On Windows, the executables are either EXE or DLL (sometimes OCX). We can programmatically tell if the executable is a 32-bit (x86) or 64-bit (x64) by looking into its PE header signature.
In VBScript, we can call CreateObject method to invoke the COM library. Here we use the ADODB.Stream to Read a File in binary stream. Then, we need to read a few bytes from the file header.
The AscB in Vbscript returns the first byte of given string. And the MidB will return a range of bytes in the middle.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 | Function GetPlatformForExeOrDLL(File) Set BinaryStream = CreateObject("ADODB.Stream") BinaryStream.Type = 1 BinaryStream.Open On Error Resume Next BinaryStream.LoadFromFile File If err.number <> 0 Then GetPlatformForExeOrDLL = "" Exit Function End If On Error Goto 0 skip = BinaryStream.Read(&H3C) positionSignature = BinaryStream.Read(4) strPosition="" For lngCounter = 0 to UBound(positionSignature) car= Ascb(Midb(positionSignature, lngCounter + 1, 1)) s = Hex(car) If Len(s) = 1 Then s = "0" & s End If strPosition = s & strPosition Next positionSignature = CInt("&H" & strPosition) BinaryStream.Position = positionSignature arr_signature = BinaryStream.Read(6) signature = "" For lngCounter = 0 to UBound(arr_signature) car= AscB(Midb(arr_signature, lngCounter + 1, 1)) s = Hex(car) If Len(s) = 1 Then s = "0" & s End If signature = signature & s Next BinaryStream.Close If signature = "504500004C01" Then GetPlatformForExeOrDLL = "x86" ElseIf signature = "504500006486" Then GetPlatformForExeOrDLL = "x64" End If End Function |
Function GetPlatformForExeOrDLL(File)
Set BinaryStream = CreateObject("ADODB.Stream")
BinaryStream.Type = 1
BinaryStream.Open
On Error Resume Next
BinaryStream.LoadFromFile File
If err.number <> 0 Then
GetPlatformForExeOrDLL = ""
Exit Function
End If
On Error Goto 0
skip = BinaryStream.Read(&H3C)
positionSignature = BinaryStream.Read(4)
strPosition=""
For lngCounter = 0 to UBound(positionSignature)
car= Ascb(Midb(positionSignature, lngCounter + 1, 1))
s = Hex(car)
If Len(s) = 1 Then
s = "0" & s
End If
strPosition = s & strPosition
Next
positionSignature = CInt("&H" & strPosition)
BinaryStream.Position = positionSignature
arr_signature = BinaryStream.Read(6)
signature = ""
For lngCounter = 0 to UBound(arr_signature)
car= AscB(Midb(arr_signature, lngCounter + 1, 1))
s = Hex(car)
If Len(s) = 1 Then
s = "0" & s
End If
signature = signature & s
Next
BinaryStream.Close
If signature = "504500004C01" Then
GetPlatformForExeOrDLL = "x86"
ElseIf signature = "504500006486" Then
GetPlatformForExeOrDLL = "x64"
End If
End FunctionThe Magik numbers we are looking for are: 504500004C01 for x86 platform and 504500006486 for x64 platform. If neither are found, it is unlikely a valid windows DLL or EXE file.
Example usage:
1 2 3 4 | ' x64 WScript.Echo GetPlatformForExeOrDLL("C:\Windows\System32\cmd.exe") ' x86 WScript.Echo GetPlatformForExeOrDLL("C:\Windows\SysWow64\cmd.exe") |
' x64
WScript.Echo GetPlatformForExeOrDLL("C:\Windows\System32\cmd.exe")
' x86
WScript.Echo GetPlatformForExeOrDLL("C:\Windows\SysWow64\cmd.exe")
vbscript
–EOF (The Ultimate Computing & Technology Blog) —
GD Star Rating
loading...
363 wordsloading...
Last Post: C++: How to Iterate the Elements over the Sets (set, unordered_set, multiset, unordered_multiset)
Next Post: Iterative and Recursion Algorithms to Compute the Number of Steps to Reduce a Number to Zero
