tags:

views:

123

answers:

1
+2  Q: 

Is Valid IMAGE_DOS_SIGNATURE

I want to check a file has a valid IMAGE_DOS_SIGNATURE (MZ)

function isMZ(FileName : String) : boolean;
var
 Signature: Word;
 fexe: TFileStream;
begin
result:=false;
try
  fexe := TFileStream.Create(FileName, fmOpenRead or fmShareDenyNone);
  fexe.ReadBuffer(Signature, SizeOf(Signature));
  if Signature = $5A4D { 'MZ' } then
  result:=true;
finally
fexe.free;
end;
end;

I know I can use some code in Windows unit to check the IMAGE_DOS_SIGNATURE. The problem is I want the fastest way to check IMAGE_DOS_SIGNATURE (for a big file). I need your some suggestion about my code or maybe a new code?

Thanks

+4  A: 

The size of the file doesn't matter because your code only reads the first two bytes.

Any overhead from allocating and using a TFileStream, which goes through SysUtils.FileRead before reaching Win32 ReadFile, ought to be all but invisible noise compared to the cost of seeking in the only situation where it should matter, where you're scanning through hundreds of executables.

There might possibly be some benefit in tweaking Windows' caching by using the raw WinAPI, but I would expect it to be very marginal.

Barry Kelly  2010-04-21 05:19:12
Yes I want to scan through hundreds of executables, so I am looking for the fast code.Ok, you're right the value of SizeOf(Signature) is 2. Can you explain me why the value is 2, because the value of Signature has not been declared?
 2010-04-21 07:09:13
`SizeOf(Signature)` is 2 because Signature has been declared as `word` and the size of a `word` is 16 bits, ie 2 bytes.
MikeJ-UK  2010-04-21 07:59:55
Thanks. last question, if the file size of FileName is zero, I got "stream read error". I can handle this problem by using try except. Is there any internal method to know fexe will cause error?
 2010-04-21 08:45:09
Before calling `fexe.ReadBuffer` check that `fexe.Size > 2` or better, greater than the minimum valid size for a Windows PE format file (I don't know what that is off-hand).
MikeJ-UK  2010-04-21 10:45:42
Instead of calling ReadBuffer, call Read and check the return value; it will tell you how many bytes it read. If it doesn't return 2, then the file doesn't have a valid signature.
Rob Kennedy  2010-04-21 11:42:18

related questions

How do you implement Levenshtein distance in Delphi?
Reintroducing functions in Delphi
Does Delphi call inherited on overridden procedures if there is no explicit call
HelpInsight documentation in Delphi 2007
Is it possible to deploy a native Delphi application with ClickOnce
In Delphi 7, why can I assign a value to a const?
Best way to sort an array in delphi
What's the best Delphi book for a newbie?
Visual Studio equivalent to Delphi bookmarks
What's the idiomatic way to do async socket programming in Delphi?
64bit Memory allocation
Documenting Delphi
How to implement Type-safe COM enumerations in Delphi ?
TClientDataSet Aggregates specification aren't added automatically when creating an Aggregate field.
Multiple form Delphi applications and dialogs
Unit testing in Delphi - how are you doing it ?
How to keep track of the references to an object?
Delphi and COM: TLB and maintenance issues
Changing CURRENT save/default directory in Delphi 2007 without using Save-As
What is the best way to make a Delphi Application completely full screen ?
Are there any "mind mapping" components for Delphi? (native VCL preferably)
Delphi resources for existing .NET developer.
What is needed to get Delphi back on top?
Delphi MDI Application and the titlebar of the MDI Children
Can a windows dll retrieve its own filename?