如何确定进程是32位还是64位?

How can I determine whether a process is 32 or 64 bit?

本文关键字:64位 32位 进程 何确定      更新时间:2023-10-16

给定一个Windows进程句柄,我如何确定,使用c++代码,该进程是32位还是64位?

如果您有进程句柄,请使用IsWow64Process()

如果IsWow64Process()报告为true,表示进程是32位运行在64位操作系统上。

如果IsWow64Process()报告false(或者kernel32.dll中不存在),则该进程在32位操作系统上运行为32位进程,或者在64位操作系统上运行为64位进程。要知道操作系统本身是32位还是64位,请使用GetNativeSystemInfo()(如果kernel32.dll中没有GetNativeSystemInfo(),则使用GetSystemInfo())。

BOOL IsWow64(HANDLE process)
{
    BOOL bIsWow64 = FALSE;
    typedef BOOL(WINAPI *LPFN_ISWOW64PROCESS) (HANDLE, PBOOL);
    LPFN_ISWOW64PROCESS fnIsWow64Process;
    fnIsWow64Process = (LPFN_ISWOW64PROCESS)GetProcAddress(GetModuleHandle(TEXT("kernel32")), "IsWow64Process");
    if (NULL != fnIsWow64Process)
    {
        if (!fnIsWow64Process(process, &bIsWow64))
        {
            //handle error
        }
    }
    return bIsWow64;
}
bool IsX86Process(HANDLE process)
{
    SYSTEM_INFO systemInfo = { 0 };
    GetNativeSystemInfo(&systemInfo);
    // x86 environment
    if (systemInfo.wProcessorArchitecture == PROCESSOR_ARCHITECTURE_INTEL)
        return true;
    // Check if the process is an x86 process that is running on x64 environment.
    // IsWow64 returns true if the process is an x86 process
    return IsWow64(process);
}

如果你有模块句柄,那么你可以这样做:

IMAGE_NT_HEADERS * headers = ImageNtHeader(handle);
if ( headers->FileHeader.Machine == IMAGE_FILE_MACHINE_I386 )
{
    //module is x86
}
else if  ( headers->FileHeader.Machine == IMAGE_FILE_MACHINE_AMD64 )
{
    //module is x64
}

我从自己的回答中得到了帮助。

Try

#include <Windows.h>
enum class process_architecture
{
    nun,
    x32,
    x64
};
enum class windows_architecture
{
    x32,
    x64
};
windows_architecture process::get_windows_architecture()
{
#ifdef _WIN64
    return windows_architecture::x64;
#else
    return windows_architecture::x32;
#endif
}
process_architecture get_process_architecture(DWORD id)
{
    BOOL is_wow_64 = FALSE;
    HANDLE h_process = OpenProcess(PROCESS_QUERY_LIMITED_INFORMATION, false, id);
    if (!h_process) return process_architecture::nun;
    bool result = IsWow64Process(h_process, &is_wow_64);
    CloseHandle(h_process);
    if (!result) return process_architecture::nun;
    if (is_wow_64) return process_architecture::x32;
    else if (get_windows_architecture() == windows_architecture::x32) return process_architecture::x32;
    else return process_architecture::x64;
}

如果您不想使用windows API,请尝试:

int main()
{
    const int* pInt = nullptr;
    if (sizeof(pInt) == 8)
    {
        std::cout << "64 bit process";
    }
    else if(sizeof(pInt) == 4)
    {
        std::cout << "32 bit process";
    }
return 0;
}
相关文章: