Modified version of the original BCX output, the code below displays the type of an executable. It's recommended to compile the code as 64-bit :
#include <stdio.h>
#include <windows.h>
#define GET(A,B,C)fread((B),1,(C),(A))
int main(int argc, char *argv[])
{
BYTE *p;
WORD machine;
WORD m;
FILE *hFile;
BYTE buffer[1024];
char *mtype[7];
mtype[0]="unknown";
mtype[1]="32bit";
mtype[2]="Intel Itanium";
mtype[6]="64bit";
if(argc==1 ){
printf("%s\n","Usage : GetEXEtype64.exe filename.exe \\ .dll");
fflush(stdout);
ExitProcess(0);
}
if((hFile=fopen(argv[1], "rb"))==0)
{
fprintf(stderr, "Error: Cannot Access File or File Not Found. %s\n",argv[1]);
return 1;
}
GET(hFile,buffer,1024);
if(hFile)
{
fclose(hFile);
hFile=NULL;
}
if(((PIMAGE_DOS_HEADER)buffer)->e_magic!=IMAGE_DOS_SIGNATURE ){
printf("%s\n","The file does not contain a valid DOS header.");
fflush(stdout);
return 2;
}
p=(BYTE*)((BYTE*)buffer+((PIMAGE_DOS_HEADER)buffer)->e_lfanew);
if(((PIMAGE_NT_HEADERS)p)->Signature!=IMAGE_NT_SIGNATURE ){
printf("%s\n","The file does not contain a valid PE header");
fflush(stdout);
return 3;
}
machine=((PIMAGE_NT_HEADERS)p)->FileHeader.Machine;
// IMAGE_FILE_MACHINE_I386 = 0x014C
// IMAGE_FILE_MACHINE_AMD64 = 0x8664
// IMAGE_FILE_MACHINE_IA64 = 0x0200
//
// Retrieve the first 3 digits of the equates and divide the results by 2^8
// to obtain 1, 6 or 2
m=(machine & 0xFFF)>>8;
printf("%s%s\n","The executable is ",mtype[m]);
return 0;
}
