Trong Posted July 25, 2024 Posted July 25, 2024 Replacement function for _WinAPI_GetBinaryType() and _WinAPI_GetPEType() ! Using WinAPI depends on the version of Windows, so the results may not be accurate. So this UDF was born: expandcollapse popup#Region ;**** Directives created by AutoIt3Wrapper_GUI **** #AutoIt3Wrapper_UseX64=y #EndRegion ;**** Directives created by AutoIt3Wrapper_GUI **** ; Eg: ConsoleWrite("-: " & _GetPeType("C:\Windows\System32\winver.exe") & " - Extended: " & @extended & " > Is_x64_Exe: " & _Is_x64_Exe("C:\Windows\System32\winver.exe") & @CRLF) ConsoleWrite("-: " & _GetPeType("C:\Windows\SysWOW64\winver.exe") & " - Extended: " & @extended & " > Is_x32_Exe: " & _Is_x32_Exe("C:\Windows\SysWOW64\winver.exe") & @CRLF) ConsoleWrite("-: " & _GetPeType("C:\Program Files\Microsoft Visual Studio\2022\VC\Tools\MSVC\14.40.33807\bin\arm64\pgosweep.exe") & " - Extended: " & @extended & " > Is_x64Arm_Exe: " & _Is_x64Arm_Exe("C:\Program Files\Microsoft Visual Studio\2022\VC\Tools\MSVC\14.40.33807\bin\arm64\pgosweep.exe") & @CRLF) Func _Is_x64_Exe($sPath) Local $peTYPE = _GetPeType($sPath) If ((@extended = 1) Or ($peTYPE = 'AMD64')) Then Return 1 Return 0 EndFunc ;==>_Is_x64_Exe Func _Is_x32_Exe($sPath) Local $peTYPE = _GetPeType($sPath) If ((@extended = 2) Or ($peTYPE = 'I386')) Then Return 1 Return 0 EndFunc ;==>_Is_x32_Exe Func _Is_x64Arm_Exe($sPath) Local $peTYPE = _GetPeType($sPath) If ((@extended = 3) Or ($peTYPE = 'ARM64')) Then Return 1 Return 0 EndFunc ;==>_Is_x64Arm_Exe Func _GetPeType($peFilePath) ; Retrieves a type of the machine for the specified portable executable (PE) ; The return value is the architecture name ; @extendedis a custom number for architecture Local $hFile = FileOpen($peFilePath, 16) If ($hFile = -1) Then Return SetError(1, 0, '') ; File does not exist or No permission to open file! If BinaryToString(FileRead($hFile, 2)) <> "MZ" Then FileClose($hFile) Return SetError(2, 0, 0) ; Not a PE file. EndIf FileSetPos($hFile, 60, 0) ; Move to Windows PE Signature Offset location Local $peTYPE = FileRead($hFile, 4) FileSetPos($hFile, Number($peTYPE) + 4, 0) ; Move to Windows PE Header Offset $peTYPE = FileRead($hFile, 2) ; Read PE data FileClose($hFile) ;~ Local $sFileName = StringRegExpReplace($peFilePath, "^.*\\", "") ; Get File name with ext Switch $peTYPE Case '0x6486', '0x8664' Return SetError(0, 1, 'AMD64') ; AMD64 (K8) x64 64-bit Case '0x4C01', '0x014C' Return SetError(0, 2, 'I386') ; Intel 386 x86 32-bit Case '0x64AA', '0xAA64' Return SetError(0, 3, 'ARM64') ; ARM64 Little-Endian Case '0x0002', '0x0200' Return SetError(0, 4, 'IA64') ; Intel 64 Case '0xC201', '0x01C2' Return SetError(0, 5, 'THUMB') ; ARM Thumb/Thumb-2 Little-Endian Case '0xC401', '0x01C4' Return SetError(0, 6, 'ARMNT') ; ARM Thumb-2 Little-Endian Case '0x6201', '0x0162' Return SetError(0, 7, 'R3000') ; MIPS little-endian, 0x160 big-endian Case '0x6601', '0x0166' Return SetError(0, 8, 'R4000') ; MIPS little-endian Case '0x6801', '0x0168' Return SetError(0, 9, 'R10000') ; MIPS little-endian Case '0x6901', '0x0169' Return SetError(0, 10, 'WCEMIPSV2') ; MIPS little-endian WCE v2 Case '0x8401', '0x0184' Return SetError(0, 11, 'ALPHA') ; Alpha_AXP Case '0xA201', '0x01A2' Return SetError(0, 12, 'SH3') ; SH3 little-endian Case '0xA301', '0x01A3' Return SetError(0, 13, 'SH3DSP') ; SH3DSP Case '0xA401', '0x01A4' Return SetError(0, 14, 'SH3E') ; SH3E little-endian Case '0xA601', '0x01A6' Return SetError(0, 15, 'SH4') ; SH4 little-endian Case '0xA801', '0x01A8' Return SetError(0, 16, 'SH5') ; SH5 Case '0xC001', '0x01C0' Return SetError(0, 17, 'ARM') ; ARM Little-Endian Case '0xD301', '0x01D3' Return SetError(0, 18, 'AM33') ; TAM33BD Case '0xF001', '0x01F0' Return SetError(0, 19, 'POWERPC') ; IBM PowerPC Little-Endian Case '0xF101', '0x01F1' Return SetError(0, 20, 'POWERPCFP') ; POWERPCFP Case '0x6602', '0x0266' Return SetError(0, 21, 'MIPS16') ; MIPS Case '0x8402', '0x0284' Return SetError(0, 22, 'ALPHA64') ; ALPHA64 Case '0x6603', '0x0366' Return SetError(0, 23, 'MIPSFPU') ; MIPS Case '0x6604', '0x0466' Return SetError(0, 24, 'MIPSFPU16') ; MIPS Case '0x8402', '0x0284' Return SetError(0, 25, 'AXP64') ; AXP64 Case '0x2005', '0x0520' Return SetError(0, 26, 'TRICORE') ; Infineon Case '0xEF0C', '0x0CEF' Return SetError(0, 27, 'CEF') ; CEF Case '0xBC0E', '0x0EBC' Return SetError(0, 28, 'EBC') ; EFI Byte Code Case '0x4190', '0x9041' Return SetError(0, 29, 'M32R') ; M32R little-endian Case '0xEEC0', '0xC0EE' Return SetError(0, 30, 'CEE') ; CEE Case Else Return SetError(3, 0, '') ; Unknown EndSwitch Return SetError(3, -1, '') EndFunc ;==>_GetPeType ; Dao Van Trong - TRONG.PRO Regards,
Andreik Posted July 25, 2024 Posted July 25, 2024 Can you give a specific example when _WinAPI_GetBinaryType() doesn't work?
Trong Posted July 25, 2024 Author Posted July 25, 2024 I tested the code on Windows XP and other Windows versions! Of course it doesn't return any results so I just wrote this function! ARM "This constant is available starting with Windows 7 and Windows Server 2008 R2." ARM64 Little-Endian "This constant is available starting with Windows 8.1 and Windows Server 2012 R2." https://learn.microsoft.com/en-us/windows/win32/sysinfo/image-file-machine-constants Regards,
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now