当前位置：文江博客话题详情

如何测试 Windows DLL 文件以确定它是 32 位还是 64 位？

发布于 2024-07-12 03:37:44 字数 198 浏览 4 评论 0原文

我想编写一个测试脚本或程序来断言给定目录中的所有 DLL 文件都属于特定的构建类型。

我会在 SDK 构建过程结束时使用它作为健全性检查，以确保 64 位版本中没有以某种方式获取一些 32 位 DLL 文件，反之亦然。

有没有一种简单的方法来查看 DLL 文件并确定其类型？

该解决方案应该适用于 xp32 和 xp64。

原文

分享到QQ

分享到微博

如果你对这篇内容有疑问，欢迎到本站社区发帖提问参与讨论，获取更多帮助，或者扫码二维码加入 Web 技术交流群。

发布评论

需要登录才能够评论，你可以免费注册一个本站的账号。

初与友歌 2024-07-19 03:37:44

一种粗略的方法是在每个 DLL 上使用 Visual Studio 工具中的 headers 选项调用 dumpbin 并查找适当的输出：

dumpbin /headers my32bit.dll

PE signature found

File Type: DLL

FILE HEADER VALUES
             14C machine (x86)
               1 number of sections
        45499E0A time date stamp Thu Nov 02 03:28:10 2006
               0 file pointer to symbol table
               0 number of symbols
              E0 size of optional header
            2102 characteristics
                   Executable
                   32 bit word machine
                   DLL

OPTIONAL HEADER VALUES
             10B magic # (PE32)

您可以在该输出中看到一些线索，表明它是一个 32 位 DLL，包括 Paul 指出的 14C 值。提到。应该很容易在脚本中查找。

A crude way would be to call dumpbin with the headers option from the Visual Studio tools on each DLL and look for the appropriate output:

dumpbin /headers my32bit.dll

PE signature found

File Type: DLL

FILE HEADER VALUES
             14C machine (x86)
               1 number of sections
        45499E0A time date stamp Thu Nov 02 03:28:10 2006
               0 file pointer to symbol table
               0 number of symbols
              E0 size of optional header
            2102 characteristics
                   Executable
                   32 bit word machine
                   DLL

OPTIONAL HEADER VALUES
             10B magic # (PE32)

You can see a couple clues in that output that it is a 32 bit DLL, including the 14C value that Paul mentions. Should be easy to look for in a script.

回复收藏 0 原文

厌味 2024-07-19 03:37:44

如果您安装了 Cygwin （或 MobaXTerm、Windows 版 Git Bash、WSL 或...）（出于多种原因，我强烈建议），您可以在 DLL 上使用“文件”实用程序

file <filename>

，它会给出如下输出：

icuuc36.dll: MS-DOS executable PE  for MS Windows (DLL) (GUI) Intel 80386 32-bit

If you have Cygwin (or MobaXTerm, or Git Bash for Windows, or WSL, or...) installed (which I strongly recommend for a variety of reasons), you could use the 'file' utility on the DLL

file <filename>

which would give an output like this:

icuuc36.dll: MS-DOS executable PE  for MS Windows (DLL) (GUI) Intel 80386 32-bit

回复收藏 0 原文

左岸枫 2024-07-19 03:37:44

血淋淋的细节

DLL 使用 PE 可执行格式，从文件中读取该信息并不困难。

请参阅这篇有关 PE 文件格式的 MSDN 文章，了解概述。您需要读取 MS-DOS 标头，然后读取 IMAGE_NT_HEADERS 结构。其中包含 IMAGE_FILE_HEADER 结构，其中包含您的信息需要在 Machine 成员中包含以下值之一

IMAGE_FILE_MACHINE_I386 (0x014c)
IMAGE_FILE_MACHINE_IA64 (0x0200)
IMAGE_FILE_MACHINE_AMD64 (0x8664)

此信息应该位于文件中的固定偏移处，但我仍然建议遍历文件并检查签名MS-DOS 标头和 IMAGE_NT_HEADERS 以确保您能够应对未来的任何更改。

使用 ImageHelp 阅读标题...

您还可以使用 ImageHelp API 来执行此操作 - 使用加载 DLL LoadImage，您将获得一个LOADED_IMAGE 结构，其中包含指向 IMAGE_NT_HEADERS 结构的指针。使用 ImageUnload 释放 LOADED_IMAGE。

...或者改编这个粗略的 Perl 脚本

这是完成工作的粗略 Perl 脚本。它检查文件是否有 DOS 标头，然后将 PE 偏移量从 IMAGE_DOS_HEADER 60 字节读取到文件中。

然后它会寻找 PE 部分的开头，读取签名并检查它，然后提取我们感兴趣的值。

#!/usr/bin/perl
#
# usage: petype <exefile>
#
$exe = $ARGV[0];

open(EXE, $exe) or die "can't open $exe: $!";
binmode(EXE);
if (read(EXE, $doshdr, 64)) {

   ($magic,$skip,$offset)=unpack('a2a58l', $doshdr);
   die("Not an executable") if ($magic ne 'MZ');

   seek(EXE,$offset,SEEK_SET);
   if (read(EXE, $pehdr, 6)){
       ($sig,$skip,$machine)=unpack('a2a2v', $pehdr);
       die("No a PE Executable") if ($sig ne 'PE');

       if ($machine == 0x014c){
            print "i386\n";
       }
       elsif ($machine == 0x0200){
            print "IA64\n";
       }
       elsif ($machine == 0x8664){
            print "AMD64\n";
       }
       else{
            printf("Unknown machine type 0x%lx\n", $machine);
       }
   }
}

close(EXE);

Gory details

A DLL uses the PE executable format, and it's not too tricky to read that information out of the file.

See this MSDN article on the PE File Format for an overview. You need to read the MS-DOS header, then read the IMAGE_NT_HEADERS structure. This contains the IMAGE_FILE_HEADER structure which contains the info you need in the Machine member which contains one of the following values

IMAGE_FILE_MACHINE_I386 (0x014c)
IMAGE_FILE_MACHINE_IA64 (0x0200)
IMAGE_FILE_MACHINE_AMD64 (0x8664)

This information should be at a fixed offset in the file, but I'd still recommend traversing the file and checking the signature of the MS-DOS header and the IMAGE_NT_HEADERS to be sure you cope with any future changes.

Use ImageHelp to read the headers...

You can also use the ImageHelp API to do this - load the DLL with LoadImage and you'll get a LOADED_IMAGE structure which will contain a pointer to an IMAGE_NT_HEADERS structure. Deallocate the LOADED_IMAGE with ImageUnload.

...or adapt this rough Perl script

Here's rough Perl script which gets the job done. It checks the file has a DOS header, then reads the PE offset from the IMAGE_DOS_HEADER 60 bytes into the file.

It then seeks to the start of the PE part, reads the signature and checks it, and then extracts the value we're interested in.

#!/usr/bin/perl
#
# usage: petype <exefile>
#
$exe = $ARGV[0];

open(EXE, $exe) or die "can't open $exe: $!";
binmode(EXE);
if (read(EXE, $doshdr, 64)) {

   ($magic,$skip,$offset)=unpack('a2a58l', $doshdr);
   die("Not an executable") if ($magic ne 'MZ');

   seek(EXE,$offset,SEEK_SET);
   if (read(EXE, $pehdr, 6)){
       ($sig,$skip,$machine)=unpack('a2a2v', $pehdr);
       die("No a PE Executable") if ($sig ne 'PE');

       if ($machine == 0x014c){
            print "i386\n";
       }
       elsif ($machine == 0x0200){
            print "IA64\n";
       }
       elsif ($machine == 0x8664){
            print "AMD64\n";
       }
       else{
            printf("Unknown machine type 0x%lx\n", $machine);
       }
   }
}

close(EXE);

回复收藏 0 原文