Ken1943 wrote:
I would like to add a question. Is running a Disassembler on a program
tell what "bitness" a program is ? Not that I would know what to look for
!!
KenW
http://en.wikipedia.org/wiki/Portable_Executable
Binaries are marked as PE32 or PE32+, to indicate
32 bit or 64 bit operation.
And yes, you're right, running a disassembler,
you would see 64 bit instructions on a 64 bit
executable.
But for a quick look, sniffing the PE type is
all that's needed.
A port of the "file" program can do that for you,
as it reads select portions of files to identify
the type. There's also at least one VBScript
that does that sort of thing.
*******
The hardest part of using these packages, is making sure
they're in your execution path.
http://gnuwin32.sourceforge.net/packages/file.htm
To use it, the invocation would be:
file.exe blah.exe
and file then checks the header of blah.exe
to see whether it's PE32 or PE32+. (I included
the exe on the end of file, to point out it is
a Windows executable.)
If you booted a Linux LiveCD, it has the file
command as well (it originated on UNIX).
file blah.exe
HTH,
Paul