Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

How to detect that a given PE file (exe or dll) is 64 bit or 32 bit

I need to detect whether a given .dll or .exe file is 32 bit or 64 bit

At the moment I have only one solution: read the PE Header from the specified file and take the 'Machine' field from there.

( Specification: Microsoft Portable Executable and Common Object File Format Specification (.docx file) at section "3.3. COFF File Header (Object and Image)" )

This field can take up to about 20 values. Three of them are:

IMAGE_FILE_MACHINE_I386  ( == 32bit )

IMAGE_FILE_MACHINE_IA64  ( == 64bit )

IMAGE_FILE_MACHINE_AMD64 ( == 64bit )

My questions:

1) Is 'Machine' to bitness mapping correct or did I miss something? Are there any other caveats?

2) Is there easier way to detect 32/64 bitness (probably some specific field in PE format I didn't notice or some special system function)?

like image 619
inazaruk Avatar asked Jul 20 '09 11:07

inazaruk


2 Answers

GetBinaryType(...) returns SCS_32BIT_BINARY for a 32-bit Windows-based application and SCS_64BIT_BINARY for a 64-bit Windows-based application.

like image 87
Draemon Avatar answered Oct 22 '22 06:10

Draemon


Check this: http://msdn.microsoft.com/en-us/library/windows/desktop/ms680339%28v=vs.85%29.aspx Look for "Magic" member - you can find out whether PE header is 32 bit(PE32) or 64 bit(PE32+).

like image 25
Samuel Avatar answered Oct 22 '22 04:10

Samuel