VB.Net Signature:
Enum BinaryType
SCS_32BIT_BINARY = 0 ' , // A 32-bit Windows-based application
SCS_64BIT_BINARY = 6 ' , // A 64-bit Windows-based application.
SCS_DOS_BINARY = 1 ' , // An MS-DOS – based application
SCS_OS216_BINARY = 5 ' , // A 16-bit OS/2-based application
SCS_PIF_BINARY = 3 ' , // A PIF file that executes an MS-DOS – based application
SCS_POSIX_BINARY = 4 ' , // A POSIX – based application
SCS_WOW_BINARY = 2 ' // A 16-bit Windows-based application
End Enum
<DllImport("kernel32.dll", SetLastError:=True)> _
Private Shared Function GetBinaryType( _
ByVal lpAppName As String, _
ByRef lpBinaryType As BinaryType _
) As Integer
End Function
C# Signature:
[DllImport("kernel32.dll")]
static extern bool GetBinaryType(string lpApplicationName,
out BinaryType lpBinaryType);
User-Defined Types:
public enum BinaryType : uint
{
SCS_32BIT_BINARY = 0, // A 32-bit Windows-based application
SCS_64BIT_BINARY = 6, // A 64-bit Windows-based application.
SCS_DOS_BINARY = 1, // An MS-DOS – based application
SCS_OS216_BINARY = 5, // A 16-bit OS/2-based application
SCS_PIF_BINARY = 3, // A PIF file that executes an MS-DOS – based application
SCS_POSIX_BINARY = 4, // A POSIX – based application
SCS_WOW_BINARY = 2 // A 16-bit Windows-based application
}
Notes:
None.
Tips & Tricks:
Please add some!
Sample Code:
Powershell Example:
function Get-BinaryType
{
<#
.SYNOPSIS
Gets the binary executable type for a given set of files
.DESCRIPTION
PowerShell wrapper around the GetBinaryType Windows API that inspects file headers
and reports the binary file type (e.g., 32-bit Windows app, 64-bit Windows app, 16-bit DOS/Windows app, etc.)
.PARAMETER Path
File path(s) to inspect
.EXAMPLE
#Reports the file type of C:\Windows\Explorer.exe:
Get-BinaryType C:\Windows\Explorer.exe
.EXAMPLE
#Attempts to get the binary type of all files in the current directory
Get-ChildItem | where { !$_.PsIsContainer } | Get-BinaryType
.EXAMPLE
#Attempts to get the binary type of all exe files in the windows directory,
#ignoring any non-terminating errors
Get-ChildItem $env:windir -filter *.exe | Get-BinaryType -ErrorAction SilentlyContinue
.EXAMPLE
#From a 32bit process on a 64 bit Windows install, attempts to get the binary type of all exe files
#in the windows system32 directory by bypassing filesystem redirection using "sysnative",
#ignoring any non-terminating errors, and finally showing the file name and binary type
Get-ChildItem $env:windir\sysnative -filter *.exe | Get-BinaryType -ErrorAction SilentlyContinue -passthrough | select Name,BinaryType
.NOTES
Author: Battleship, Aaron Margosis
Inspiration: http://pinvoke.net/default.aspx/kernel32/GetBinaryType.html
.LINK
http://wonkysoftware.appspot.com
#>
[CmdletBinding(
SupportsShouldProcess = $false,
ConfirmImpact = "none",
DefaultParameterSetName = ""
)]
param
(
[Parameter(
HelpMessage = "Enter binary file(s) to examine",
Position = 0,
Mandatory = $true,
ValueFromPipeline = $true,
ValueFromPipelineByPropertyName = $true
)]
[ValidateNotNullOrEmpty()]
[ValidateScript({Test-Path $_.FullName})]
[IO.FileInfo[]]
$Path,
[Alias("PassThru")]
[switch]
$PassThrough
)
begin
{
try
{
#add the enum for the binary types
#Using more user friendly names since they won't likely be used outside this context
Add-Type "
public enum BinaryType
{
BIT32 = 0, // A 32-bit Windows-based application, SCS_32BIT_BINARY
DOS = 1, // An MS-DOS – based application, SCS_DOS_BINARY
WOW = 2, // A 16-bit Windows-based application, SCS_WOW_BINARY
PIF = 3, // A PIF file that executes an MS-DOS based application, SCS_PIF_BINARY
POSIX = 4, // A POSIX based application, SCS_POSIX_BINARY
OS216 = 5, // A 16-bit OS/2-based application, SCS_OS216_BINARY
BIT64 = 6 // A 64-bit Windows-based application, SCS_64BIT_BINARY
}"
}
catch {} #type already been loaded, do nothing
try
{
# create the win32 signature
$Signature =
'
[DllImport("kernel32.dll")]
public static extern bool GetBinaryType(
string lpApplicationName,
ref int lpBinaryType
);
'
# Create a new type that lets us access the Windows API function
Add-Type -MemberDefinition $Signature `
-Name BinaryType `
-Namespace Win32Utils
}
catch {} #type already been loaded, do nothing
}
process
{
foreach ($Item in $Path)
{
$ReturnedType = -1
Write-Verbose "Attempting to get type for file: $($Item.FullName)"
$Result = [Win32Utils.BinaryType]::GetBinaryType($Item.FullName, [ref] $ReturnedType)
#if the function returned $false, indicating an error, or the binary type wasn't returned
if (!$Result -or ($ReturnedType -eq -1))
{
Write-Error "Failed to get binary type for file $($Item.FullName)"
}
else
{
$ToReturn = [BinaryType]$ReturnedType
if ($PassThrough)
{
#get the file object, attach a property indicating the type, and passthru to pipeline
Get-Item $Item.FullName -Force |
Add-Member -MemberType noteproperty -Name BinaryType -Value $ToReturn -Force -PassThru
}
else
{
#Put enum object directly into pipeline
$ToReturn
}
}
}
}
}
Alternative Managed API:
Do you know one? Please contribute it!
