I have to determine whether a basic assembly has been compiled in the form of managed code application (x64 or x86) .
I think PE must be anywhere in the header because the OS loader should know this information, but I could not find it. Of course I like to do it in the managed code, but if necessary, I can use the original C ++.
You can also use / Headers or / all List the flag and its first file header.
dumpbin / headers cv210.dll 64-bit
Microsoft (R) COFF / PE dumper version 10.00 .30319.01 Copyright (c) Microsoft Corporation. All rights reserved. File dump found cv210.dll PE signature file type: DLL file header values 8664 machine (x64) 6 segments number 4BBAB813 time date ticket Tuesday April 06 12:26:59 2010 0 Index indicator file indicator 0 number of symbols F0 Size Optional Header 2022 Features Executionable Application Large (& gt; 2GB) Addresses DLL 32-bit
Microsoft (R) COFF / The PE dumper version can handle 10.00.30319.01 Copyright (c) micros Theft Corporation All Rights Reserved. File dump: acrdlg.dll got PE signature File type: DLL file header values 14C machine (x86) 5 number of sections 467AFDD2 time date stamp Fri Jun 22 06:38:10 2007 0 File indicator indicator table of 0 symbols Number E0 Size Optional Header 2306 Executionable Line Number of Features 32 bit Word Machine Stolen Debit Information DLL 'Find' can make life a bit easier:
DumpBin / Header Cv210.dll | Find "Machine" 8664 Machine (x64) 
Comments
Post a Comment