Retrieving the version of an exe\dll

[Vortex]

Here is a command line tool to get the version of the an exe\dll.

Tested on Windows 7 Sp1 :

Code Select Expand

GetFileVersion.exe C:\Windows\System32\ntdll.dll
6.1.7601.24545

[John Z]

Thanks Vortex,

Tested in WIN 11 23H2 - works but gives different answer, previously looking at file details in windows explorer I got 10.0.2261.4541 (attached screen shot) similar but different 

C:\Users\John\Downloads>GetFileVersion.exe C:\Windows\System32\ntdll.dll
6.2.22621.4541

John Z

[TimoVJL]

Check C:\windows\SysWOW64\ntdll.dll with Explorer, as 32-bit app find it.

C version of GetVersionInfo for testing :
GetVersionInfo()
AddInLoad, Add-In loader

[John Z]

SysWOW64 result

C:\Users\John\Downloads>GetFileVersion.exe C:\Windows\SysWOW64\\ntdll.dll
6.2.22621.4541
C:\Users\John\Downloads>

Still different 10.0.22621.4541 but similar...

John Z

[Vortex]

Hello,

On my computer at work ( Windows 11 2024 H2 ) :

Code Select Expand

Microsoft Windows [Version 10.0.26100.2605]

C:\>GetFileVersion.exe C:\Windows\System32\ntdll.dll
6.2.26100.2605
C:\>GetFileVersion.exe C:\Windows\SysWOW64\ntdll.dll
6.2.26100.2605

I guess the first step, retrieving the version of  C:\Windows\System32\ntdll.dll is redirected to C:\Windows\SysWOW64\ntdll.dll

[HellOfMice]

Windows Button + R and enter Winver

[Vortex]

Hi Philippe,

The tool is intended to get the version of an executable, not the version of the operating system.

[TimoVJL]

In Windows 10 x64 i got this from ntdll.dll

Code Select Expand

10.0.19041.3996
If someone prefer C

Code Select Expand

#define WIN32_LEAN_AND_MEAN
#include <windows.h>
#include <stdio.h>

#pragma comment(lib, "version.lib")

// __declspec(dllimport) int __cdecl printf(char *, ...); // for msvcrt.dll

int __cdecl main(int argc, char **argv)
{
VS_FIXEDFILEINFO *pffi;
BYTE bData[2048]; // just enough
DWORD dwSize = GetFileVersionInfoSize(argv[1], NULL);
if (dwSize) {
DWORD dwLen;
GetFileVersionInfo(argv[1], 0, dwSize, &bData);
VerQueryValue(&bData, "\\", (VOID*)&pffi,&dwLen);
// not using HIWORD, LOWORD
printf("%d.%d.%d.%d\n", pffi->dwFileVersionMS >> 16, pffi->dwFileVersionMS & 0xFFFF,
pffi->dwFileVersionLS >> 16, pffi->dwFileVersionLS & 0xFFFF);
}
return 0;
}


[HellOfMice]

Hello Vortex,


Sorry I misunderstood


PhR

[Vortex]

Hi Philippe,

No worries, it's OK.

Hi Timo,

Thanks for your code.

[HellOfMice]

Have you tried by looking at into the Resources directory into the PE file?

[TimoVJL]

Not so easy to read from there, i prefer Win32 API functions 

Code Select Expand

pFile  00 01 02 03 04 05 06 07  08 09 0A 0B 0C 0D 0E 0F Value           
000DE6F0 8C 03 34 00 00 00 56 00  53 00 5F 00 56 00 45 00 Œ.4...V.S._.V.E.
000DE700 52 00 53 00 49 00 4F 00  4E 00 5F 00 49 00 4E 00 R.S.I.O.N._.I.N.
000DE710 46 00 4F 00 00 00 00 00  BD 04 EF FE 00 00 01 00 F.O.....½.ïþ....
000DE720 01 00 06 00 E1 5F B1 1D  01 00 06 00 E1 5F B1 1D ....á_±.....á_±.
000DE730 3F 00 00 00 00 00 00 00  04 00 04 00 02 00 00 00 ?...............
000DE740 00 00 00 00 00 00 00 00  00 00 00 00 EA 02 00 00 ............ê...
000DE750 01 00 53 00 74 00 72 00  69 00 6E 00 67 00 46 00 ..S.t.r.i.n.g.F.
000DE760 69 00 6C 00 65 00 49 00  6E 00 66 00 6F 00 00 00 i.l.e.I.n.f.o...
000DE770 C6 02 00 00 01 00 30 00  34 00 30 00 39 00 30 00 Æ.....0.4.0.9.0.
000DE780 34 00 42 00 30 00 00 00  4C 00 16 00 01 00 43 00 4.B.0...L.....C.
000DE790 6F 00 6D 00 70 00 61 00  6E 00 79 00 4E 00 61 00 o.m.p.a.n.y.N.a.
000DE7A0 6D 00 65 00 00 00 00 00  4D 00 69 00 63 00 72 00 m.e.....M.i.c.r.
000DE7B0 6F 00 73 00 6F 00 66 00  74 00 20 00 43 00 6F 00 o.s.o.f.t. .C.o.
000DE7C0 72 00 70 00 6F 00 72 00  61 00 74 00 69 00 6F 00 r.p.o.r.a.t.i.o.
000DE7D0 6E 00 00 00 42 00 0D 00  01 00 46 00 69 00 6C 00 n...B.....F.i.l.


[Vortex]

I agree with Timo, the API function GetFileVersionInfo should do the job.

[Vortex]

File version information with Powershell :

Code Select Expand

(Get-Command C:\windows\system32\ntdll.dll).FileVersionInfo

Code Select Expand

.FileVersion
6.1.7600.16385 (win7_rtm.090713-1255)