RE: GetBinaryType not working for DLLs



Hi,

Yes, just as MSDN for GetBinaryType documented, GetBinaryType API only
deals with Exe file, not for DLL files. I also see an internal record
regarding this issue, and the GetBinaryType API owner confirmed this design
point.

If you really wanted to distinguish between Exe and DLL, there is no win32
API for it. The only way is dealing with their PE format(yes, Exe and DLL
both use the same PE format). For example, you may check
IMAGE_FILE_HEADER.Characteristics field of the PE file, just check
IMAGE_FILE_EXECUTABLE_IMAGE and IMAGE_FILE_DLL flags. "Matt Pietrek" has
written a wonderful article regarding PE format:
"An In-Depth Look into the Win32 Portable Executable File Format"
http://msdn.microsoft.com/msdnmag/issues/02/02/PE/

To distinguish between 16 and 32 bit Exe/DLL file, you should check
"NE"(16bit) or "PE"(32bit) signature in the file header, please see the
article below for more information:
"How to detect the types of executable files"
http://www.delphidabbler.com/articles?article=8

To distinguish between 32bit and 64 bit PE file, you should check
IMAGE_FILE_HEADER.Machine field. Based on the Microsoft PE and COFF
Specification below, I have listed out all the possible values for this
field:
http://download.microsoft.com/download/9/c/5/9c5b2167-8017-4bae-9fde-d599bac
8184a/pecoff_v8.doc

IMAGE_FILE_MACHINE_UNKNOWN 0x0 The contents of this field are assumed to be
applicable to any machine type
IMAGE_FILE_MACHINE_AM33 0x1d3 Matsushita AM33
IMAGE_FILE_MACHINE_AMD64 0x8664 x64
IMAGE_FILE_MACHINE_ARM 0x1c0 ARM little endian
IMAGE_FILE_MACHINE_EBC 0xebc EFI byte code
IMAGE_FILE_MACHINE_I386 0x14c Intel 386 or later processors and compatible
processors
IMAGE_FILE_MACHINE_IA64 0x200 Intel Itanium processor family
IMAGE_FILE_MACHINE_M32R 0x9041 Mitsubishi M32R little endian
IMAGE_FILE_MACHINE_MIPS16 0x266 MIPS16
IMAGE_FILE_MACHINE_MIPSFPU 0x366 MIPS with FPU
IMAGE_FILE_MACHINE_MIPSFPU16 0x466 MIPS16 with FPU
IMAGE_FILE_MACHINE_POWERPC 0x1f0 Power PC little endian
IMAGE_FILE_MACHINE_POWERPCFP 0x1f1 Power PC with floating point support
IMAGE_FILE_MACHINE_R4000 0x166 MIPS little endian
IMAGE_FILE_MACHINE_SH3 0x1a2 Hitachi SH3
IMAGE_FILE_MACHINE_SH3DSP 0x1a3 Hitachi SH3 DSP
IMAGE_FILE_MACHINE_SH4 0x1a6 Hitachi SH4
IMAGE_FILE_MACHINE_SH5 0x1a8 Hitachi SH5
IMAGE_FILE_MACHINE_THUMB 0x1c2 Thumb
IMAGE_FILE_MACHINE_WCEMIPSV2 0x169 MIPS little-endian WCE v2

Yes, you may check IMAGE_FILE_MACHINE_AMD64|IMAGE_FILE_MACHINE_IA64 for
64bit and IMAGE_FILE_MACHINE_I386 for 32bit.

Finally, many existing Exe/DLL tools also parses the PE file format
internally, such as dumpbin.exe etc...

Hope this helps.

Best regards,
Jeffrey Tan
Microsoft Online Community Support
==================================================
Get notification to my posts through email? Please refer to
http://msdn.microsoft.com/subscriptions/managednewsgroups/default.aspx#notif
ications.

Note: The MSDN Managed Newsgroup support offering is for non-urgent issues
where an initial response from the community or a Microsoft Support
Engineer within 1 business day is acceptable. Please note that each follow
up response may take approximately 2 business days as the support
professional working with you may need further investigation to reach the
most efficient resolution. The offering is not appropriate for situations
that require urgent, real-time or phone-based interactions or complex
project analysis and dump analysis issues. Issues of this nature are best
handled working with a dedicated Microsoft Support Engineer by contacting
Microsoft Customer Support Services (CSS) at
http://msdn.microsoft.com/subscriptions/support/default.aspx.
==================================================
This posting is provided "AS IS" with no warranties, and confers no rights.

.