StackOverflow2013

Note that there are some explanatory texts on larger screens.

plurals

PO
primarykey
Id
495305
data
AcceptedAnswerId
0
AnswerCount
0
ClosedDate
CommentCount
10
CommunityOwnedDate
CreationDate
2009-01-30T12:06:36.607
FavoriteCount
0
LastActivityDate
2018-01-29T08:48:33.720
LastEditDate
2018-01-29T08:48:33.720
LastEditorUserId
995714
OwnerUserId
6521
ParentId
495244
PostTypeId
2
Score
96
ViewCount
0
LastEditorDisplayName
Paul Dixon
text
Body
<h2>Gory details</h2> <p>A DLL uses the PE executable format, and it's not too tricky to read that information out of the file.</p> <p>See this <a href="http://reversingproject.info/wp-content/uploads/2009/05/an_in-depth_look_into_the_win32_portable_executable_file_format_part_1.pdf" rel="noreferrer">MSDN article on the PE File Format</a> for an overview. You need to read the MS-DOS header, then read the <a href="http://msdn.microsoft.com/en-us/library/ms680336(VS.85).aspx" rel="noreferrer">IMAGE_NT_HEADERS</a> structure. This contains the <a href="http://msdn.microsoft.com/en-us/library/ms680313(VS.85).aspx" rel="noreferrer">IMAGE_FILE_HEADER</a> structure which contains the info you need in the Machine member which contains one of the following values</p> <ul> <li>IMAGE_FILE_MACHINE_I386 (0x014c)</li> <li>IMAGE_FILE_MACHINE_IA64 (0x0200)</li> <li>IMAGE_FILE_MACHINE_AMD64 (0x8664)</li> </ul> <p>This information should be at a fixed offset in the file, but I'd still recommend traversing the file and checking the signature of the MS-DOS header and the IMAGE_NT_HEADERS to be sure you cope with any future changes. </p> <h2>Use ImageHelp to read the headers...</h2> <p>You can also use the <a href="http://msdn.microsoft.com/en-us/library/ms680321(VS.85).aspx" rel="noreferrer">ImageHelp API</a> to do this - load the DLL with <a href="http://msdn.microsoft.com/en-us/library/ms680209(VS.85).aspx" rel="noreferrer">LoadImage</a> and you'll get a <a href="http://msdn.microsoft.com/en-us/library/ms680349(VS.85).aspx" rel="noreferrer">LOADED_IMAGE</a> structure which will contain a pointer to an IMAGE_NT_HEADERS structure. Deallocate the LOADED_IMAGE with ImageUnload.</p> <h2>...or adapt this rough Perl script</h2> <p>Here's rough Perl script which gets the job done. It checks the file has a DOS header, then reads the PE offset from the IMAGE_DOS_HEADER 60 bytes into the file.</p> <p>It then seeks to the start of the PE part, reads the signature and checks it, and then extracts the value we're interested in.</p> <pre class="lang-perl prettyprint-override"><code>#!/usr/bin/perl # # usage: petype <exefile> # $exe = $ARGV[0]; open(EXE, $exe) or die "can't open $exe: $!"; binmode(EXE); if (read(EXE, $doshdr, 64)) { ($magic,$skip,$offset)=unpack('a2a58l', $doshdr); die("Not an executable") if ($magic ne 'MZ'); seek(EXE,$offset,SEEK_SET); if (read(EXE, $pehdr, 6)){ ($sig,$skip,$machine)=unpack('a2a2v', $pehdr); die("No a PE Executable") if ($sig ne 'PE'); if ($machine == 0x014c){ print "i386\n"; } elsif ($machine == 0x0200){ print "IA64\n"; } elsif ($machine == 0x8664){ print "AMD64\n"; } else{ printf("Unknown machine type 0x%lx\n", $machine); } } } close(EXE); </code></pre>
Tags
Title
singulars
PostAcceptedAnswerId
1. This table or related slice is empty.
PostParentId
1. POHow can I test a Windows DLL file to determine if it is 32 bit or 64 bit?
  singulars
  PostTypePostTypeId
  PTQuestion
PostTypePostTypeId
1. PTAnswer
UserLastEditorUserId
1. USphuclv
UserOwnerUserId
1. USPaul Dixon
plurals
PostLinksPostIdRelatedPostId
1. This table or related slice is empty.
PostLinksRelatedPostIdPostId
1. This table or related slice is empty.
PostsAcceptedAnswerId
1. POHow can I test a Windows DLL file to determine if it is 32 bit or 64 bit?
  singulars
  PostTypePostTypeId
  PTQuestion
PostsParentIdCreationDate
1. This table or related slice is empty.
VotesPostIdCreationDate
1. VO
  singulars
  PostPostId
  PO
  UserUserId
  This table or related slice is empty.
  VoteTypeVoteTypeId
  VTUpMod
2. VO
  singulars
  PostPostId
  PO
  UserUserId
  This table or related slice is empty.
  VoteTypeVoteTypeId
  VTUpMod
3. VO
  singulars
  PostPostId
  PO
  UserUserId
  This table or related slice is empty.
  VoteTypeVoteTypeId
  VTUpMod
CommentsPostId
1. This table or related slice is empty.

Querying!

Guidance

A row detail

Detail views are divided into sections. All the information in the data section comes from columns in the selected row. The other sections display data from other, related rows.

Related data can be related in a to-one or a to-many fashion. Captions of data related in a to-many fashion link to a list view showing a filtered view of the table.

Try moving around until you find a non-empty to-many entry and click on the label to get to one. You can move back to the root by clicking on the database name in the header.