LKBEN10922: Howto find out if an executable (exe) is 64-bit or 32-bit on a Windows 64 bit system
Symptom
You need to know for sure if you are dealing with 64 are 32 programs
Cause
PE32 or PE32+ are not the same
Solution
You can use the dumpbin utility to show the headers of the PE (program executable) file. This will tell you exactly what kind of exe file you have.
Dumpbin is delivered with visual studio and needs to be in your searchpath.
e.g.:
You are looking for the machine or magic line in the output.
Dumpbin /headers books.exe | findstr /i "machine magic"
8664 machine (x64)
20B magic # (PE32+)
A full dump of the information will show something like this:
Dumpbin /headers books.exe
Microsoft (R) COFF/PE Dumper Version 9.00.30729.01
Copyright (C) Microsoft Corporation. All rights reserved.
Dump of file books.exe
PE signature found
File Type: EXECUTABLE IMAGE
FILE HEADER VALUES
8664 machine (x64)
6 number of sections
4D11760A time date stamp Wed Dec 22 04:52:42 2010
0 file pointer to symbol table
0 number of symbols
F0 size of optional header
23 characteristics
Relocations stripped
Executable
Application can handle large (>2GB) addresses
OPTIONAL HEADER VALUES
20B magic # (PE32+)
9.00 linker version
10600 size of code
13200 size of initialized data
0 size of uninitialized data
9A00 entry point (0000000140009A00) WinMainCRTStartup
1000 base of code
140000000 image base (0000000140000000 to 0000000140026FFF)
1000 section alignment
200 file alignment
5.02 operating system version
0.00 image version
5.02 subsystem version
0 Win32 version
27000 size of image
400 size of headers
30E81 checksum
2 subsystem (Windows GUI)
8000 DLL characteristics
Terminal Server Aware
100000 size of stack reserve
1000 size of stack commit
100000 size of heap reserve
1000 size of heap commit
0 loader flags
10 number of directories
0 [ 0] RVA [size] of Export Directory
1C000 [ 78] RVA [size] of Import Directory
26000 [ 3C8] RVA [size] of Resource Directory
1B000 [ CCC] RVA [size] of Exception Directory
0 [ 0] RVA [size] of Certificates Directory
0 [ 0] RVA [size] of Base Relocation Directory
128A0 [ 1C] RVA [size] of Debug Directory
0 [ 0] RVA [size] of Architecture Directory
0 [ 0] RVA [size] of Global Pointer Directory
0 [ 0] RVA [size] of Thread Storage Directory
0 [ 0] RVA [size] of Load Configuration Directory
0 [ 0] RVA [size] of Bound Import Directory
1D690 [ 1618] RVA [size] of Import Address Table Directory
0 [ 0] RVA [size] of Delay Import Directory
0 [ 0] RVA [size] of COM Descriptor Directory
0 [ 0] RVA [size] of Reserved Directory
SECTION HEADER #1
.text name
104EA virtual size
1000 virtual address (0000000140001000 to 00000001400114E9)
10600 size of raw data
400 file pointer to raw data (00000400 to 000109FF)
0 file pointer to relocation table
0 file pointer to line numbers
0 number of relocations
0 number of line numbers
60000020 flags
Code
Execute Read
SECTION HEADER #2
.rdata name
751A virtual size
12000 virtual address (0000000140012000 to 0000000140019519)
7600 size of raw data
10A00 file pointer to raw data (00010A00 to 00017FFF)
0 file pointer to relocation table
0 file pointer to line numbers
0 number of relocations
0 number of line numbers
40000040 flags
Initialized Data
Read Only
Debug Directories
Time Type Size RVA Pointer
-------- ------ -------- -------- --------
4D11760A cv 48 00015988 14388 Format: RSDS, {F7C66A74-9619-4825-B8B1-FF00031514CF}, 1, c:\qt-src-471-64bit\demos\books\debug\books.pdb
SECTION HEADER #3
.data name
7F0 virtual size
1A000 virtual address (000000014001A000 to 000000014001A7EF)
800 size of raw data
18000 file pointer to raw data (00018000 to 000187FF)
0 file pointer to relocation table
0 file pointer to line numbers
0 number of relocations
0 number of line numbers
C0000040 flags
Initialized Data
Read Write
SECTION HEADER #4
.pdata name
F3C virtual size
1B000 virtual address (000000014001B000 to 000000014001BF3B)
1000 size of raw data
18800 file pointer to raw data (00018800 to 000197FF)
0 file pointer to relocation table
0 file pointer to line numbers
0 number of relocations
0 number of line numbers
40000040 flags
Initialized Data
Read Only
SECTION HEADER #5
.idata name
9F4C virtual size
1C000 virtual address (000000014001C000 to 0000000140025F4B)
A000 size of raw data
19800 file pointer to raw data (00019800 to 000237FF)
0 file pointer to relocation table
0 file pointer to line numbers
0 number of relocations
0 number of line numbers
C0000040 flags
Initialized Data
Read Write
SECTION HEADER #6
.rsrc name
3C8 virtual size
26000 virtual address (0000000140026000 to 00000001400263C7)
400 size of raw data
23800 file pointer to raw data (00023800 to 00023BFF)
0 file pointer to relocation table
0 file pointer to line numbers
0 number of relocations
0 number of line numbers
40000040 flags
Initialized Data
Read Only
Summary
1000 .data
A000 .idata
1000 .pdata
8000 .rdata
1000 .rsrc
11000 .text
Disclaimer:
The information provided in this document is intended for your information only. Lubby makes no claims to the validity of this information. Use of this information is at own risk!About the Author
Author: - Keskon GmbH & Co. KG
Wim Peeters is electronics engineer with an additional master in IT and over 30 years of experience, including time spent in support, development, consulting, training and database administration. Wim has worked with SQL Server since version 6.5. He has developed in C/C++, Java and C# on Windows and Linux. He writes knowledge base articles to solve IT problems and publishes them on the Lubby Knowledge Platform.