttp://www.bkjia.com/PHPjc/629749.htmlTechArticlephp to determine whether the exe file is normal? Php include ExeInfo. php; $ pe = new PE_VIEWER ('cmd.exe '); $ pe-out ();? Usually the virus is shelled, and the node name of the program after shelling is no longer common. t...