Geek Answers Handbook

How to determine if a process is 32 or 64 bit?

Given a Windows process descriptor, how can I determine, using C ++ code, whether a process is 32-bit or 64-bit?

+6
source share
3 answers

If you have access to the module, you can do this:

IMAGE_NT_HEADERS * headers = ImageNtHeader(handle); if ( headers->FileHeader.Machine == IMAGE_FILE_MACHINE_I386 ) { //module is x86 } else if ( headers->FileHeader.Machine == IMAGE_FILE_MACHINE_AMD64 ) { //module is x64 }

I got help from my own answer .

0
source

If you have a process handle, use IsWow64Process() .

If IsWow64Process() reports true, the 32-bit process runs on a 64-bit OS.

If IsWow64Process() reports an error (or does not exist in kernel32.dll ), then the process will be either 32-bit, running on a 32-bit OS, or 64-bit, running on a 64-bit OS. To find out if the OS itself is 32-bit or 64-bit, use GetNativeSystemInfo() (or GetSystemInfo() if GetNativeSystemInfo() not available in kernel32.dll ).

+35
source 
 BOOL IsWow64(HANDLE process) { BOOL bIsWow64 = FALSE; typedef BOOL(WINAPI *LPFN_ISWOW64PROCESS) (HANDLE, PBOOL); LPFN_ISWOW64PROCESS fnIsWow64Process; fnIsWow64Process = (LPFN_ISWOW64PROCESS)GetProcAddress(GetModuleHandle(TEXT("kernel32")), "IsWow64Process"); if (NULL != fnIsWow64Process) { if (!fnIsWow64Process(process, &bIsWow64)) { //handle error } } return bIsWow64; } bool IsX86Process(HANDLE process) { SYSTEM_INFO systemInfo = { 0 }; GetNativeSystemInfo(&systemInfo); // x86 environment if (systemInfo.wProcessorArchitecture == PROCESSOR_ARCHITECTURE_INTEL) return true; // Check if the process is an x86 process that is running on x64 environment. // IsWow64 returns true if the process is an x86 process return IsWow64(process); }
0
source

More articles:


All Articles