読者です 読者をやめる 読者になる 読者になる

The Grimoire of Nonsense

個人的なメモを残すブログ

実行ファイルがx86用かx64用かを調べる

VC用ツールのパスを通してから

dumpbin /headers (調べたいexeファイル)

のコマンドを実行する。
FILE HEADER VALUESのmachineがx86x64で判別する。

以下実行例

C:\Users\Selon\Desktop>dumpbin /headers test.exe
Microsoft (R) COFF/PE Dumper Version 12.00.31101.0
Copyright (C) Microsoft Corporation.  All rights reserved.


Dump of file test.exe

PE signature found

File Type: EXECUTABLE IMAGE

FILE HEADER VALUES
            8664 machine (x64)
               5 number of sections
        55942BF1 time date stamp Thu Jul 02 03:05:37 2015
               0 file pointer to symbol table
               0 number of symbols
              F0 size of optional header
              22 characteristics
                   Executable
                   Application can handle large (>2GB) addresses

OPTIONAL HEADER VALUES
             20B magic # (PE32+)
           12.00 linker version
            AA00 size of code
            AE00 size of initialized data
               0 size of uninitialized data
            11B0 entry point (00000001400011B0)
            1000 base of code
       140000000 image base (0000000140000000 to 0000000140018FFF)
            1000 section alignment
             200 file alignment
            6.00 operating system version
            0.00 image version
            6.00 subsystem version
               0 Win32 version
           19000 size of image
             400 size of headers
               0 checksum
               3 subsystem (Windows CUI)
            8160 DLL characteristics
                   High Entropy Virtual Addresses
                   Dynamic base
                   NX compatible
                   Terminal Server Aware
          100000 size of stack reserve
            1000 size of stack commit
          100000 size of heap reserve
            1000 size of heap commit
               0 loader flags
              10 number of directories
               0 [       0] RVA [size] of Export Directory
           11B48 [      28] RVA [size] of Import Directory
               0 [       0] RVA [size] of Resource Directory
           17000 [     894] RVA [size] of Exception Directory
               0 [       0] RVA [size] of Certificates Directory
           18000 [     528] RVA [size] of Base Relocation Directory
               0 [       0] RVA [size] of Debug Directory
               0 [       0] RVA [size] of Architecture Directory
               0 [       0] RVA [size] of Global Pointer Directory
               0 [       0] RVA [size] of Thread Storage Directory
           112B0 [      70] RVA [size] of Load Configuration Directory
               0 [       0] RVA [size] of Bound Import Directory
            C000 [     200] RVA [size] of Import Address Table Directory
               0 [       0] RVA [size] of Delay Import Directory
               0 [       0] RVA [size] of COM Descriptor Directory
               0 [       0] RVA [size] of Reserved Directory


SECTION HEADER #1
   .text name
    A8EB virtual size
    1000 virtual address (0000000140001000 to 000000014000B8EA)
    AA00 size of raw data
     400 file pointer to raw data (00000400 to 0000ADFF)
       0 file pointer to relocation table
       0 file pointer to line numbers
       0 number of relocations
       0 number of line numbers
60000020 flags
         Code
         Execute Read

SECTION HEADER #2
  .rdata name
    6216 virtual size
    C000 virtual address (000000014000C000 to 0000000140012215)
    6400 size of raw data
    AE00 file pointer to raw data (0000AE00 to 000111FF)
       0 file pointer to relocation table
       0 file pointer to line numbers
       0 number of relocations
       0 number of line numbers
40000040 flags
         Initialized Data
         Read Only

SECTION HEADER #3
   .data name
    3980 virtual size
   13000 virtual address (0000000140013000 to 000000014001697F)
    1600 size of raw data
   11200 file pointer to raw data (00011200 to 000127FF)
       0 file pointer to relocation table
       0 file pointer to line numbers
       0 number of relocations
       0 number of line numbers
C0000040 flags
         Initialized Data
         Read Write

SECTION HEADER #4
  .pdata name
     894 virtual size
   17000 virtual address (0000000140017000 to 0000000140017893)
     A00 size of raw data
   12800 file pointer to raw data (00012800 to 000131FF)
       0 file pointer to relocation table
       0 file pointer to line numbers
       0 number of relocations
       0 number of line numbers
40000040 flags
         Initialized Data
         Read Only

SECTION HEADER #5
  .reloc name
     528 virtual size
   18000 virtual address (0000000140018000 to 0000000140018527)
     600 size of raw data
   13200 file pointer to raw data (00013200 to 000137FF)
       0 file pointer to relocation table
       0 file pointer to line numbers
       0 number of relocations
       0 number of line numbers
42000040 flags
         Initialized Data
         Discardable
         Read Only

  Summary

        4000 .data
        1000 .pdata
        7000 .rdata
        1000 .reloc
        B000 .text