How to Check if a DLL or EXE is 32-bit or 64-bit (x86 or x64) us

  • 时间:2020-09-11 08:17:29
  • 分类:网络文摘
  • 阅读:101 次

On Windows, the executables are either EXE or DLL (sometimes OCX). We can programmatically tell if the executable is a 32-bit (x86) or 64-bit (x64) by looking into its PE header signature.

In VBScript, we can call CreateObject method to invoke the COM library. Here we use the ADODB.Stream to Read a File in binary stream. Then, we need to read a few bytes from the file header.

The AscB in Vbscript returns the first byte of given string. And the MidB will return a range of bytes in the middle.

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52

Function GetPlatformForExeOrDLL(File)
    Set BinaryStream = CreateObject("ADODB.Stream")
    
    BinaryStream.Type = 1
    BinaryStream.Open
    
    On Error Resume Next    
    BinaryStream.LoadFromFile File
 
    If err.number <> 0 Then
        GetPlatformForExeOrDLL = ""
        Exit Function
    End If
    On Error Goto 0
          
    skip = BinaryStream.Read(&H3C)
    positionSignature = BinaryStream.Read(4)
    
    strPosition=""
    For lngCounter = 0 to UBound(positionSignature)
        car= Ascb(Midb(positionSignature, lngCounter + 1, 1))
        s = Hex(car)
        If Len(s) = 1 Then
            s = "0" & s
        End If 
        strPosition = s & strPosition
    Next
    
    positionSignature = CInt("&H" & strPosition)
    
    BinaryStream.Position = positionSignature
    
    arr_signature = BinaryStream.Read(6)
    
    signature = ""
    For lngCounter = 0 to UBound(arr_signature)
        car= AscB(Midb(arr_signature, lngCounter + 1, 1))
        s = Hex(car)
        If Len(s) = 1 Then
            s = "0" & s
        End If
        signature = signature & s 
    Next
    
    BinaryStream.Close
        
    If signature = "504500004C01" Then
        GetPlatformForExeOrDLL = "x86"
    ElseIf signature = "504500006486" Then
        GetPlatformForExeOrDLL = "x64"
    End If
End Function
Function GetPlatformForExeOrDLL(File)
	Set BinaryStream = CreateObject("ADODB.Stream")
	
	BinaryStream.Type = 1
	BinaryStream.Open
	
	On Error Resume Next	
	BinaryStream.LoadFromFile File

	If err.number <> 0 Then
		GetPlatformForExeOrDLL = ""
		Exit Function
	End If
	On Error Goto 0
		  
	skip = BinaryStream.Read(&H3C)
	positionSignature = BinaryStream.Read(4)
	
	strPosition=""
	For lngCounter = 0 to UBound(positionSignature)
	    car= Ascb(Midb(positionSignature, lngCounter + 1, 1))
	    s = Hex(car)
	    If Len(s) = 1 Then
	    	s = "0" & s
	    End If 
	    strPosition = s & strPosition
	Next
	
	positionSignature = CInt("&H" & strPosition)
	
	BinaryStream.Position = positionSignature
	
	arr_signature = BinaryStream.Read(6)
	
	signature = ""
	For lngCounter = 0 to UBound(arr_signature)
	    car= AscB(Midb(arr_signature, lngCounter + 1, 1))
	    s = Hex(car)
	    If Len(s) = 1 Then
	    	s = "0" & s
	    End If
	    signature = signature & s 
	Next
	
	BinaryStream.Close
		
	If signature = "504500004C01" Then
	    GetPlatformForExeOrDLL = "x86"
	ElseIf signature = "504500006486" Then
	    GetPlatformForExeOrDLL = "x64"
	End If
End Function

The Magik numbers we are looking for are: 504500004C01 for x86 platform and 504500006486 for x64 platform. If neither are found, it is unlikely a valid windows DLL or EXE file.

Example usage:

1
2
3
4

' x64
WScript.Echo GetPlatformForExeOrDLL("C:\Windows\System32\cmd.exe") 
' x86
WScript.Echo GetPlatformForExeOrDLL("C:\Windows\SysWow64\cmd.exe")
' x64
WScript.Echo GetPlatformForExeOrDLL("C:\Windows\System32\cmd.exe") 
' x86
WScript.Echo GetPlatformForExeOrDLL("C:\Windows\SysWow64\cmd.exe")
vbscript How to Check if a DLL or EXE is 32-bit or 64-bit (x86 or x64) using VBScript Function? vbscript

vbscript

–EOF (The Ultimate Computing & Technology Blog) —

推荐阅读:
中华人民共和国食品安全法(全文)  山东启动打击非法保健食品专项行动  盘点那些不科学不健康的饮食习惯  养生推荐:几种最牛的常见抗衰老食物  营养健康食品系列:休闲干果开心果  营养健康食品:向日葵的种子葵花籽  酿造酒之黄酒和白酒的营养价值  葡萄酒及啤酒的营养保健价值  保健食品广告九成以上虚假违法  生吃鸡蛋易引起沙门氏菌食物中毒 
评论列表
添加评论