Tell if a file is a EXE in disguise
Posted on 2004-04-15
Lets say a naughty user was keeping a unlicensed copy of winzip on his machine and whenever he doesn't use it he renames it from winzip.exe to db1.mdb, and then renames it to winzip.exe again whenever he wants to use it.
Is there any (fast) way of opening db1.mdb with CreateFile and looking at some of the bytes inside to tell if the file is really an EXE ?
Bear in mind that I would also like to inspect EXE's that don't carry versioninfo structures, if poss.