原來的程序一遇到0字節的文件就會掛掉，在這里我添加了SEH錯誤處理代碼，完美解決了掛掉的問題！

?

.386
.model?flat,?stdcall
option?casemap?:none?
include????windows.inc
include????user32.inc
includelib??user32.lib
include????kernel32.inc
includelib??kernel32.lib

.data?
hFile????dd???
hMapFile??dd???
lpFile??dd???

.const
szErr????db??"不是有效的32位程序！",0
szOK????db??"是可執行文件！",0
szNO????db??"打開文件失敗！",0
szName??db??"d: .exe",0
Copyright??db??"?www.xbin.cn?",0

.code
_SEH??proc??_lpExceptionRecord,_lpSEH,_lpContext,_lpDispatcherContext
????pushad
????mov??esi,_lpExceptionRecord
????mov??edi,_lpContext
????assume??esi:ptr?EXCEPTION_RECORD,edi:ptr?CONTEXT
????mov??eax,_lpSEH
????push??[eax?+?0ch]
????pop??[edi].regEbp
????push??[eax?+?8]
????pop??[edi].regEip
????push??eax
????pop??[edi].regEsp
????assume??esi:nothing,edi:nothing
????popad
????mov??eax,ExceptionContinueExecution
????ret
_SEH??endp

Start:
;設置SEH
assume??fs:nothing
push??offset?_ErrFormat
push??offset?_SEH
push??fs:[0]
mov??fs:[0],esp
;打開文件
invoke?CreateFile,offset?szName,GENERIC_READ,NULL,NULL,OPEN_EXISTING,FILE_ATTRIBUTE_NORMAL,NULL
.if?eax?==?INVALID_HANDLE_VALUE
??invoke?MessageBox,NULL,offset?szNO,NULL,MB_OK
??JMP?_END
.endif
mov?hFile,eax
;建立映射文件
invoke?CreateFileMapping,hFile,NULL,PAGE_READONLY,0,0,NULL
mov?hMapFile,eax
invoke?MapViewOfFile,hMapFile,FILE_MAP_READ,0,0,0
mov?lpFile,eax
;把映射文件的首地址給ESI
mov?esi,eax
assume?esi:ptr?IMAGE_DOS_HEADER
;判斷MZ標志
mov?di,[esi].e_magic
mov?bx,5a4dh
.if?di?!=?bx
??invoke?MessageBox,NULL,offset?szErr,NULL,MB_OK
??JMP?_END
.endif
;判斷PE標志
add?esi,[esi].e_lfanew
assume?esi:ptr?IMAGE_NT_HEADERS
mov?edi,[esi].Signature
.if?edi?!=?00004550h
??invoke?MessageBox,NULL,offset?szErr,NULL,MB_OK
??JMP?_END
.endif

invoke?MessageBox,NULL,offset?szOK,NULL,MB_OK
assume?esi:nothing
JMP?_END
_ErrFormat:
invoke?MessageBox,NULL,offset?szErr,NULL,MB_OK
pop??fs:[0]
add??esp,0ch
_END:
invoke?UnmapViewOfFile,lpFile
invoke?CloseHandle,hMapFile
invoke?CloseHandle,hFile
invoke?ExitProcess,0
end?Start

?

總結

以上是生活随笔為你收集整理的判断是否为PE文件改进版的全部內容，希望文章能夠幫你解決所遇到的問題。

如果覺得生活随笔網站內容還不錯，歡迎將生活随笔推薦給好友。