How can I determine whether a process is 32 or 64 bit?

前端 未结 3 1437
忘掉有多难
忘掉有多难 2021-02-07 19:36

Given a Windows process handle, how can I determine, using C++ code, whether the process is 32 bit or 64 bit?

相关标签:
3条回答
  • 2021-02-07 20:37

    If you have handle to the module then you can do this:

    IMAGE_NT_HEADERS * headers = ImageNtHeader(handle);
    
    if ( headers->FileHeader.Machine == IMAGE_FILE_MACHINE_I386 )
    {
        //module is x86
    }
    else if  ( headers->FileHeader.Machine == IMAGE_FILE_MACHINE_AMD64 )
    {
        //module is x64
    }
    

    I took help from my own answer.

    0 讨论(0)
  • 2021-02-07 20:37

    If you have a process handle, use IsWow64Process().

    If IsWow64Process() reports true, the process is 32-bit running on a 64-bit OS.

    If IsWow64Process() reports false (or does not exist in kernel32.dll), then the process is either 32-bit running on a 32-bit OS, or is 64-bit running on a 64-bit OS. To know if the OS itself is 32-bit or 64-bit, use GetNativeSystemInfo() (or GetSystemInfo() if GetNativeSystemInfo() is not available in kernel32.dll).

    0 讨论(0)
  • 2021-02-07 20:38
    BOOL IsWow64(HANDLE process)
    {
        BOOL bIsWow64 = FALSE;
    
        typedef BOOL(WINAPI *LPFN_ISWOW64PROCESS) (HANDLE, PBOOL);
        LPFN_ISWOW64PROCESS fnIsWow64Process;
        fnIsWow64Process = (LPFN_ISWOW64PROCESS)GetProcAddress(GetModuleHandle(TEXT("kernel32")), "IsWow64Process");
    
        if (NULL != fnIsWow64Process)
        {
            if (!fnIsWow64Process(process, &bIsWow64))
            {
                //handle error
            }
        }
        return bIsWow64;
    }
    
    bool IsX86Process(HANDLE process)
    {
        SYSTEM_INFO systemInfo = { 0 };
        GetNativeSystemInfo(&systemInfo);
    
        // x86 environment
        if (systemInfo.wProcessorArchitecture == PROCESSOR_ARCHITECTURE_INTEL)
            return true;
    
        // Check if the process is an x86 process that is running on x64 environment.
        // IsWow64 returns true if the process is an x86 process
        return IsWow64(process);
    }
    
    0 讨论(0)
提交回复
热议问题