检查当前可执行文件是否为64位的工具
很多时候我们经常发现拿到手的某个EXE或者EFI文件无法执行,出现的错误信息也很少,无法得知是因为文件损坏还是这个程序只能在64位Windows下运行。
因此编写了一个简单的工具用来检查EXE或者EFI程序是否是64位的。
用法很简单:直接拖拽到cc64.exe 上或者在命令行下用 cc64 文件名来运行。
原理上是分析PE结构,Machine Types 字段,有如下定义
Constant Value Description
IMAGE_FILE_MACHINE_UNKNOWN 0x0 The contents of this field are assumed to be applicable to any machine type
IMAGE_FILE_MACHINE_AM33 0x1d3 Matsushita AM33
IMAGE_FILE_MACHINE_AMD64 0x8664 x64 《----------------- 64 bit
IMAGE_FILE_MACHINE_ARM 0x1c0 ARM little endian
IMAGE_FILE_MACHINE_ARMV7 0x1c4 ARMv7 (or higher) Thumb mode only
IMAGE_FILE_MACHINE_EBC 0xebc EFI byte code
IMAGE_FILE_MACHINE_I386 0x14c Intel 386 or later processors and compatible processors《----------- 32 bit
IMAGE_FILE_MACHINE_IA64 0x200 Intel Itanium processor family 《----------- 64 bit
IMAGE_FILE_MACHINE_M32R 0x9041 Mitsubishi M32R little endian
IMAGE_FILE_MACHINE_MIPS16 0x266 MIPS16
IMAGE_FILE_MACHINE_MIPSFPU 0x366 MIPS with FPU
IMAGE_FILE_MACHINE_MIPSFPU16 0x466 MIPS16 with FPU
IMAGE_FILE_MACHINE_POWERPC 0x1f0 Power PC little endian
IMAGE_FILE_MACHINE_POWERPCFP 0x1f1 Power PC with floating point support
IMAGE_FILE_MACHINE_R4000 0x166 MIPS little endian
IMAGE_FILE_MACHINE_SH3 0x1a2 Hitachi SH3
IMAGE_FILE_MACHINE_SH3DSP 0x1a3 Hitachi SH3 DSP
IMAGE_FILE_MACHINE_SH4 0x1a6 Hitachi SH4
IMAGE_FILE_MACHINE_SH5 0x1a8 Hitachi SH5
IMAGE_FILE_MACHINE_THUMB 0x1c2 ARM or Thumb (“interworking”)
IMAGE_FILE_MACHINE_WCEMIPSV2 0x169 MIPS little-endian WCE v2
64Bit .EXE and .EFI file checking utilty
This is autility which can be use to check if a EXE or EFI is a64bit image.
Usage: Drag and drop the file to this utilty in Windows file manager or run cc64 filename in the console window.
It will check the PE header when running. In the Machine type of PE header, you can find the the specified CPU that the PE image can be run.
www.lab-z.com
zoologist
2013-03-28