I'm messing around with some rather low level things and trying to determine why I get different outputs with the CorFlags.exe utility. For reference, the outputs are as so:
$ corflags test2.exe Microsoft (R) .NET Framework CorFlags Conversion Tool. Version 4.0.30319.17929 Copyright (c) Microsoft Corporation. All rights reserved. Version : v4.0.30319 CLR Header: 2.5 PE : PE32 CorFlags : 0x1 ILONLY : 1 32BITREQ : 0 32BITPREF : 0 Signed : 0 $ corflags test.exe Microsoft (R) .NET Framework CorFlags Conversion Tool. Version 4.0.30319.17929 Copyright (c) Microsoft Corporation. All rights reserved. Version : v4.0.30319 CLR Header: 2.5 PE : PE32 CorFlags : 0x20003 ILONLY : 1 32BITREQ : 0 32BITPREF : 1 Signed : 0
I'm trying to figure out what the other bits in the CorFlags value mean that aren't exposed in the CorFlags utility. Where is a reference for this?
You are actually seeing a blend of info from the PE32 header (PE field) and the header of the manifest embedded in the assembly (the rest). This is all described in the Windows SDK, you'll need version 8 to get the new 32BITPREF flag. Use C:\Program Files (x86)\Windows Kits\8.0\Include\um\CorHdr.h, lots of comments in this file that describe the declarations.
I'll copy the section that describes the IMAGE_COR20_HEADER.Flags values:
COMIMAGE_FLAGS_ILONLY =0x00000001,
COMIMAGE_FLAGS_32BITREQUIRED =0x00000002,
COMIMAGE_FLAGS_IL_LIBRARY =0x00000004,
COMIMAGE_FLAGS_STRONGNAMESIGNED =0x00000008,
COMIMAGE_FLAGS_NATIVE_ENTRYPOINT =0x00000010,
COMIMAGE_FLAGS_TRACKDEBUGDATA =0x00010000,
COMIMAGE_FLAGS_32BITPREFERRED =0x00020000,
So a displayed value of 0x20003 breaks down into 32BITPREFERRED (0x20000) plus 32BITREQUIRED (0x00002) plus ILONLY (0x00001)
The flags interpretation:
Any CPU: PE = PE32 and 32BIT = 0
x86: PE = PE32 and 32BIT = 1
64-bit: PE = PE32+ and 32BIT = 0
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With