Windows DatabaseebooksStatistical Information

LWE10365 : Howto find out if an executable (exe) is 64-bit or 32-bit on a Windows 64 bit system

Symptom:

You need to know for sure if you are dealing with 64 are 32 programs

Cause:

PE32 or PE32+ are not the same

Solution:

You can use the dumpbin utility to show the headers of the PE (program executable) file. This will tell you exactly what kind of exe file you have.

Dumpbin is delivered with visual studio and needs to be in your searchpath.
e.g.:

You are looking for the machine or magic line in the output.

Dumpbin /headers books.exe | findstr /i "machine magic"

            8664 machine (x64)
             20B magic # (PE32+)

A full dump of the information will show something like this:

Dumpbin /headers books.exe

Microsoft (R) COFF/PE Dumper Version 9.00.30729.01
Copyright (C) Microsoft Corporation.  All rights reserved.


Dump of file books.exe

PE signature found

File Type: EXECUTABLE IMAGE

FILE HEADER VALUES
            8664 machine (x64)
               6 number of sections
        4D11760A time date stamp Wed Dec 22 04:52:42 2010
               0 file pointer to symbol table
               0 number of symbols
              F0 size of optional header
              23 characteristics
                   Relocations stripped
                   Executable
                   Application can handle large (>2GB) addresses

OPTIONAL HEADER VALUES
             20B magic # (PE32+)
            9.00 linker version
           10600 size of code
           13200 size of initialized data
               0 size of uninitialized data
            9A00 entry point (0000000140009A00) WinMainCRTStartup
            1000 base of code
       140000000 image base (0000000140000000 to 0000000140026FFF)
            1000 section alignment
             200 file alignment
            5.02 operating system version
            0.00 image version
            5.02 subsystem version
               0 Win32 version
           27000 size of image
             400 size of headers
           30E81 checksum
               2 subsystem (Windows GUI)
            8000 DLL characteristics
                   Terminal Server Aware
          100000 size of stack reserve
            1000 size of stack commit
          100000 size of heap reserve
            1000 size of heap commit
               0 loader flags
              10 number of directories
               0 [       0] RVA [size] of Export Directory
           1C000 [      78] RVA [size] of Import Directory
           26000 [     3C8] RVA [size] of Resource Directory
           1B000 [     CCC] RVA [size] of Exception Directory
               0 [       0] RVA [size] of Certificates Directory
               0 [       0] RVA [size] of Base Relocation Directory
           128A0 [      1C] RVA [size] of Debug Directory
               0 [       0] RVA [size] of Architecture Directory
               0 [       0] RVA [size] of Global Pointer Directory
               0 [       0] RVA [size] of Thread Storage Directory
               0 [       0] RVA [size] of Load Configuration Directory
               0 [       0] RVA [size] of Bound Import Directory
           1D690 [    1618] RVA [size] of Import Address Table Directory
               0 [       0] RVA [size] of Delay Import Directory
               0 [       0] RVA [size] of COM Descriptor Directory
               0 [       0] RVA [size] of Reserved Directory


SECTION HEADER #1
   .text name
   104EA virtual size
    1000 virtual address (0000000140001000 to 00000001400114E9)
   10600 size of raw data
     400 file pointer to raw data (00000400 to 000109FF)
       0 file pointer to relocation table
       0 file pointer to line numbers
       0 number of relocations
       0 number of line numbers
60000020 flags
         Code
         Execute Read

SECTION HEADER #2
  .rdata name
    751A virtual size
   12000 virtual address (0000000140012000 to 0000000140019519)
    7600 size of raw data
   10A00 file pointer to raw data (00010A00 to 00017FFF)
       0 file pointer to relocation table
       0 file pointer to line numbers
       0 number of relocations
       0 number of line numbers
40000040 flags
         Initialized Data
         Read Only

  Debug Directories

        Time Type       Size      RVA  Pointer
    -------- ------ -------- -------- --------
    4D11760A cv           48 00015988    14388    Format: RSDS, {F7C66A74-9619-4825-B8B1-FF00031514CF}, 1, c:\qt-src-471-64bit\demos\books\debug\books.pdb

SECTION HEADER #3
   .data name
     7F0 virtual size
   1A000 virtual address (000000014001A000 to 000000014001A7EF)
     800 size of raw data
   18000 file pointer to raw data (00018000 to 000187FF)
       0 file pointer to relocation table
       0 file pointer to line numbers
       0 number of relocations
       0 number of line numbers
C0000040 flags
         Initialized Data
         Read Write

SECTION HEADER #4
  .pdata name
     F3C virtual size
   1B000 virtual address (000000014001B000 to 000000014001BF3B)
    1000 size of raw data
   18800 file pointer to raw data (00018800 to 000197FF)
       0 file pointer to relocation table
       0 file pointer to line numbers
       0 number of relocations
       0 number of line numbers
40000040 flags
         Initialized Data
         Read Only

SECTION HEADER #5
  .idata name
    9F4C virtual size
   1C000 virtual address (000000014001C000 to 0000000140025F4B)
    A000 size of raw data
   19800 file pointer to raw data (00019800 to 000237FF)
       0 file pointer to relocation table
       0 file pointer to line numbers
       0 number of relocations
       0 number of line numbers
C0000040 flags
         Initialized Data
         Read Write

SECTION HEADER #6
   .rsrc name
     3C8 virtual size
   26000 virtual address (0000000140026000 to 00000001400263C7)
     400 size of raw data
   23800 file pointer to raw data (00023800 to 00023BFF)
       0 file pointer to relocation table
       0 file pointer to line numbers
       0 number of relocations
       0 number of line numbers
40000040 flags
         Initialized Data
         Read Only

  Summary

        1000 .data
        A000 .idata
        1000 .pdata
        8000 .rdata
        1000 .rsrc
       11000 .text

Disclaimer:

The information provided in this document is intended for your information only. Lubby makes no claims to the validity of this information. Use of this information is at own risk!
Copyright © 2004-2011 Lubby (V3.0.10 Aug 2011)
Sponsored by Keskon.
Statistical information by Google Analytics