如何检测一个给定的PE文件(EXE或DLL)是64位或32位 [英] How to detect that a given PE file (exe or dll) is 64 bit or 32 bit
问题描述
我需要检测特定的.dll或.exe文件是32位或64位
I need to detect whether a given .dll or .exe file is 32 bit or 64 bit
目前,我只有一个解决办法:从指定的文件中读取的PE头,并从那里乘机领域
At the moment I have only one solution: read the PE Header from the specified file and take the 'Machine' field from there.
(规格:<一href="http://download.microsoft.com/download/9/c/5/9c5b2167-8017-4bae-9fde-d599bac8184a/pecoff%5Fv8.docx"相对=nofollow> Microsoft可移植可执行文件和通用对象文件格式规范(.docx文件),在部分3.3 COFF文件头(对象和图像))
( Specification: Microsoft Portable Executable and Common Object File Format Specification (.docx file) at section "3.3. COFF File Header (Object and Image)" )
本场可能需要长达约20个值。其中三个是:
This field can take up to about 20 values. Three of them are:
IMAGE_FILE_MACHINE_I386 ( == 32bit )
IMAGE_FILE_MACHINE_IA64 ( == 64bit )
IMAGE_FILE_MACHINE_AMD64 ( == 64bit )
我的问题:
1)是'机',以位元映射正确的还是我错过了什么?是否还有其他注意事项?
1) Is 'Machine' to bitness mapping correct or did I miss something? Are there any other caveats?
2)是否有更简单的方法来检测32/64位元(以PE格式可能是一些特定的领域,我没有注意到或者一些特殊的系统功能)?
2) Is there easier way to detect 32/64 bitness (probably some specific field in PE format I didn't notice or some special system function)?
推荐答案
GetBinaryType (...)返回 SCS_32BIT_BINARY
为32位的基于Windows的应用程序
和 SCS_64BIT_BINARY
为64位的基于Windows的应用程序。
GetBinaryType(...) returns SCS_32BIT_BINARY
for a 32-bit Windows-based application
and SCS_64BIT_BINARY
for a 64-bit Windows-based application.
这篇关于如何检测一个给定的PE文件(EXE或DLL)是64位或32位的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!