Given a Windows process handle, how can I determine, using C++ code, whether the process is 32 bit or 64 bit?
If you have handle to the module then you can do this:
IMAGE_NT_HEADERS * headers = ImageNtHeader(handle);
if ( headers->FileHeader.Machine == IMAGE_FILE_MACHINE_I386 )
{
//module is x86
}
else if ( headers->FileHeader.Machine == IMAGE_FILE_MACHINE_AMD64 )
{
//module is x64
}
I took help from my own answer.
If you have a process handle, use IsWow64Process().
If IsWow64Process()
reports true, the process is 32-bit running on a 64-bit OS.
If IsWow64Process()
reports false (or does not exist in kernel32.dll
), then the process is either 32-bit running on a 32-bit OS, or is 64-bit running on a 64-bit OS. To know if the OS itself is 32-bit or 64-bit, use GetNativeSystemInfo() (or GetSystemInfo() if GetNativeSystemInfo()
is not available in kernel32.dll
).
BOOL IsWow64(HANDLE process)
{
BOOL bIsWow64 = FALSE;
typedef BOOL(WINAPI *LPFN_ISWOW64PROCESS) (HANDLE, PBOOL);
LPFN_ISWOW64PROCESS fnIsWow64Process;
fnIsWow64Process = (LPFN_ISWOW64PROCESS)GetProcAddress(GetModuleHandle(TEXT("kernel32")), "IsWow64Process");
if (NULL != fnIsWow64Process)
{
if (!fnIsWow64Process(process, &bIsWow64))
{
//handle error
}
}
return bIsWow64;
}
bool IsX86Process(HANDLE process)
{
SYSTEM_INFO systemInfo = { 0 };
GetNativeSystemInfo(&systemInfo);
// x86 environment
if (systemInfo.wProcessorArchitecture == PROCESSOR_ARCHITECTURE_INTEL)
return true;
// Check if the process is an x86 process that is running on x64 environment.
// IsWow64 returns true if the process is an x86 process
return IsWow64(process);
}