2013年9月3日 星期二

PE檔案格式抓出支援x86平台或x64平台

有時候想區分exe或dll檔是x86或x64時,往往不知道該怎麼做,最近剛好有個機會對PE文件格式作揖簡單的了解,接下來就點簡單說明相關內容。
區分檔案是支援x86平台或x64平台,可參考以下程式碼:
int GetImageFileMachine(char* lpFileName)  
{  
 IMAGE_DOS_HEADER idh;
 IMAGE_FILE_HEADER ifh;
 FILE *f = fopen(lpFileName, "rb");
 
 fread(&idh, sizeof(idh), 1, f);  
 fseek(f, idh.e_lfanew + 4, SEEK_SET);
 fread(&ifh, sizeof(ifh), 1, f);
 fclose(f);
 
 return ifh.Machine;
}

void CheckMachineType()
{
 int nchineType = GetImageFileMachine("C:\\RemoteDebug\\Test\\Debug\\Test.exe");
 switch(nchineType)
 {
  case IMAGE_FILE_MACHINE_I386:  
   printf("The tool is x86\n");  
   break;

  case IMAGE_FILE_MACHINE_IA64:  
   printf("The tool is IA64\n"); 
   break;

  case IMAGE_FILE_MACHINE_AMD64: 
   printf("The tool is x64\n");  
   break;
 }
}
其他Platform的數值定義如下,或參考VC的WinNT.h
#define IMAGE_FILE_MACHINE_UNKNOWN           0
#define IMAGE_FILE_MACHINE_I386              0x014c  // Intel 386.
#define IMAGE_FILE_MACHINE_R3000             0x0162  // MIPS little-endian, 0x160 big-endian
#define IMAGE_FILE_MACHINE_R4000             0x0166  // MIPS little-endian
#define IMAGE_FILE_MACHINE_R10000            0x0168  // MIPS little-endian
#define IMAGE_FILE_MACHINE_WCEMIPSV2         0x0169  // MIPS little-endian WCE v2
#define IMAGE_FILE_MACHINE_ALPHA             0x0184  // Alpha_AXP
#define IMAGE_FILE_MACHINE_SH3               0x01a2  // SH3 little-endian
#define IMAGE_FILE_MACHINE_SH3DSP            0x01a3
#define IMAGE_FILE_MACHINE_SH3E              0x01a4  // SH3E little-endian
#define IMAGE_FILE_MACHINE_SH4               0x01a6  // SH4 little-endian
#define IMAGE_FILE_MACHINE_SH5               0x01a8  // SH5
#define IMAGE_FILE_MACHINE_ARM               0x01c0  // ARM Little-Endian
#define IMAGE_FILE_MACHINE_THUMB             0x01c2
#define IMAGE_FILE_MACHINE_AM33              0x01d3
#define IMAGE_FILE_MACHINE_POWERPC           0x01F0  // IBM PowerPC Little-Endian
#define IMAGE_FILE_MACHINE_POWERPCFP         0x01f1
#define IMAGE_FILE_MACHINE_IA64              0x0200  // Intel 64
#define IMAGE_FILE_MACHINE_MIPS16            0x0266  // MIPS
#define IMAGE_FILE_MACHINE_ALPHA64           0x0284  // ALPHA64
#define IMAGE_FILE_MACHINE_MIPSFPU           0x0366  // MIPS
#define IMAGE_FILE_MACHINE_MIPSFPU16         0x0466  // MIPS
#define IMAGE_FILE_MACHINE_AXP64             IMAGE_FILE_MACHINE_ALPHA64
#define IMAGE_FILE_MACHINE_TRICORE           0x0520  // Infineon
#define IMAGE_FILE_MACHINE_CEF               0x0CEF
#define IMAGE_FILE_MACHINE_EBC               0x0EBC  // EFI Byte Code
#define IMAGE_FILE_MACHINE_AMD64             0x8664  // AMD64 (K8)
#define IMAGE_FILE_MACHINE_M32R              0x9041  // M32R little-endian
#define IMAGE_FILE_MACHINE_CEE               0xC0EE

沒有留言:

張貼留言