Identify 32 bit binary or 64 bit binary
-
I am looking for a C++ function which can identify the architecture of an executable file (binary) e.g. whether it is a 32 bit or 64 bit. I heard such a function might be available in imagehlp.dll Can somebody help?
-
I am looking for a C++ function which can identify the architecture of an executable file (binary) e.g. whether it is a 32 bit or 64 bit. I heard such a function might be available in imagehlp.dll Can somebody help?
In imagehlp, maybe MapAndLoad()[^] and LOADED_IMAGE.FileHeader.Machine. Mark
Mark Salsbery Microsoft MVP - Visual C++ :java:
-
In imagehlp, maybe MapAndLoad()[^] and LOADED_IMAGE.FileHeader.Machine. Mark
Mark Salsbery Microsoft MVP - Visual C++ :java:
-
I am looking for a C++ function which can identify the architecture of an executable file (binary) e.g. whether it is a 32 bit or 64 bit. I heard such a function might be available in imagehlp.dll Can somebody help?
Im feeling generous today. I created a function for you.
DWORD GetPEMachineType(LPTSTR sz) { HANDLE hFile = CreateFile(sz,GENERIC_WRITE | GENERIC_READ, FILE_SHARE_READ | FILE_SHARE_WRITE,NULL,OPEN_EXISTING,FILE_ATTRIBUTE_NORMAL,NULL); if(NULL != hFile) { LARGE_INTEGER bigInt; BOOL diditWork = GetFileSizeEx(hFile, &bigInt); HANDLE hFileMap = CreateFileMapping(hFile,NULL,PAGE_READWRITE,bigInt.HighPart,bigInt.LowPart + 0x2000 ,_T("someGUID")); if(NULL != hFileMap) { LPVOID hMap = MapViewOfFile(hFileMap,FILE_MAP_READ,0,0,0); if(NULL != hMap) { HMODULE hModule = (HMODULE)hMap; IMAGE_DOS_HEADER * pDosHeader = (IMAGE_DOS_HEADER *)hModule; IMAGE_FILE_HEADER * pFileHeader = (IMAGE_FILE_HEADER *)(((LPBYTE)hModule) + pDosHeader->e_lfanew + sizeof(IMAGE_NT_SIGNATURE)); return pFileHeader->Machine; } } } }Here is a link to the current PE format specification: http://www.microsoft.com/whdc/system/platform/firmware/PECOFF.mspx[^] The possibilities include: IMAGE_FILE_MACHINE_UNKNOWN 0x0 The contents of this field are assumed to be applicable to any machine type IMAGE_FILE_MACHINE_AM33 0x1d3 Matsushita AM33 IMAGE_FILE_MACHINE_AMD64 0x8664 x64 IMAGE_FILE_MACHINE_ARM 0x1c0 ARM little endian IMAGE_FILE_MACHINE_EBC 0xebc EFI byte code IMAGE_FILE_MACHINE_I386 0x14c Intel 386 or later processors and compatible processors IMAGE_FILE_MACHINE_IA64 0x200 Intel Itanium processor family IMAGE_FILE_MACHINE_M32R 0x9041 Mitsubishi M32R little endian IMAGE_FILE_MACHINE_MIPS16 0x266 MIPS16 IMAGE_FILE_MACHINE_MIPSFPU 0x366 MIPS with FPU IMAGE_FILE_MACHINE_MIPSFPU16 0x466 MIPS16 with FPU IMAGE_FILE_MACHINE_POWERPC 0x1f0 Power PC little endian IMAGE_FILE_MACHINE_POWERPCFP 0x1f1 Power PC with floating point support IMAGE_FILE_MACHINE_R4000 0x166 MIPS little endian IMAGE_FILE_MACHINE_SH3 0x1a2 Hitachi SH3 IMAGE_FILE_MACHINE_SH3DSP 0x1a3 Hitachi SH3 DSP IMAGE_FILE_MACHINE_SH4 0x1a6 Hitachi SH4 IMAGE_FILE_MACHINE_SH5 0x1a8 Hitachi SH5 IMAGE_FILE_MACHINE_THUMB 0x1c2 Thumb IMAGE_FILE_MACHINE_WCEMIPSV2 0x169 MIPS little-endian WCE v2 Best Wishes, -David Delaune
modified on Thursday, March 13, 2008 4:32 PM
-
Im feeling generous today. I created a function for you.
DWORD GetPEMachineType(LPTSTR sz) { HANDLE hFile = CreateFile(sz,GENERIC_WRITE | GENERIC_READ, FILE_SHARE_READ | FILE_SHARE_WRITE,NULL,OPEN_EXISTING,FILE_ATTRIBUTE_NORMAL,NULL); if(NULL != hFile) { LARGE_INTEGER bigInt; BOOL diditWork = GetFileSizeEx(hFile, &bigInt); HANDLE hFileMap = CreateFileMapping(hFile,NULL,PAGE_READWRITE,bigInt.HighPart,bigInt.LowPart + 0x2000 ,_T("someGUID")); if(NULL != hFileMap) { LPVOID hMap = MapViewOfFile(hFileMap,FILE_MAP_READ,0,0,0); if(NULL != hMap) { HMODULE hModule = (HMODULE)hMap; IMAGE_DOS_HEADER * pDosHeader = (IMAGE_DOS_HEADER *)hModule; IMAGE_FILE_HEADER * pFileHeader = (IMAGE_FILE_HEADER *)(((LPBYTE)hModule) + pDosHeader->e_lfanew + sizeof(IMAGE_NT_SIGNATURE)); return pFileHeader->Machine; } } } }Here is a link to the current PE format specification: http://www.microsoft.com/whdc/system/platform/firmware/PECOFF.mspx[^] The possibilities include: IMAGE_FILE_MACHINE_UNKNOWN 0x0 The contents of this field are assumed to be applicable to any machine type IMAGE_FILE_MACHINE_AM33 0x1d3 Matsushita AM33 IMAGE_FILE_MACHINE_AMD64 0x8664 x64 IMAGE_FILE_MACHINE_ARM 0x1c0 ARM little endian IMAGE_FILE_MACHINE_EBC 0xebc EFI byte code IMAGE_FILE_MACHINE_I386 0x14c Intel 386 or later processors and compatible processors IMAGE_FILE_MACHINE_IA64 0x200 Intel Itanium processor family IMAGE_FILE_MACHINE_M32R 0x9041 Mitsubishi M32R little endian IMAGE_FILE_MACHINE_MIPS16 0x266 MIPS16 IMAGE_FILE_MACHINE_MIPSFPU 0x366 MIPS with FPU IMAGE_FILE_MACHINE_MIPSFPU16 0x466 MIPS16 with FPU IMAGE_FILE_MACHINE_POWERPC 0x1f0 Power PC little endian IMAGE_FILE_MACHINE_POWERPCFP 0x1f1 Power PC with floating point support IMAGE_FILE_MACHINE_R4000 0x166 MIPS little endian IMAGE_FILE_MACHINE_SH3 0x1a2 Hitachi SH3 IMAGE_FILE_MACHINE_SH3DSP 0x1a3 Hitachi SH3 DSP IMAGE_FILE_MACHINE_SH4 0x1a6 Hitachi SH4 IMAGE_FILE_MACHINE_SH5 0x1a8 Hitachi SH5 IMAGE_FILE_MACHINE_THUMB 0x1c2 Thumb IMAGE_FILE_MACHINE_WCEMIPSV2 0x169 MIPS little-endian WCE v2 Best Wishes, -David Delaune
modified on Thursday, March 13, 2008 4:32 PM
-
Randor wrote:
Im feeling generous today. I created a function for you.
Now all you have to do is hope you never have to work with him since you may have just helped him stay employed in the industry.
-
Its wigglyness? I was going to say "Someone has to do their research for them" until I saw the post below... Apparently, somebody has to write the code for them :)
Mark Salsbery Microsoft MVP - Visual C++ :java:
-
Im feeling generous today. I created a function for you.
DWORD GetPEMachineType(LPTSTR sz) { HANDLE hFile = CreateFile(sz,GENERIC_WRITE | GENERIC_READ, FILE_SHARE_READ | FILE_SHARE_WRITE,NULL,OPEN_EXISTING,FILE_ATTRIBUTE_NORMAL,NULL); if(NULL != hFile) { LARGE_INTEGER bigInt; BOOL diditWork = GetFileSizeEx(hFile, &bigInt); HANDLE hFileMap = CreateFileMapping(hFile,NULL,PAGE_READWRITE,bigInt.HighPart,bigInt.LowPart + 0x2000 ,_T("someGUID")); if(NULL != hFileMap) { LPVOID hMap = MapViewOfFile(hFileMap,FILE_MAP_READ,0,0,0); if(NULL != hMap) { HMODULE hModule = (HMODULE)hMap; IMAGE_DOS_HEADER * pDosHeader = (IMAGE_DOS_HEADER *)hModule; IMAGE_FILE_HEADER * pFileHeader = (IMAGE_FILE_HEADER *)(((LPBYTE)hModule) + pDosHeader->e_lfanew + sizeof(IMAGE_NT_SIGNATURE)); return pFileHeader->Machine; } } } }Here is a link to the current PE format specification: http://www.microsoft.com/whdc/system/platform/firmware/PECOFF.mspx[^] The possibilities include: IMAGE_FILE_MACHINE_UNKNOWN 0x0 The contents of this field are assumed to be applicable to any machine type IMAGE_FILE_MACHINE_AM33 0x1d3 Matsushita AM33 IMAGE_FILE_MACHINE_AMD64 0x8664 x64 IMAGE_FILE_MACHINE_ARM 0x1c0 ARM little endian IMAGE_FILE_MACHINE_EBC 0xebc EFI byte code IMAGE_FILE_MACHINE_I386 0x14c Intel 386 or later processors and compatible processors IMAGE_FILE_MACHINE_IA64 0x200 Intel Itanium processor family IMAGE_FILE_MACHINE_M32R 0x9041 Mitsubishi M32R little endian IMAGE_FILE_MACHINE_MIPS16 0x266 MIPS16 IMAGE_FILE_MACHINE_MIPSFPU 0x366 MIPS with FPU IMAGE_FILE_MACHINE_MIPSFPU16 0x466 MIPS16 with FPU IMAGE_FILE_MACHINE_POWERPC 0x1f0 Power PC little endian IMAGE_FILE_MACHINE_POWERPCFP 0x1f1 Power PC with floating point support IMAGE_FILE_MACHINE_R4000 0x166 MIPS little endian IMAGE_FILE_MACHINE_SH3 0x1a2 Hitachi SH3 IMAGE_FILE_MACHINE_SH3DSP 0x1a3 Hitachi SH3 DSP IMAGE_FILE_MACHINE_SH4 0x1a6 Hitachi SH4 IMAGE_FILE_MACHINE_SH5 0x1a8 Hitachi SH5 IMAGE_FILE_MACHINE_THUMB 0x1c2 Thumb IMAGE_FILE_MACHINE_WCEMIPSV2 0x169 MIPS little-endian WCE v2 Best Wishes, -David Delaune
modified on Thursday, March 13, 2008 4:32 PM
-
harsha1305 wrote:
I heard such a function might be available in imagehlp.dll
Excellent! Please post back what you find after reading the imagehlp documentation
led mike wrote:
Excellent! Please post back what you find after reading the imagehlp documentation
he he he.. please let me know also... any way some voted you down, let me average it down!
"Opinions are neither right nor wrong. I cannot change your opinion. I can, however, change what influences your opinion." - David Crow
Never mind - my own stupidity is the source of every "problem" - Mixturecheers, Alok Gupta VC Forum Q&A :- I/IV Support CRY- Child Relief and You/codeProject$$>
-
Randor wrote:
Look on the bright side, thats one less homeless person to worry about.
RIght you say! 5 point!
"Opinions are neither right nor wrong. I cannot change your opinion. I can, however, change what influences your opinion." - David Crow
Never mind - my own stupidity is the source of every "problem" - Mixturecheers, Alok Gupta VC Forum Q&A :- I/IV Support CRY- Child Relief and You/codeProject$$>
-
Im feeling generous today. I created a function for you.
DWORD GetPEMachineType(LPTSTR sz) { HANDLE hFile = CreateFile(sz,GENERIC_WRITE | GENERIC_READ, FILE_SHARE_READ | FILE_SHARE_WRITE,NULL,OPEN_EXISTING,FILE_ATTRIBUTE_NORMAL,NULL); if(NULL != hFile) { LARGE_INTEGER bigInt; BOOL diditWork = GetFileSizeEx(hFile, &bigInt); HANDLE hFileMap = CreateFileMapping(hFile,NULL,PAGE_READWRITE,bigInt.HighPart,bigInt.LowPart + 0x2000 ,_T("someGUID")); if(NULL != hFileMap) { LPVOID hMap = MapViewOfFile(hFileMap,FILE_MAP_READ,0,0,0); if(NULL != hMap) { HMODULE hModule = (HMODULE)hMap; IMAGE_DOS_HEADER * pDosHeader = (IMAGE_DOS_HEADER *)hModule; IMAGE_FILE_HEADER * pFileHeader = (IMAGE_FILE_HEADER *)(((LPBYTE)hModule) + pDosHeader->e_lfanew + sizeof(IMAGE_NT_SIGNATURE)); return pFileHeader->Machine; } } } }Here is a link to the current PE format specification: http://www.microsoft.com/whdc/system/platform/firmware/PECOFF.mspx[^] The possibilities include: IMAGE_FILE_MACHINE_UNKNOWN 0x0 The contents of this field are assumed to be applicable to any machine type IMAGE_FILE_MACHINE_AM33 0x1d3 Matsushita AM33 IMAGE_FILE_MACHINE_AMD64 0x8664 x64 IMAGE_FILE_MACHINE_ARM 0x1c0 ARM little endian IMAGE_FILE_MACHINE_EBC 0xebc EFI byte code IMAGE_FILE_MACHINE_I386 0x14c Intel 386 or later processors and compatible processors IMAGE_FILE_MACHINE_IA64 0x200 Intel Itanium processor family IMAGE_FILE_MACHINE_M32R 0x9041 Mitsubishi M32R little endian IMAGE_FILE_MACHINE_MIPS16 0x266 MIPS16 IMAGE_FILE_MACHINE_MIPSFPU 0x366 MIPS with FPU IMAGE_FILE_MACHINE_MIPSFPU16 0x466 MIPS16 with FPU IMAGE_FILE_MACHINE_POWERPC 0x1f0 Power PC little endian IMAGE_FILE_MACHINE_POWERPCFP 0x1f1 Power PC with floating point support IMAGE_FILE_MACHINE_R4000 0x166 MIPS little endian IMAGE_FILE_MACHINE_SH3 0x1a2 Hitachi SH3 IMAGE_FILE_MACHINE_SH3DSP 0x1a3 Hitachi SH3 DSP IMAGE_FILE_MACHINE_SH4 0x1a6 Hitachi SH4 IMAGE_FILE_MACHINE_SH5 0x1a8 Hitachi SH5 IMAGE_FILE_MACHINE_THUMB 0x1c2 Thumb IMAGE_FILE_MACHINE_WCEMIPSV2 0x169 MIPS little-endian WCE v2 Best Wishes, -David Delaune
modified on Thursday, March 13, 2008 4:32 PM
I have included your tip in my site...!
"Opinions are neither right nor wrong. I cannot change your opinion. I can, however, change what influences your opinion." - David Crow
Never mind - my own stupidity is the source of every "problem" - Mixturecheers, Alok Gupta VC Forum Q&A :- I/IV Support CRY- Child Relief and You/codeProject$$>
-
Randor wrote:
Look on the bright side, thats one less homeless person to worry about.
RIght you say! 5 point!
"Opinions are neither right nor wrong. I cannot change your opinion. I can, however, change what influences your opinion." - David Crow
Never mind - my own stupidity is the source of every "problem" - Mixturecheers, Alok Gupta VC Forum Q&A :- I/IV Support CRY- Child Relief and You/codeProject$$>
Buddy, i also igree with you. My 5! for his all reply in this topic.
-
led mike wrote:
Excellent! Please post back what you find after reading the imagehlp documentation
he he he.. please let me know also... any way some voted you down, let me average it down!
"Opinions are neither right nor wrong. I cannot change your opinion. I can, however, change what influences your opinion." - David Crow
Never mind - my own stupidity is the source of every "problem" - Mixturecheers, Alok Gupta VC Forum Q&A :- I/IV Support CRY- Child Relief and You/codeProject$$>