Detecting processor architecture of a specific process in C #

Question

Detecting processor architecture of a specific process in C #

I am writing code in C #. My code will work in mode Any CPUand promoted.

My goal is to list all the processes in the machine using Process.GetProcesses(), and for each process its CPU architecture is discovered: x86 , x64 or IA64 . strong>.

I am implementing code injection in C # and you need to define the architecture of the target process to decide which opcodes to enter.

How to do it?

Thank.

+3

c # .net process cpu-architecture detect

Dxck Jan 08 '11 at 18:10

source share

6 answers

Alastair Maw · Answer 1 · 2011-03-01T16:05:03+0000

Definition:

    [DllImport("kernel32.dll")]
    internal static extern void GetNativeSystemInfo(ref SystemInfo lpSystemInfo);

    [DllImport("kernel32.dll")]
    internal static extern void GetSystemInfo(ref SystemInfo lpSystemInfo);

    [StructLayout(LayoutKind.Sequential)]
    internal struct SystemInfo
    {
        public ushort wProcessorArchitecture;
        public ushort wReserved;
        public uint dwPageSize;
        public IntPtr lpMinimumApplicationAddress;
        public IntPtr lpMaximumApplicationAddress;
        public UIntPtr dwActiveProcessorMask;
        public uint dwNumberOfProcessors;
        public uint dwProcessorType;
        public uint dwAllocationGranularity;
        public ushort wProcessorLevel;
        public ushort wProcessorRevision;
    }

    internal const ushort ProcessorArchitectureIntel = 0;
    internal const ushort ProcessorArchitectureIa64 = 6;
    internal const ushort ProcessorArchitectureAmd64 = 9;
    internal const ushort ProcessorArchitectureUnknown = 0xFFFF;

GetNativeSystemInfo , . GetSystemInfo , ( , GetNativeSystemInfo, ).

: 32- Windows wProcessorArchitecture == ProcessorArchitectureIntel.

64- Windows wProcessorArchitecture == ProcessorArchitectureIntel GetSystemInfo, wProcessorArchitecture == ProcessorArchitectureAmd64 GetNativeSystemInfo, 32- .

, , ProcessorArchitectureAmd64, 64- 64- Windows.

adrianbanks · Answer 2 · 2011-01-08T18:31:43+0000

Win32, :

[System.Runtime.InteropServices.DllImport("kernel32.dll")]
public static extern bool IsWow64Process(System.IntPtr hProcess, out bool lpSystemInfo);

public bool IsWow64Process(System.Diagnostics.Process process)
{
    bool retVal = false;
    IsWow64Process(process.Handle, out retVal);
    return retVal;
}

IsWow64Process(process) , 64- . , , x64 IA64, "".

Ben Voigt · Answer 3 · 2011-01-08T19:48:26+0000

p/invoke QueryFullProcessImageName GetProcessImageFileName, PE .exe .

Ross K. · Answer 4 · 2011-08-07T17:35:07+0000

Alastair , IsWow64Process, WinApi. .

    /// <summary>
    /// TRUE if the process is running under WOW64. That is if it is a 32 bit process running on 64 bit Windows.
    /// If the process is running under 32-bit Windows, the value is set to FALSE. 
    /// If the process is a 64-bit application running under 64-bit Windows, the value is also set to FALSE.
    /// </summary>
    [DllImport( "kernel32.dll" )]
    static extern bool IsWow64Process( System.IntPtr aProcessHandle, out bool lpSystemInfo );

    /// <summary>
    /// Indicates if the process is 32 or 64 bit.
    /// </summary>
    /// <param name="aProcessHandle">process to query</param>
    /// <returns>true: process is 64 bit; false: process is 32 bit</returns>
    public static bool Is64BitProcess( System.IntPtr aProcessHandle )
    {
        bool lIs64BitProcess = false;
        if ( System.Environment.Is64BitOperatingSystem ) {
            IsWow64Process( aProcessHandle, out lIs64BitProcess );
        }
        return lIs64BitProcess;
    }

Felice Pollano · Answer 5 · 2011-01-08T18:24:00+0000

P/Invoke:

BOOL WINAPI IsWow64Process(  __in   HANDLE hProcess, __out  PBOOL Wow64Process);

Jimmy · Answer 6 · 2013-10-15T16:50:50+0000

, y'all , . 64- WOW64, 32- (. IsWow64Process). , IsWow64Process, . :

/// <summary>
/// TRUE if the process is running under WOW64. That is if it is a 32 bit process running on 64 bit Windows.
/// If the process is running under 32-bit Windows, the value is set to FALSE. 
/// If the process is a 64-bit application running under 64-bit Windows, the value is also set to FALSE.
/// </summary>
[DllImport("kernel32.dll", SetLastError=true)]
static extern bool IsWow64Process(System.IntPtr aProcessHandle, out bool isWow64Process);

/// <summary>
/// Indicates if the process is 32 or 64 bit.
/// </summary>
/// <param name="aProcessHandle">process to query</param>
/// <returns>true: process is 64 bit; false: process is 32 bit</returns>
public static bool Is64BitProcess(System.IntPtr aProcessHandle)
{
    if (!System.Environment.Is64BitOperatingSystem)
        return false;

    bool isWow64Process;
    if (!IsWow64Process(aProcessHandle, out isWow64Process))
        throw new Win32Exception(Marshal.GetLastWin32Error());

    return !isWow64Process;
}

Detecting processor architecture of a specific process in C #

More articles: