How to Check if a DLL or EXE is 32-bit or 64-bit (x86 or x64) us
- 时间:2020-09-11 08:17:29
- 分类:网络文摘
- 阅读:112 次
On Windows, the executables are either EXE or DLL (sometimes OCX). We can programmatically tell if the executable is a 32-bit (x86) or 64-bit (x64) by looking into its PE header signature.
In VBScript, we can call CreateObject method to invoke the COM library. Here we use the ADODB.Stream to Read a File in binary stream. Then, we need to read a few bytes from the file header.
The AscB in Vbscript returns the first byte of given string. And the MidB will return a range of bytes in the middle.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 | Function GetPlatformForExeOrDLL(File) Set BinaryStream = CreateObject("ADODB.Stream") BinaryStream.Type = 1 BinaryStream.Open On Error Resume Next BinaryStream.LoadFromFile File If err.number <> 0 Then GetPlatformForExeOrDLL = "" Exit Function End If On Error Goto 0 skip = BinaryStream.Read(&H3C) positionSignature = BinaryStream.Read(4) strPosition="" For lngCounter = 0 to UBound(positionSignature) car= Ascb(Midb(positionSignature, lngCounter + 1, 1)) s = Hex(car) If Len(s) = 1 Then s = "0" & s End If strPosition = s & strPosition Next positionSignature = CInt("&H" & strPosition) BinaryStream.Position = positionSignature arr_signature = BinaryStream.Read(6) signature = "" For lngCounter = 0 to UBound(arr_signature) car= AscB(Midb(arr_signature, lngCounter + 1, 1)) s = Hex(car) If Len(s) = 1 Then s = "0" & s End If signature = signature & s Next BinaryStream.Close If signature = "504500004C01" Then GetPlatformForExeOrDLL = "x86" ElseIf signature = "504500006486" Then GetPlatformForExeOrDLL = "x64" End If End Function |
Function GetPlatformForExeOrDLL(File)
Set BinaryStream = CreateObject("ADODB.Stream")
BinaryStream.Type = 1
BinaryStream.Open
On Error Resume Next
BinaryStream.LoadFromFile File
If err.number <> 0 Then
GetPlatformForExeOrDLL = ""
Exit Function
End If
On Error Goto 0
skip = BinaryStream.Read(&H3C)
positionSignature = BinaryStream.Read(4)
strPosition=""
For lngCounter = 0 to UBound(positionSignature)
car= Ascb(Midb(positionSignature, lngCounter + 1, 1))
s = Hex(car)
If Len(s) = 1 Then
s = "0" & s
End If
strPosition = s & strPosition
Next
positionSignature = CInt("&H" & strPosition)
BinaryStream.Position = positionSignature
arr_signature = BinaryStream.Read(6)
signature = ""
For lngCounter = 0 to UBound(arr_signature)
car= AscB(Midb(arr_signature, lngCounter + 1, 1))
s = Hex(car)
If Len(s) = 1 Then
s = "0" & s
End If
signature = signature & s
Next
BinaryStream.Close
If signature = "504500004C01" Then
GetPlatformForExeOrDLL = "x86"
ElseIf signature = "504500006486" Then
GetPlatformForExeOrDLL = "x64"
End If
End FunctionThe Magik numbers we are looking for are: 504500004C01 for x86 platform and 504500006486 for x64 platform. If neither are found, it is unlikely a valid windows DLL or EXE file.
Example usage:
1 2 3 4 | ' x64 WScript.Echo GetPlatformForExeOrDLL("C:\Windows\System32\cmd.exe") ' x86 WScript.Echo GetPlatformForExeOrDLL("C:\Windows\SysWow64\cmd.exe") |
' x64
WScript.Echo GetPlatformForExeOrDLL("C:\Windows\System32\cmd.exe")
' x86
WScript.Echo GetPlatformForExeOrDLL("C:\Windows\SysWow64\cmd.exe")
vbscript
–EOF (The Ultimate Computing & Technology Blog) —
推荐阅读:6 Tips For Starting a Business During a Pandemic Will Your Blog be affected by the Current Facebook Ad Boycott? Unobvious Life Hacks for Ads Optimization in Google Essential Traits That Will Help Bloggers Work From Home Successf Examining the Physical and Mental Health of Writers and Bloggers How will Blogging Change after the Pandemic? Digital Relationships: 5 Tips For Building A Better Veterinary B The 2020 Pandemic Further Boosts Earnings and Influence of Blogg What to Do When Your Blog Gets Too Big for You Alone Minimum Numbers of Function Calls to Make Target Array
- 评论列表
-
- 添加评论