Is it 32bit or 64bit?

Robert · May 22, 2024, 05:05:56 PM

Quote from: MrBcx on May 22, 2024, 03:22:00 PM
Quote from: Vortex on May 22, 2024, 02:24:38 PM
Hello,

An application to determine the type of an executable or dll :

Code Select Expand
REM It's strongly recommended to compile the code as 64-bit DIM AS BYTE buffer[1024] DIM p AS BYTE PTR DIM machine AS WORD DIM m AS WORD DIM AS STRING mtype[4] mtype[0] = "unknown" mtype[1] = "32bit" mtype[2] = "64bit" mtype[3] = "Intel Itanium" IF ARGC = 1 THEN PRINT "Usage : GetEXEtype64.exe filename.exe \ .dll" END END IF OPEN COMMAND$(1) FOR BINARY INPUT AS hFile GET$ hFile, buffer, 1024 CLOSE hFile IF ((PIMAGE_DOS_HEADER)buffer)->e_magic <> IMAGE_DOS_SIGNATURE THEN PRINT "The file does not contain a valid DOS header." END END IF p = (BYTE PTR)((BYTE PTR)buffer+((PIMAGE_DOS_HEADER)buffer)->e_lfanew) IF ((PIMAGE_NT_HEADERS)p)->Signature <> IMAGE_NT_SIGNATURE THEN PRINT "The file does not contain a valid PE header" END END IF machine = ((PIMAGE_NT_HEADERS)p)->FileHeader.Machine m = (machine==IMAGE_FILE_MACHINE_I386)+ _ 2*(machine==IMAGE_FILE_MACHINE_AMD64)+ _ 3*(machine==IMAGE_FILE_MACHINE_IA64) PRINT "The executable is " & mtype[m]

Good Job!

BCX is going to make a BASIC programmer out of you yet!

Hey Vortex:

That Slick Trick equality is very cool.

Thanks for the great example.

MrBcx · May 22, 2024, 03:22:00 PM

Quote from: Vortex on May 22, 2024, 02:24:38 PM
Hello,

An application to determine the type of an executable or dll :

Code Select Expand
REM It's strongly recommended to compile the code as 64-bit DIM AS BYTE buffer[1024] DIM p AS BYTE PTR DIM machine AS WORD DIM m AS WORD DIM AS STRING mtype[4] mtype[0] = "unknown" mtype[1] = "32bit" mtype[2] = "64bit" mtype[3] = "Intel Itanium" IF ARGC = 1 THEN PRINT "Usage : GetEXEtype64.exe filename.exe \ .dll" END END IF OPEN COMMAND$(1) FOR BINARY INPUT AS hFile GET$ hFile, buffer, 1024 CLOSE hFile IF ((PIMAGE_DOS_HEADER)buffer)->e_magic <> IMAGE_DOS_SIGNATURE THEN PRINT "The file does not contain a valid DOS header." END END IF p = (BYTE PTR)((BYTE PTR)buffer+((PIMAGE_DOS_HEADER)buffer)->e_lfanew) IF ((PIMAGE_NT_HEADERS)p)->Signature <> IMAGE_NT_SIGNATURE THEN PRINT "The file does not contain a valid PE header" END END IF machine = ((PIMAGE_NT_HEADERS)p)->FileHeader.Machine m = (machine==IMAGE_FILE_MACHINE_I386)+ _ 2*(machine==IMAGE_FILE_MACHINE_AMD64)+ _ 3*(machine==IMAGE_FILE_MACHINE_IA64) PRINT "The executable is " & mtype[m]

Good Job!

BCX is going to make a BASIC programmer out of you yet!

Vortex · May 22, 2024, 02:24:38 PM

Hello,

An application to determine the type of an executable or dll :

Code Select

REM It's strongly recommended to compile the code as 64-bit

DIM AS BYTE buffer[1024]
DIM p AS BYTE PTR
DIM machine AS WORD
DIM m AS WORD
DIM AS STRING mtype[4]

mtype[0] = "unknown"
mtype[1] = "32bit"
mtype[2] = "64bit"
mtype[3] = "Intel Itanium"

IF ARGC = 1 THEN

    PRINT "Usage : GetEXEtype64.exe filename.exe \ .dll"
    END

END IF

OPEN COMMAND$(1) FOR BINARY INPUT AS hFile

GET$ hFile, buffer, 1024

CLOSE hFile

IF ((PIMAGE_DOS_HEADER)buffer)->e_magic <> IMAGE_DOS_SIGNATURE THEN
    PRINT "The file does not contain a valid DOS header."
    END
END IF

p = (BYTE PTR)((BYTE PTR)buffer+((PIMAGE_DOS_HEADER)buffer)->e_lfanew)

IF ((PIMAGE_NT_HEADERS)p)->Signature <> IMAGE_NT_SIGNATURE THEN
    PRINT "The file does not contain a valid PE header"
    END
END IF

machine = ((PIMAGE_NT_HEADERS)p)->FileHeader.Machine

m = (machine==IMAGE_FILE_MACHINE_I386)+ _
    2*(machine==IMAGE_FILE_MACHINE_AMD64)+ _
    3*(machine==IMAGE_FILE_MACHINE_IA64)

PRINT "The executable is " & mtype[m]

airr · May 20, 2024, 05:10:08 PM

For those who don't like/use powershell, you can do the same in a conhost session like this:

Code Select

podump /headers <dllfile> | findstr /r "machine.*("
dumpbin /headers <dllfile> | findstr /r "machine.*("
objdump -f <dllfile>l | findstr /r "architecture"

AIR.

airr · May 20, 2024, 04:56:37 PM

Ever wonder if a random dll on your system is 32bit or 64bit? I'm sure I'm not the only one who's yelled at the screen after trying to use the dll, only to discover that I can't use it because it's not 64 bit.

So I leveraged Powershell to get me the info quick.

With podump.exe and dumpbin.exe

Code Select

podump /headers <dllfile> | Select-String "machine\s\("
dumpbin /headers <dllfile> | Select-String "machine\s\("

With MinGW objdump:

Code Select

objdump -f .\libpcre-1.dll | select-string "architecture"

Output:

Code Select

podump/dumpbin:
8664 machine (x64)

objdump:
architecture: i386:x86-64, flags 0x0000013b:

AIR.

News:

Is it 32bit or 64bit?

Robert

MrBcx

Vortex

airr

airr