Win32 API来判断给定的二进制文件(EXE或DLL)是x86,x64还是ia64


平台:Windows。 语言:c / c ++。





这是 manged exe的同样的问题 。





// map the file to our address space // first, create a file mapping object hMap = CreateFileMapping( hFile, NULL, // security attrs PAGE_READONLY, // protection flags 0, // max size - high DWORD 0, // max size - low DWORD NULL ); // mapping name - not used // next, map the file to our address space void* mapAddr = MapViewOfFileEx( hMap, // mapping object FILE_MAP_READ, // desired access 0, // loc to map - hi DWORD 0, // loc to map - lo DWORD 0, // #bytes to map - 0=all NULL ); // suggested map addr peHdr = ImageNtHeader( mapAddr ); 

我在Github上开源了一个专门检查VC ++可重新发布的DLL的项目 ,还有一个我创建的代码片断,基于Shay的答案中的函数成功地找到,加载和检查用于x86 / x64兼容性的DLL 。


 /****************************************************************** Function Name: CheckProductUsingCurrentDirectory Description: Queries the current working directory for a given binary. Inputs: pszProductFolderToCheck - the product name to look up. pBinaryArchitecture - the desired processor architecture of the binary (x86, x64, etc..). Results: true if the requested product is installed false otherwise ******************************************************************/ bool CheckProductUsingCurrentDirectory(const LPCTSTR pszProductBinaryToCheck, Architecture pBinaryArchitecture){ bool bFoundRequestedProduct = false; //Get the length of the buffer first TCHAR currentDirectory[MAX_PATH]; DWORD currentDirectoryChars = GetCurrentDirectory(MAX_PATH, currentDirectory); //exit if couldn't get current directory if (currentDirectoryChars <= 0) return bFoundRequestedProduct; TCHAR searchPath[MAX_PATH]; //exit if we couldn't combine the path to the requested binary if (PathCombine(searchPath, currentDirectory, pszProductBinaryToCheck) == NULL) return bFoundRequestedProduct; WIN32_FIND_DATA FindFileData; HANDLE hFind= FindFirstFile(searchPath, &FindFileData); //exit if the binary was not found if (hFind == INVALID_HANDLE_VALUE) return bFoundRequestedProduct; HANDLE hFile = CreateFile(searchPath, GENERIC_READ, FILE_SHARE_READ, NULL, OPEN_EXISTING, FILE_ATTRIBUTE_READONLY, NULL); if (hFile == INVALID_HANDLE_VALUE) goto cleanup; HANDLE hMapping = CreateFileMapping(hFile, NULL, PAGE_READONLY | SEC_IMAGE, 0, 0, pszProductBinaryToCheck); if (hMapping == INVALID_HANDLE_VALUE) goto cleanup; LPVOID addrHeader = MapViewOfFile(hMapping, FILE_MAP_READ, 0, 0, 0); if (addrHeader == NULL) goto cleanup; //couldn't memory map the file PIMAGE_NT_HEADERS peHdr = ImageNtHeader(addrHeader); if (peHdr == NULL) goto cleanup; //couldn't read the header //Found the binary, AND its architecture matches. Success! if (peHdr->FileHeader.Machine == pBinaryArchitecture){ bFoundRequestedProduct = true; } cleanup: //release all of our handles FindClose(hFind); if (hFile != INVALID_HANDLE_VALUE) CloseHandle(hFile); if (hMapping != INVALID_HANDLE_VALUE) CloseHandle(hMapping); return bFoundRequestedProduct; } 


您可以自己检查PE头以读取IMAGE_FILE_MACHINE字段。 这是一个C#实现 ,不应该太难以适应C ++。