本文介绍了检测 exe 32/64 位的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

如何手动[无需任何额外脚本/程序]查看 Windows 可执行文件是否为 32/64 位?

How do I manually [without any extra scripts/programs] see if a Windows executable is 32/64 bit?

我环顾四周,找到了应该是我的答案.据我了解,在 60 字节处,应该会出现以下数字.

I have been looking around and found what should have been my answer.At 60 bytes in, the numbers below is suppose to appear, as far as I understand.

I386 0x014c

I386 0x014c

IA64 0x0200

IA64 0x0200

AMD64 0x8664

AMD64 0x8664

跳转到PE偏移后,仍然没有看到机器类型.我做了一个 Find &没有看到任何匹配[除非由于某种原因接近底部].64 86 06 00 不在上面的列表中,所以我不知道我做错了什么.

After jumping to the PE offset, I still did not see the machine type. I did a Find & did not see any matches [unless its near the bottom for some reason].64 86 06 00 is not in the list above, so I dont know what I am doing wrong.

    Notepad.exe (64bit)

4D 5A 90 00 03 00 00 00 04 00 00 00 FF FF 00 00
B8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 E8 00 00 00
0E 1F BA 0E 00 B4 09 CD 21 B8 01 4C CD 21 54 68
69 73 20 70 72 6F 67 72 61 6D 20 63 61 6E 6E 6F
74 20 62 65 20 72 75 6E 20 69 6E 20 44 4F 53 20
6D 6F 64 65 2E 0D 0D 0A 24 00 00 00 00 00 00 00
83 C2 32 29 C7 A3 5C 7A C7 A3 5C 7A C7 A3 5C 7A
CE DB D8 7A C6 A3 5C 7A CE DB C9 7A C5 A3 5C 7A
CE DB CF 7A DA A3 5C 7A C7 A3 5D 7A 33 A3 5C 7A
CE DB DF 7A D3 A3 5C 7A CE DB D5 7A CC A3 5C 7A
CE DB C8 7A C6 A3 5C 7A CE DB CD 7A C6 A3 5C 7A
52 69 63 68 C7 A3 5C 7A 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 50 45 00 00 64 86 06 00 <--
B3 C9 5B 4A 00 00 00 00 00 00 00 00 F0 00 22 00
0B 02 09 00 00 A8 00 00 00 58 02 00 00 00 00 00
70 35 00 00 00 10 00 00 00 00 00 00 01 00 00 00
00 10 00 00 00 02 00 00 06 00 01 00 06 00 01 00
06 00 01 00 00 00 00 00 00 50 03 00 00 06 00 00
49 E7 03 00 02 00 40 81 00 00 08 00 00 00 00 00
00 10 01 00 00 00 00 00 00 00 10 00 00 00 00 00
00 10 00 00 00 00 00 00 00 00 00 00 10 00 00 00
00 00 00 00 00 00 00 00 F8 CF 00 00 2C 01 00 00
00 40 01 00 60 F1 01 00 00 30 01 00 B4 06 00 00
00 00 00 00 00 00 00 00 00 40 03 00 B8 00 00 00
10 B7 00 00 38 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 E0 02 00 00 38 01 00 00
00 C0 00 00 F0 07 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
2E 74 65 78 74 00 00 00 70 A7 00 00 00 10 00 00
00 A8 00 00 00 06 00 00 00 00 00 00 00 00 00 00

推荐答案

出现的 60 字节不是机器类型,而是 PE 头的偏移量.(在本例中,0x00000100:256 个字节.)PE 标头开始:'P', 'E', 00, 00.后面是机器类型.

What appears 60 bytes in isn't the machine type but the offset of the PE header. (In this case, 0x00000100: 256 bytes.) The PE header begins: 'P', 'E', 00, 00. What comes after that is the machine type.

这篇关于检测 exe 32/64 位的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!

08-21 19:24