Check if File is Managed Assembly (Dot Net)

this function determines whether file is managed / unmanaged by reading a special mark contained in the dotnet files

here is the code:


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
function IsDotNet(FName:String):boolean;
var
  f:integer;
  PeHeader: LongWord;
  peMagicNumber: word;
  RVA15Value: LongWord;
  DictionaryOffset: LongWord;
begin
  result := false;
 
  f:= fileOpen(FName, FMOPENREAD);
  if f = -1 then
    exit;
 
    try
      fileseek(F, $3C, 0);
      FileRead(F, peHeader, sizeOf(peHeadeR));
 
      fileSeek(f, peHeader + $18, 0);
      FileRead(F, peMagicNumber, sizeOf(peMagicNumber));
 
      case peMagicNumber of
        $010B: DictionaryOffset := $60//32 bit Image
        $020B: DictionaryOffset := $70//64 bit Image
      else
      begin
        FileClose(F);
        exit;
      end
      end;
 
      //Posisi dari DataDictionary.
      fileSeek(f, peHeader + $18 + DictionaryOffset + $70, 0);
 
      //Read the value.
      FileRead(F, RVA15Value,sizeOf(RVA15Value));
 
      //cek nilai-nya, non zero = true
      result := RVA15Value <> 0;
 
    finally
      FileClose(F);
    end;
end;
This function has one string parameter type.Parameter is filled with the name of the file (fullpath) which will be checked.Function return boolean value, true if file is dotnet/managed otherwise false for unmanaged file.
 example :
1
2
3
4
5
6
if od.Execute then
begin
 if IsDotNet{Assembly}(Od.FileName) then
   ShowMessage(od.FileName+#13#10+' is DOT NET')
 else
   ShowMessage(od.FileName+#13#10+' is unManaged DLL')
OD = OpenDialog

Post a Comment