Win32 API来判断给定的二进制文件(EXE或DLL)是x86,x64还是ia64

我试图find一个编程方式来判断一个二进制文件是x86,x64还是ia64。

平台:Windows。 语言:c / c ++。

背景:在尝试加载第三方DLL之前,我需要找出它的位。

欣赏任何指针。

对于EXE

使用GetBinaryType(…)

这是 manged exe的同样的问题 。

对于DLL(和EXE)

使用ImageNtHeader(…)获取文件的PE数据,然后检查IMAGE_FILE_HEADER.Machine字段。

以下是我使用Google代码搜索找到的一些代码

没有清理和没有错误检查

// map the file to our address space // first, create a file mapping object hMap = CreateFileMapping( hFile, NULL, // security attrs PAGE_READONLY, // protection flags 0, // max size - high DWORD 0, // max size - low DWORD NULL ); // mapping name - not used // next, map the file to our address space void* mapAddr = MapViewOfFileEx( hMap, // mapping object FILE_MAP_READ, // desired access 0, // loc to map - hi DWORD 0, // loc to map - lo DWORD 0, // #bytes to map - 0=all NULL ); // suggested map addr peHdr = ImageNtHeader( mapAddr ); 

我在Github上开源了一个专门检查VC ++可重新发布的DLL的项目 ,还有一个我创建的代码片断,基于Shay的答案中的函数成功地找到,加载和检查用于x86 / x64兼容性的DLL 。

下面的全部代码片段:

 /****************************************************************** Function Name: CheckProductUsingCurrentDirectory Description: Queries the current working directory for a given binary. Inputs: pszProductFolderToCheck - the product name to look up. pBinaryArchitecture - the desired processor architecture of the binary (x86, x64, etc..). Results: true if the requested product is installed false otherwise ******************************************************************/ bool CheckProductUsingCurrentDirectory(const LPCTSTR pszProductBinaryToCheck, Architecture pBinaryArchitecture){ bool bFoundRequestedProduct = false; //Get the length of the buffer first TCHAR currentDirectory[MAX_PATH]; DWORD currentDirectoryChars = GetCurrentDirectory(MAX_PATH, currentDirectory); //exit if couldn't get current directory if (currentDirectoryChars <= 0) return bFoundRequestedProduct; TCHAR searchPath[MAX_PATH]; //exit if we couldn't combine the path to the requested binary if (PathCombine(searchPath, currentDirectory, pszProductBinaryToCheck) == NULL) return bFoundRequestedProduct; WIN32_FIND_DATA FindFileData; HANDLE hFind= FindFirstFile(searchPath, &FindFileData); //exit if the binary was not found if (hFind == INVALID_HANDLE_VALUE) return bFoundRequestedProduct; HANDLE hFile = CreateFile(searchPath, GENERIC_READ, FILE_SHARE_READ, NULL, OPEN_EXISTING, FILE_ATTRIBUTE_READONLY, NULL); if (hFile == INVALID_HANDLE_VALUE) goto cleanup; HANDLE hMapping = CreateFileMapping(hFile, NULL, PAGE_READONLY | SEC_IMAGE, 0, 0, pszProductBinaryToCheck); if (hMapping == INVALID_HANDLE_VALUE) goto cleanup; LPVOID addrHeader = MapViewOfFile(hMapping, FILE_MAP_READ, 0, 0, 0); if (addrHeader == NULL) goto cleanup; //couldn't memory map the file PIMAGE_NT_HEADERS peHdr = ImageNtHeader(addrHeader); if (peHdr == NULL) goto cleanup; //couldn't read the header //Found the binary, AND its architecture matches. Success! if (peHdr->FileHeader.Machine == pBinaryArchitecture){ bFoundRequestedProduct = true; } cleanup: //release all of our handles FindClose(hFind); if (hFile != INVALID_HANDLE_VALUE) CloseHandle(hFile); if (hMapping != INVALID_HANDLE_VALUE) CloseHandle(hMapping); return bFoundRequestedProduct; } 

这个问题和Shay的回答对我来说是有帮助的,所以我想我会在这里发布这个项目。

您可以自己检查PE头以读取IMAGE_FILE_MACHINE字段。 这是一个C#实现 ,不应该太难以适应C ++。