GetBinaryType (kernel32)
Last changed: -217.144.239.130

.
Summary

VB.Net Signature:

    Enum BinaryType
        SCS_32BIT_BINARY = 0 ' , // A 32-bit Windows-based application
        SCS_64BIT_BINARY = 6 ' , // A 64-bit Windows-based application.
        SCS_DOS_BINARY = 1 ' , // An MS-DOS – based application
        SCS_OS216_BINARY = 5 ' , // A 16-bit OS/2-based application
        SCS_PIF_BINARY = 3 ' , // A PIF file that executes an MS-DOS – based application
        SCS_POSIX_BINARY = 4 ' , // A POSIX – based application
        SCS_WOW_BINARY = 2    ' // A 16-bit Windows-based application
    End Enum
    <DllImport("kernel32.dll", SetLastError:=True)> _
    Private Shared Function GetBinaryType( _
        ByVal lpAppName As String, _
        ByRef lpBinaryType As BinaryType _
    ) As Integer
    End Function

C# Signature:

[DllImport("kernel32.dll")]
static extern bool GetBinaryType(string lpApplicationName,
   out BinaryType lpBinaryType);

User-Defined Types:

public enum BinaryType : uint  
{
    SCS_32BIT_BINARY = 0, // A 32-bit Windows-based application
    SCS_64BIT_BINARY = 6, // A 64-bit Windows-based application.
    SCS_DOS_BINARY = 1, // An MS-DOS – based application
    SCS_OS216_BINARY = 5, // A 16-bit OS/2-based application
    SCS_PIF_BINARY = 3, // A PIF file that executes an MS-DOS – based application
    SCS_POSIX_BINARY = 4, // A POSIX – based application
    SCS_WOW_BINARY = 2 // A 16-bit Windows-based application
}

Notes:

None.

Tips & Tricks:

Please add some!

Sample Code:

Powershell Example:

    function Get-BinaryType
    {
        <#
            .SYNOPSIS
                Gets the binary executable type for a given set of files
            .DESCRIPTION
                PowerShell wrapper around the GetBinaryType Windows API that inspects file headers
                and reports the binary file type (e.g., 32-bit Windows app, 64-bit Windows app, 16-bit DOS/Windows app, etc.)
            .PARAMETER Path
                File path(s) to inspect
            .EXAMPLE
                #Reports the file type of C:\Windows\Explorer.exe:
                Get-BinaryType C:\Windows\Explorer.exe
            .EXAMPLE
                #Attempts to get the binary type of all files in the current directory
                Get-ChildItem | where { !$_.PsIsContainer } | Get-BinaryType
            .EXAMPLE
                #Attempts to get the binary type of all exe files in the windows directory,
                #ignoring any non-terminating errors
                Get-ChildItem $env:windir -filter *.exe | Get-BinaryType -ErrorAction SilentlyContinue
            .EXAMPLE
                #From a 32bit process on a 64 bit Windows install, attempts to get the binary type of all exe files
                #in the windows system32 directory by bypassing filesystem redirection using "sysnative",
                #ignoring any non-terminating errors, and finally showing the file name and binary type
                Get-ChildItem $env:windir\sysnative -filter *.exe | Get-BinaryType -ErrorAction SilentlyContinue -passthrough | select Name,BinaryType
            .NOTES
                Author:      Battleship, Aaron Margosis
                Inspiration: http://pinvoke.net/default.aspx/kernel32/GetBinaryType.html
            .LINK
                http://wonkysoftware.appspot.com
        #>

        [CmdletBinding(  
                                SupportsShouldProcess   = $false,
                                ConfirmImpact       = "none",
                                DefaultParameterSetName = ""
                        )]

        param
        (
            [Parameter(
                                HelpMessage             = "Enter binary file(s) to examine",
                                Position            = 0,
                                Mandatory               = $true,
                                ValueFromPipeline           = $true,
                                ValueFromPipelineByPropertyName = $true
                        )]
            [ValidateNotNullOrEmpty()]
            [ValidateScript({Test-Path $_.FullName})]
            [IO.FileInfo[]]
            $Path,

            [Alias("PassThru")]
            [switch]
            $PassThrough
        )

        begin
        {
            try
            {
                #add the enum for the binary types
                #Using more user friendly names since they won't likely be used outside this context
                Add-Type "
                    public enum BinaryType
                    {
                        BIT32 = 0, // A 32-bit Windows-based application,           SCS_32BIT_BINARY
                        DOS   = 1, // An MS-DOS – based application,            SCS_DOS_BINARY
                        WOW   = 2, // A 16-bit Windows-based application,           SCS_WOW_BINARY
                        PIF   = 3, // A PIF file that executes an MS-DOS based application, SCS_PIF_BINARY
                        POSIX = 4, // A POSIX based application,                SCS_POSIX_BINARY
                        OS216 = 5, // A 16-bit OS/2-based application,              SCS_OS216_BINARY
                        BIT64 = 6  // A 64-bit Windows-based application,           SCS_64BIT_BINARY
                    }"
            }
            catch {} #type already been loaded, do nothing

            try
            {
                # create the win32 signature
                $Signature =
                    '
                        [DllImport("kernel32.dll")]
                        public static extern bool GetBinaryType(
                                                                                string lpApplicationName,
                                                                                ref int lpBinaryType
                                                                            );
                    '

                # Create a new type that lets us access the Windows API function
                Add-Type -MemberDefinition $Signature `
                            -Name                 BinaryType `
                            -Namespace             Win32Utils
            }
            catch {} #type already been loaded, do nothing
        }

        process
        {
            foreach ($Item in $Path)
            {
                $ReturnedType = -1
                Write-Verbose "Attempting to get type for file: $($Item.FullName)"
                $Result = [Win32Utils.BinaryType]::GetBinaryType($Item.FullName, [ref] $ReturnedType)

                #if the function returned $false, indicating an error, or the binary type wasn't returned
                if (!$Result -or ($ReturnedType -eq -1))
                {
                    Write-Error "Failed to get binary type for file $($Item.FullName)"
                }
                else
                {
                    $ToReturn = [BinaryType]$ReturnedType
                    if ($PassThrough)
                    {
                        #get the file object, attach a property indicating the type, and passthru to pipeline
                        Get-Item $Item.FullName -Force |
                            Add-Member -MemberType noteproperty -Name BinaryType -Value $ToReturn -Force -PassThru
                    }
                    else
                    {
                        #Put enum object directly into pipeline
                        $ToReturn
                    }
                }
            }
        }
    }

Alternative Managed API:

Do you know one? Please contribute it!

Documentation