How to Check if a DLL or EXE is 32-bit or 64-bit (x86 or x64) us
- 时间:2020-09-11 08:17:29
- 分类:网络文摘
- 阅读:143 次
On Windows, the executables are either EXE or DLL (sometimes OCX). We can programmatically tell if the executable is a 32-bit (x86) or 64-bit (x64) by looking into its PE header signature.
In VBScript, we can call CreateObject method to invoke the COM library. Here we use the ADODB.Stream to Read a File in binary stream. Then, we need to read a few bytes from the file header.
The AscB in Vbscript returns the first byte of given string. And the MidB will return a range of bytes in the middle.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 | Function GetPlatformForExeOrDLL(File) Set BinaryStream = CreateObject("ADODB.Stream") BinaryStream.Type = 1 BinaryStream.Open On Error Resume Next BinaryStream.LoadFromFile File If err.number <> 0 Then GetPlatformForExeOrDLL = "" Exit Function End If On Error Goto 0 skip = BinaryStream.Read(&H3C) positionSignature = BinaryStream.Read(4) strPosition="" For lngCounter = 0 to UBound(positionSignature) car= Ascb(Midb(positionSignature, lngCounter + 1, 1)) s = Hex(car) If Len(s) = 1 Then s = "0" & s End If strPosition = s & strPosition Next positionSignature = CInt("&H" & strPosition) BinaryStream.Position = positionSignature arr_signature = BinaryStream.Read(6) signature = "" For lngCounter = 0 to UBound(arr_signature) car= AscB(Midb(arr_signature, lngCounter + 1, 1)) s = Hex(car) If Len(s) = 1 Then s = "0" & s End If signature = signature & s Next BinaryStream.Close If signature = "504500004C01" Then GetPlatformForExeOrDLL = "x86" ElseIf signature = "504500006486" Then GetPlatformForExeOrDLL = "x64" End If End Function |
Function GetPlatformForExeOrDLL(File)
Set BinaryStream = CreateObject("ADODB.Stream")
BinaryStream.Type = 1
BinaryStream.Open
On Error Resume Next
BinaryStream.LoadFromFile File
If err.number <> 0 Then
GetPlatformForExeOrDLL = ""
Exit Function
End If
On Error Goto 0
skip = BinaryStream.Read(&H3C)
positionSignature = BinaryStream.Read(4)
strPosition=""
For lngCounter = 0 to UBound(positionSignature)
car= Ascb(Midb(positionSignature, lngCounter + 1, 1))
s = Hex(car)
If Len(s) = 1 Then
s = "0" & s
End If
strPosition = s & strPosition
Next
positionSignature = CInt("&H" & strPosition)
BinaryStream.Position = positionSignature
arr_signature = BinaryStream.Read(6)
signature = ""
For lngCounter = 0 to UBound(arr_signature)
car= AscB(Midb(arr_signature, lngCounter + 1, 1))
s = Hex(car)
If Len(s) = 1 Then
s = "0" & s
End If
signature = signature & s
Next
BinaryStream.Close
If signature = "504500004C01" Then
GetPlatformForExeOrDLL = "x86"
ElseIf signature = "504500006486" Then
GetPlatformForExeOrDLL = "x64"
End If
End FunctionThe Magik numbers we are looking for are: 504500004C01 for x86 platform and 504500006486 for x64 platform. If neither are found, it is unlikely a valid windows DLL or EXE file.
Example usage:
1 2 3 4 | ' x64 WScript.Echo GetPlatformForExeOrDLL("C:\Windows\System32\cmd.exe") ' x86 WScript.Echo GetPlatformForExeOrDLL("C:\Windows\SysWow64\cmd.exe") |
' x64
WScript.Echo GetPlatformForExeOrDLL("C:\Windows\System32\cmd.exe")
' x86
WScript.Echo GetPlatformForExeOrDLL("C:\Windows\SysWow64\cmd.exe")
vbscript
–EOF (The Ultimate Computing & Technology Blog) —
推荐阅读:Double your traffic with White Hat SEO techniques Blogging As Therapy: True Life Stories Of Victims And How They C 3 Reasons to Geek Out on Your Blog The Terminal Software Engineer Level Facebook Interview Tips and Guidance Book Review: Python for Kids, for Dummies Find the Least Number Sums of Perfect Squares Algorithms to Sum of All Odd Length Subarrays Algorithm to Compute the Largest Triple Products from Array Algorithm to Split a Number Array into Two Balanced Parts by Usi
- 评论列表
-
- 添加评论