function Test-IsFile64Bit

//function Test-IsFile64Bit
function Test-IsFile64Bit 2016-02-02T19:58:53+00:00

The Toolkit Forums Toolkit Extensions function Test-IsFile64Bit

  • Author
    Posts
  • That_annoying_guy
    Participant
    Post count: 42
    #1053 |
    <code>
    	function Test-IsFile64Bit {
    	&lt;#
    	.SYNOPSIS
    		Determines the Bitness of a file EXE
    	.DESCRIPTION
    		Returns the following:
    		
    		FilePath               FileType Is64Bit
    		--------               -------- -------
    		C:\Windows\notepad.exe x64         True
    		
    		or
    		FilePath                    FileType Is64Bit
    		--------                    -------- -------
    		C:\Windows\SysWOW64\cmd.exe x86        False
    
    	.PARAMETER Path
    		Path of the file to copy.
    	.EXAMPLE
    		Test-IsFile64Bit -Path &quot;C:\Windows\explorer.exe&quot;
    	.EXAMPLE
    		$(Test-IsFile64Bit -Path &quot;C:\Windows\SysWOW64\cmd.exe&quot;).Is64Bit
    		(Returns $true or $false)
    	.NOTES
    		
    	.LINK
    		Based on:
    		https://superuser.com/questions/358434/how-to-check-if-a-binary-is-32-or-64-bit-on-windows
    		By &quot;megamorf&quot;
    	#&gt;
    		[CmdletBinding()]
    		param(
    			[Parameter(Mandatory=$true)]
    			[ValidateNotNullorEmpty()]
    			[string]$Path = &quot;$env:windir\notepad.exe&quot;
    		)
    
    		[int32]$MACHINE_OFFSET = 4
    		[int32]$PE_POINTER_OFFSET = 60
    
    		[byte[]]$data = New-Object -TypeName System.Byte[] -ArgumentList 4096
    		$stream = New-Object -TypeName System.IO.FileStream -ArgumentList ($Path, ‘Open’, ‘Read’)
    		$stream.Read($data, 0, 4096) | Out-Null
    
    		[int32]$PE_HEADER_ADDR = [System.BitConverter]::ToInt32($data, $PE_POINTER_OFFSET)
    		[int32]$machineUint = [System.BitConverter]::ToUInt16($data, $PE_HEADER_ADDR + $MACHINE_OFFSET)
    
    		$result = &quot;&quot; | select FilePath, FileType, Is64Bit
    		$result.FilePath = $Path
    		$result.Is64Bit = $false
    
    		switch ($machineUint) {
    			0      { $result.FileType = ‘Native’ }
    			0x014c { $result.FileType = &#039;x86&#039; }
    			0x0200 { $result.FileType = &#039;Itanium&#039; }
    			0x8664 { $result.FileType = &#039;x64&#039;; $result.is64Bit = $true; }
    		}
    		$result
    	}
    
    	$(Test-IsFile64Bit &quot;C:\Windows\SysWOW64\cmd.exe&quot;).Is64Bit
    
    	#Test-IsFile64Bit &quot;C:\Program Files (x86)\McAfee\Common Framework\cmdagent.exe&quot;</code>
    • This topic was modified 1 year, 9 months ago by  That_annoying_guy. Reason: looked awful
  • Muhammad Mashwani
    Keymaster
    Post count: 118

    Just FYI, the toolkit also has a function called Get-PEFileArchitecture that will return this information.

    • Brian
      Participant
      Post count: 2

      Thanks for the tip @Muhammad. Where is this function documented? I wouldn’t have known about it if not for your comment.

You must be logged in to reply to this topic.