14

给定一个 Windows 进程句柄,我如何使用 C++ 代码确定该进程是 32 位还是 64 位?

4

5 回答 5

45

如果您有进程句柄,请使用IsWow64Process().

如果IsWow64Process()报告为真,则该进程是在 64 位操作系统上运行的 32 位进程。

如果IsWow64Process()报告错误(或不存在kernel32.dll),则该进程要么是在 32 位操作系统上运行的 32 位,要么是在 64 位操作系统上运行的 64 位。要知道操作系统本身是 32 位还是 64 位,请使用GetNativeSystemInfo()(或者GetSystemInfo()如果GetNativeSystemInfo()在 中不可用kernel32.dll)。

于 2013-01-06T20:58:25.040 回答
4 
BOOL IsWow64(HANDLE process)
{
    BOOL bIsWow64 = FALSE;

    typedef BOOL(WINAPI *LPFN_ISWOW64PROCESS) (HANDLE, PBOOL);
    LPFN_ISWOW64PROCESS fnIsWow64Process;
    fnIsWow64Process = (LPFN_ISWOW64PROCESS)GetProcAddress(GetModuleHandle(TEXT("kernel32")), "IsWow64Process");

    if (NULL != fnIsWow64Process)
    {
        if (!fnIsWow64Process(process, &bIsWow64))
        {
            //handle error
        }
    }
    return bIsWow64;
}

bool IsX86Process(HANDLE process)
{
    SYSTEM_INFO systemInfo = { 0 };
    GetNativeSystemInfo(&systemInfo);

    // x86 environment
    if (systemInfo.wProcessorArchitecture == PROCESSOR_ARCHITECTURE_INTEL)
        return true;

    // Check if the process is an x86 process that is running on x64 environment.
    // IsWow64 returns true if the process is an x86 process
    return IsWow64(process);
}
于 2018-12-06T12:02:51.920 回答
0

如果你有模块的句柄,那么你可以这样做:

IMAGE_NT_HEADERS * headers = ImageNtHeader(handle);

if ( headers->FileHeader.Machine == IMAGE_FILE_MACHINE_I386 )
{
    //module is x86
}
else if  ( headers->FileHeader.Machine == IMAGE_FILE_MACHINE_AMD64 )
{
    //module is x64
}

我从自己的回答中得到了帮助。

于 2013-01-06T16:43:07.250 回答
0

尝试

#include <Windows.h>
enum class process_architecture
{
    nun,
    x32,
    x64
};
enum class windows_architecture
{
    x32,
    x64
};
windows_architecture process::get_windows_architecture()
{
#ifdef _WIN64
    return windows_architecture::x64;
#else
    return windows_architecture::x32;
#endif
}

process_architecture get_process_architecture(DWORD id)
{
    BOOL is_wow_64 = FALSE;
    HANDLE h_process = OpenProcess(PROCESS_QUERY_LIMITED_INFORMATION, false, id);
    if (!h_process) return process_architecture::nun;
    bool result = IsWow64Process(h_process, &is_wow_64);
    CloseHandle(h_process);
    if (!result) return process_architecture::nun;
    if (is_wow_64) return process_architecture::x32;
    else if (get_windows_architecture() == windows_architecture::x32) return process_architecture::x32;
    else return process_architecture::x64;
}
于 2021-10-21T14:19:51.393 回答
0

如果您不想使用 Windows API,请尝试:

int main()
{
    const int* pInt = nullptr;
    if (sizeof(pInt) == 8)
    {
        std::cout << "64 bit process";
    }
    else if(sizeof(pInt) == 4)
    {
        std::cout << "32 bit process";
    }
return 0;
}
于 2022-01-31T13:39:46.957 回答