检测exe 32/64位 [英] Detecting exe 32/64bit

查看:144
本文介绍了检测exe 32/64位的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

我如何手动[没有任何额外的脚本/程序]看看Windows可执行文件是否为32/64位?



我一直在环顾四周,发现应该怎样一直是我的答案。
在60字节中,据我所知,下面的数字是假设出现的。

I386 0x014c



IA64 0x0200

AMD64 0x8664

$ hr



编辑



跳转到PE偏移量后,我仍然没有看到机器类型。我做了一个Find&没有看到任何匹配[除非由于某种原因而接近底部]。
64 86 06 00不在上面的列表中,所以我不知道我在做什么错。

 记事本.exe(64bit)
 
 4D 5A 90 00 03 00 00 00 04 00 00 00 FF FF 00 00 
 B8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 
 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 
 00 00 00 00 00 00 00 00 00 00 E8 00 00 00 
 0E 1F BA 0E 00 B4 09 CD 21 B8 01 4C CD 21 54 68 
 69 73 20 70 72 6F 67 72 61 6D 20 63 61 6E 6E 6F 
 74 20 62 65 20 72 75 6E 20 69 6E 20 44 4F 53 20 
 6D 6F 64 65 2E 0D 0D 0A 24 00 00 00 00 00 00 00 
 83 C2 32 29 C7 A3 5C 7A C7 A3 5C 7A C7 A3 5C 7A 
 CE DB D8 7A C6 A3 5C 7A CE DB C9 7A C5 A3 5C 7A 
 CE DB CF 7A DA A3 5C 7A C7 A3 5D 7A 33 A3 5C 7A 
 CE DB DF 7A D3 A3 5C 7A CE DB D5 7A CC A3 5C 7A 
 CE DB C8 7A C6 A3 5C 7A CE DB CD 7A C6 A3 5C 7A 
 52 69 63 68 C7 A3 5C 7A 00 00 00 00 00 00 00 00 
 00 00 00 00 00 00 00 00 50 45 00 00 64 86 06 00 < -  
 B3 C9 5B 4A 00 00 00 00 00 00 00 00 F0 00 22 00 
 0B 02 09 00 00 A8 00 00 00 58 02 00 00 00 00 00 
 70 35 00 00 00 10 00 00 00 00 00 00 01 00 00 00 
 00 10 00 00 00 02 00 00 06 00 01 00 06 00 01 00 
 06 00 01 00 00 00 00 00 00 50 03 00 00 06 00 00 
 49 E7 03 00 02 00 40 81 00 00 08 00 00 00 00 
 00 10 01 00 00 00 00 00 00 00 10 00 00 00 00 00 
 00 10 00 00 00 00 00 00 00 00 00 10 00 00 00 
 00 00 00 00 00 00 00 00 F8 CF 00 00 2C 01 00 00 
 00 40 01 00 60 F1 01 00 00 30 01 00 B4 06 00 00 
 00 00 00 00 00 00 00 00 40 03 00 B8 00 00 00 
 10 B7 00 00 38 00 00 00 00 00 00 00 00 00 00 00 
 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 
 00 00 00 00 00 00 00 E0 02 00 00 38 01 00 00 
 00 C0 00 00 F0 07 00 00 00 00 00 00 00 00 00 00 
 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 
 2E 74 65 78 74 00 00 00 70 A7 00 00 00 10 00 00 
 00 A8 00 00 00 06 00 00 00 00 00 00 00 00 00 00


解决方案

60个字节出现的不是m achine类型,但PE头的偏移量。 (在这种情况下,0x00000100:256字节。)PE头开始:'P','E',00,00。之后是机器类型。


How do I manually [without any extra scripts/programs] see if a Windows executable is 32/64 bit?

I have been looking around and found what should have been my answer. At 60 bytes in, the numbers below is suppose to appear, as far as I understand.

I386 0x014c

IA64 0x0200

AMD64 0x8664

Edit

After jumping to the PE offset, I still did not see the machine type. I did a Find & did not see any matches [unless its near the bottom for some reason]. 64 86 06 00 is not in the list above, so I dont know what I am doing wrong.

    Notepad.exe (64bit)

4D 5A 90 00 03 00 00 00 04 00 00 00 FF FF 00 00
B8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 E8 00 00 00
0E 1F BA 0E 00 B4 09 CD 21 B8 01 4C CD 21 54 68
69 73 20 70 72 6F 67 72 61 6D 20 63 61 6E 6E 6F
74 20 62 65 20 72 75 6E 20 69 6E 20 44 4F 53 20
6D 6F 64 65 2E 0D 0D 0A 24 00 00 00 00 00 00 00
83 C2 32 29 C7 A3 5C 7A C7 A3 5C 7A C7 A3 5C 7A
CE DB D8 7A C6 A3 5C 7A CE DB C9 7A C5 A3 5C 7A
CE DB CF 7A DA A3 5C 7A C7 A3 5D 7A 33 A3 5C 7A
CE DB DF 7A D3 A3 5C 7A CE DB D5 7A CC A3 5C 7A
CE DB C8 7A C6 A3 5C 7A CE DB CD 7A C6 A3 5C 7A
52 69 63 68 C7 A3 5C 7A 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 50 45 00 00 64 86 06 00 <--
B3 C9 5B 4A 00 00 00 00 00 00 00 00 F0 00 22 00
0B 02 09 00 00 A8 00 00 00 58 02 00 00 00 00 00
70 35 00 00 00 10 00 00 00 00 00 00 01 00 00 00
00 10 00 00 00 02 00 00 06 00 01 00 06 00 01 00
06 00 01 00 00 00 00 00 00 50 03 00 00 06 00 00
49 E7 03 00 02 00 40 81 00 00 08 00 00 00 00 00
00 10 01 00 00 00 00 00 00 00 10 00 00 00 00 00
00 10 00 00 00 00 00 00 00 00 00 00 10 00 00 00
00 00 00 00 00 00 00 00 F8 CF 00 00 2C 01 00 00
00 40 01 00 60 F1 01 00 00 30 01 00 B4 06 00 00
00 00 00 00 00 00 00 00 00 40 03 00 B8 00 00 00
10 B7 00 00 38 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 E0 02 00 00 38 01 00 00
00 C0 00 00 F0 07 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
2E 74 65 78 74 00 00 00 70 A7 00 00 00 10 00 00
00 A8 00 00 00 06 00 00 00 00 00 00 00 00 00 00

解决方案

What appears 60 bytes in isn't the machine type but the offset of the PE header. (In this case, 0x00000100: 256 bytes.) The PE header begins: 'P', 'E', 00, 00. What comes after that is the machine type.

这篇关于检测exe 32/64位的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!

查看全文
相关文章
其他开发最新文章
热门教程
热门工具
登录 关闭
扫码关注1秒登录
发送“验证码”获取 | 15天全站免登陆