ChatGPT解决这个技术问题 Extra ChatGPT

How can I determine if a .NET assembly was built for x86 or x64?

I've got an arbitrary list of .NET assemblies.

I need to programmatically check if each DLL was built for x86 (as opposed to x64 or Any CPU). Is this possible?

possible duplicate of How can I determine for which platform an executable is compiled?
You might also want to check out this one: check-if-unmanaged-dll-is-32-bit-or-64-bit.
In later version of CorFlags, corresponding to .NET 4.5, "32BIT" was replaced by "32BITREQ" and "32BITPREF"..
How to Determine if a .NET Assembly was Built for x86 or x64?

P
Peter Mortensen

Look at System.Reflection.AssemblyName.GetAssemblyName(string assemblyFile).

You can examine assembly metadata from the returned AssemblyName instance:

Using PowerShell: 

[36] C:\> [reflection.assemblyname]::GetAssemblyName("${pwd}\Microsoft.GLEE.dll") | fl

Name                  : Microsoft.GLEE
Version               : 1.0.0.0
CultureInfo           :
CodeBase              : file:///C:/projects/powershell/BuildAnalyzer/...
EscapedCodeBase       : file:///C:/projects/powershell/BuildAnalyzer/...
ProcessorArchitecture : MSIL
Flags                 : PublicKey
HashAlgorithm         : SHA1
VersionCompatibility  : SameMachine
KeyPair               :
FullName              : Microsoft.GLEE, Version=1.0.0.0, Culture=neut...

Here, ProcessorArchitecture identifies the target platform.

Amd64: A 64-bit processor based on the x64 architecture.

Arm: An ARM processor.

IA64: A 64-bit Intel Itanium processor only.

MSIL: Neutral with respect to processor and bits-per-word.

X86: A 32-bit Intel processor, either native or in the Windows on Windows environment on a 64-bit platform (WoW64).

None: An unknown or unspecified combination of processor and bits-per-word.

I'm using PowerShell in this example to call the method.

Forgive the stupid question - but what in this tells you that it's x86?
The ProcessorArchitecture field is an enumeration; in the above example it is set to MSIL, which means "Neutral with respect to processor and bits-per-word." Other values include X86, IA64, Amd64. See msdn.microsoft.com/en-us/library/… for more details.
I get the following error trying to use PowerShell: Exception calling "GetAssemblyName" with "1" argument(s): "Could not load file or assembly '[DLLName].dll' or one of its dependencies. The system cannot find the file specified." (Yes, I've spelt it correctly).
Try with [reflection.assemblyname]::GetAssemblyName("${pwd}\name.dll") as sometimes the process's current directory is not the same as the current provider's (which is where I assume the DLL is for you)
Another caveat to look out for is forgetting to "unblock" the DLL if you downloaded it from the internets. Use unblock-file, or right click/properties/unblock from explorer. You will need to restart the shell for it to recognize the unblocked status if you've already failed once in the current session (blame internet explorer for that - yes, really.)
P
Peter Mortensen

You can use the CorFlags CLI tool (for instance, C:\Program Files\Microsoft SDKs\Windows\v7.0\Bin\CorFlags.exe) to determine the status of an assembly, based on its output and opening an assembly as a binary asset you should be able to determine where you need to seek to determine if the 32BIT flag is set to 1 (x86) or 0 (Any CPU or x64, depending on PE): 

Option    | PE    | 32BIT
----------|-------|---------
x86       | PE32  | 1
Any CPU   | PE32  | 0
x64       | PE32+ | 0

The blog post x64 Development with .NET has some information about corflags.

Even better, you can use Module.GetPEKind to determine whether an assembly is PortableExecutableKinds value PE32Plus (64-bit), Required32Bit (32-bit and WoW), or ILOnly (any CPU) along with other attributes.

After seeing your update, using the GetPEKind seems to be the proper way to do this. I've marked yours as the answer.
GetPEKind fails in a 64 bit process when checking 32 bit assemblies
You have to call GetPEKind from 32bit process
I install VS 2008, VS 2010, VS 2012 and VS 2013. I have 8 files CorFlags.exe in subfolders in C:\Program Files (x86)\Microsoft SDKs\Windows\. Which I should be use ?
As pointed out in this answer, in .NET 4.5 there is 32BITREQ and 32BITPREF instead of the 32BIT flag. PE32/0/0 and PE32/0/1 are AnyCPU and AnyCPU 32-bit preferred, respectively.
P
Peter Mortensen

Just for clarification, CorFlags.exe is part of the .NET Framework SDK. I have the development tools on my machine, and the simplest way for me determine whether a DLL is 32-bit only is to:

Open the Visual Studio Command Prompt (In Windows: menu Start/Programs/Microsoft Visual Studio/Visual Studio Tools/Visual Studio 2008 Command Prompt) CD to the directory containing the DLL in question Run corflags like this: corflags MyAssembly.dll

You will get output something like this: 

Microsoft (R) .NET Framework CorFlags Conversion Tool.  Version  3.5.21022.8
Copyright (c) Microsoft Corporation.  All rights reserved.

Version   : v2.0.50727
CLR Header: 2.5
PE        : PE32
CorFlags  : 3
ILONLY    : 1
32BIT     : 1
Signed    : 0

As per comments the flags above are to be read as following:

Any CPU: PE = PE32 and 32BIT = 0

x86: PE = PE32 and 32BIT = 1

64-bit: PE = PE32+ and 32BIT = 0

This seems to have changed meanwhile; corflags now displays 32BITREQ and 32BITPREF rather than a single 32BIT value.
Microsoft .NET 4.5 introduced a new option, Any CPU 32-bit Preferred. Here are the details.
The "Visual Studio Command Prompt" is nowadays called "Visual Studio 2019 Developer Command Prompt".
P
Peter Mortensen

Just write your own. The core of the PE architecture hasn't been seriously changed since its implementation in Windows 95.

Here's a C# example: 

    public static ushort GetPEArchitecture(string pFilePath)
    {
        ushort architecture = 0;
        try
        {
            using (System.IO.FileStream fStream = new System.IO.FileStream(pFilePath, System.IO.FileMode.Open, System.IO.FileAccess.Read))
            {
                using (System.IO.BinaryReader bReader = new System.IO.BinaryReader(fStream))
                {
                    // Check the MZ signature
                    if (bReader.ReadUInt16() == 23117)
                    {
                        // Seek to e_lfanew.
                        fStream.Seek(0x3A, System.IO.SeekOrigin.Current);

                        // Seek to the start of the NT header.
                        fStream.Seek(bReader.ReadUInt32(), System.IO.SeekOrigin.Begin);

                        if (bReader.ReadUInt32() == 17744) // Check the PE\0\0 signature.
                        {
                            // Seek past the file header,
                            fStream.Seek(20, System.IO.SeekOrigin.Current);

                            // Read the magic number of the optional header.
                            architecture = bReader.ReadUInt16();
                        }
                    }
                }
            }
        }
        catch (Exception) { /* TODO: Any exception handling you want
                                     to do, personally I just take 0
                                     as a sign of failure */
        }

        // If architecture returns 0, there has been an error.
        return architecture;
    }
}

Now the current constants are: 

0x10B - PE32  format.
0x20B - PE32+ format.

But with this method it allows for the possibilities of new constants. Just validate the return as you see fit.

Interesting, thanks for the code with explanation. Module.GetPEKind is probably the easiest path. But this is helpful for learning's sake. Thanks.
Very interesting but when I have an application compiled with Any CPU, the result is 0x10B. This is wrong because my application is run in a x64 system. Is there any other flag to check?
GetPEArchitecture works for assemblies compiled using .net 3.5, 4.0, 4.5 and 4.5.1 ? Anyways, I think, Module.GetPEKind fails in a 64 bit process when checking 32 bit assemblies.
P
Peter Mortensen

DotPeek from JetBrains provides a quick and easy way to see msil (Any CPU), x86, and x64:

https://i.stack.imgur.com/KYHkA.png

L
Ludwo

Try to use CorFlagsReader from this project at CodePlex. It has no references to other assemblies and it can be used as is.

This is the most accurate and useful answer.
The link still works as of this writing, but as CodePlex is about to be shut down, it would be good to do the appropriate action before it is too late.
The link is utterly and completely broken now: "Hmm. We’re having trouble finding that site. We can’t connect to the server at apichange.codeplex.com."
M
Morgan Mellor 
[TestMethod]
public void EnsureKWLLibrariesAreAll64Bit()
{
    var assemblies = Assembly.GetExecutingAssembly().GetReferencedAssemblies().Where(x => x.FullName.StartsWith("YourCommonProjectName")).ToArray();
    foreach (var assembly in assemblies)
    {
        var myAssemblyName = AssemblyName.GetAssemblyName(assembly.FullName.Split(',')[0] + ".dll");
        Assert.AreEqual(ProcessorArchitecture.MSIL, myAssemblyName.ProcessorArchitecture);
    }
}
Thanks for this, One of our applications has to be built as x86, adding a unit test ensures that the build server's build libraries will be 32bit and avoids those mistakes from happening :)
P
Peter Mortensen

Below is a batch file that will run corflags.exe against all DLL files and EXE files in the current working directory and all sub-directories, parse the results and display the target architecture of each.

Depending on the version of corflags.exe that is used, the line items in the output will either include 32BIT, or 32BITREQ (and 32BITPREF). Whichever of these two is included in the output is the critical line item that must be checked to differentiate between Any CPU and x86. If you are using an older version of corflags.exe (pre Windows SDK v8.0A), then only the 32BIT line item will be present in the output, as others have indicated in past answers. Otherwise 32BITREQ and 32BITPREF replace it.

This assumes corflags.exe is in the %PATH%. The simplest way to ensure this is to use a Developer Command Prompt. Alternatively you could copy it from its default location.

If the batch file below is run against an unmanaged DLL or EXE file, it will incorrectly display it as x86, since the actual output from Corflags.exe will be an error message similar to:

corflags : error CF008 : The specified file does not have a valid managed header 

@echo off

echo.
echo Target architecture for all exes and dlls:
echo.

REM For each exe and dll in this directory and all subdirectories...
for %%a in (.exe, .dll) do forfiles /s /m *%%a /c "cmd /c echo @relpath" > testfiles.txt

for /f %%b in (testfiles.txt) do (
    REM Dump corflags results to a text file
    corflags /nologo %%b > corflagsdeets.txt

   REM Parse the corflags results to look for key markers
   findstr /C:"PE32+">nul .\corflagsdeets.txt && (
      REM `PE32+` indicates x64
        echo %%~b = x64
    ) || (
      REM pre-v8 Windows SDK listed only "32BIT" line item,
      REM newer versions list "32BITREQ" and "32BITPREF" line items
        findstr /C:"32BITREQ  : 0">nul /C:"32BIT     : 0" .\corflagsdeets.txt && (
            REM `PE32` and NOT 32bit required indicates Any CPU
            echo %%~b = Any CPU
        ) || (
            REM `PE32` and 32bit required indicates x86
            echo %%~b = x86
        )
    )

    del corflagsdeets.txt
)

del testfiles.txt
echo.
P
Peter Mortensen

I've cloned a super handy tool that adds a context menu entry for assemblies in Windows Explorer to show all available information:

Download from Releases · tebjan/AssemblyInformation.

https://i.stack.imgur.com/EwVii.png

The "source code (zip)" download has a project file containing hard-coded paths to files on your computer and not included in the download :(
P
Peter Mortensen

One more way would be to use dumpbin from the Visual Studio tools on the DLL and look for the appropriate output: 

dumpbin.exe /HEADERS <your DLL file path>
    FILE HEADER VALUE
                 14C machine (x86)
                   4 number of sections
            5885AC36 time date stamp Mon Jan 23 12:39:42 2017
                   0 file pointer to symbol table
                   0 number of symbols
                  E0 size of optional header
                2102 characteristics
                       Executable
                       32 bit word machine
                       DLL

Note: The above output is for a 32-bit DLL file

One more useful option with dumpbin.exe is /EXPORTS. It will show you the function exposed by the DLL file 

dumpbin.exe /EXPORTS <PATH OF THE DLL FILE>
P
Peter Mortensen

A more generic way - use the file structure to determine bitness and image type: 

public static CompilationMode GetCompilationMode(this FileInfo info)
{
    if (!info.Exists)
        throw new ArgumentException($"{info.FullName} does not exist");

    var intPtr = IntPtr.Zero;
    try
    {
        uint unmanagedBufferSize = 4096;
        intPtr = Marshal.AllocHGlobal((int)unmanagedBufferSize);

        using (var stream = File.Open(info.FullName, FileMode.Open, FileAccess.Read))
        {
            var bytes = new byte[unmanagedBufferSize];
            stream.Read(bytes, 0, bytes.Length);
            Marshal.Copy(bytes, 0, intPtr, bytes.Length);
        }

        // Check DOS header magic number
        if (Marshal.ReadInt16(intPtr) != 0x5a4d)
            return CompilationMode.Invalid;

        // This will get the address for the WinNT header
        var ntHeaderAddressOffset = Marshal.ReadInt32(intPtr + 60);

        // Check WinNT header signature
        var signature = Marshal.ReadInt32(intPtr + ntHeaderAddressOffset);
        if (signature != 0x4550)
            return CompilationMode.Invalid;

        // Determine file bitness by reading magic from IMAGE_OPTIONAL_HEADER
        var magic = Marshal.ReadInt16(intPtr + ntHeaderAddressOffset + 24);

        var result = CompilationMode.Invalid;
        uint clrHeaderSize;
        if (magic == 0x10b)
        {
            clrHeaderSize = (uint)Marshal.ReadInt32(intPtr + ntHeaderAddressOffset + 24 + 208 + 4);
            result |= CompilationMode.Bit32;
        }
        else if (magic == 0x20b)
        {
            clrHeaderSize = (uint)Marshal.ReadInt32(intPtr + ntHeaderAddressOffset + 24 + 224 + 4);
            result |= CompilationMode.Bit64;
        }
        else return CompilationMode.Invalid;

        result |= clrHeaderSize != 0
            ? CompilationMode.CLR
            : CompilationMode.Native;

        return result;
    }
    finally
    {
        if (intPtr != IntPtr.Zero)
            Marshal.FreeHGlobal(intPtr);
    }
}

Compilation mode enumeration 

[Flags]
public enum CompilationMode
{
    Invalid = 0,
    Native = 0x1,
    CLR = Native << 1,
    Bit32 = CLR << 1,
    Bit64 = Bit32 << 1
}

Source code with explanation is at GitHub.

P
Peter Mortensen

Another way to check the target platform of a .NET assembly is inspecting the assembly with .NET Reflector...

@#~#€~! I've just realized that the new version is not free! So, correction, if you have a free version of .NET reflector, you can use it to check the target platform.

Use ILSpy, it's a basic open source app that does much the same things as Reflector
P
Peter Mortensen

cfeduke notes the possibility of calling GetPEKind. It's potentially interesting to do this from PowerShell.

Here, for example, is code for a cmdlet that could be used: https://stackoverflow.com/a/16181743/64257

Alternatively, at https://stackoverflow.com/a/4719567/64257 it is noted that "there's also the Get-PEHeader cmdlet in the PowerShell Community Extensions that can be used to test for executable images."

P
Peter Mortensen

A tool is sigcheck: 

sigcheck c:\Windows\winhlp32.exe

Output: 

Sigcheck v2.71 - File version and signature viewer
Copyright (C) 2004-2018 Mark Russinovich
Sysinternals - www.sysinternals.com

c:\windows\winhlp32.exe:
        Verified:       Signed
        Signing date:   20:05 02.05.2022
        Publisher:      Microsoft Windows
        Company:        Microsoft Corporation
        Description:    Windows Winhlp32 Stub
        Product:        Microsoft® Windows® Operating System
        Prod version:   10.0.19041.1
        File version:   10.0.19041.1 (WinBuild.160101.0800)
        MachineType:    32-bit


sigcheck -nobanner c:\Windows\HelpPane.exe

Output: 

c:\windows\HelpPane.exe:
        Verified:       Signed
        Signing date:   00:42 23.04.2022
        Publisher:      Microsoft Windows
        Company:        Microsoft Corporation
        Description:    Microsoft Help and Support
        Product:        Microsoft® Windows® Operating System
        Prod version:   10.0.19041.1151
        File version:   10.0.19041.1151 (WinBuild.160101.0800)
        MachineType:    64-bit
A
Alexei - check Codidact

An alternative to already mentioned tools is Telerik JustDecompile (free tool) which will display the information next to the assembly name:

https://i.stack.imgur.com/41Igu.png

P
Peter Mortensen

I like the ILSpy tool. It shows not only architecture, but the target framework as well: 

// linq2db, Version=3.0.0.0, Culture=neutral, PublicKeyToken=e41013125f9e410a
// Global type: <Module>
// Architecture: AnyCPU (64-bit preferred)
// Runtime: v4.0.30319
// This assembly is signed with a strong name key.
// This assembly was compiled using the /deterministic option.
// Hash algorithm: SHA1

So it is possible to determine if it is .NET Core 2.1, .NET Framework 4.6 or any other one:

https://i.stack.imgur.com/43LFa.png

关注公众号,不定期副业成功案例分享
Follow WeChat

Success story sharing

Want to stay one step ahead of the latest teleworks?

Subscribe Now

HuntsBot,a one-stop outsourcing task, remote job, product ideas sharing and subscription platform, which supports DingTalk, Lark, WeCom, Email and Telegram robot subscription. The platform will push outsourcing task requirements, remote work opportunities, product ideas to every subscribed user with timely, stable and reliable.

简体中文 English

Platform

Support

Contact US

Any questions or suggestions during use, you can contact us in the following ways:

Email: huntsbot@xinbeitime.com

Copyright© 2022-2023 www.huntsbot.com 浙ICP备2022000860号-4 All Rights Reserved.