Quick way to tell if an installed application is 64-bit or 32-bit
I've got a third-party application (in this case Cognos Data Manager) installed on 64-bit Windows Server 2003.
Is there a quick way to determine if an application has been built/compiled as a 64-bit application or as a 32-bit application?
By default a program wanted to be installed in Program Files (x86). I'm guessing that means that it is a 32-bit version. I had to get it to talk to an Oracle database and to get that working I eventually reinstalled it in a directory path which didn't have brackets "(" and ")" in it, as that was causing a problem. I've also installed both 64-bit and 32-bit Oracle clients.
For future reference, I'd like to be able to type a command "xxxx fred.exe" and have it tell me whether fred.exe would be needing 32-bit or 64-bit setup (eg ODBC data sources etc).
211 Answers
If you run the application, in Task Manager it should have a *32 beside it to indicate it's 32-bit. I'm pretty sure they had this implemented in Server 2003, not positive though, hopefully someone can clarify.
You could also run it through PEiD. PEiD does not support 64-bit PEs, so it will choke if it's 64-bit.
There is also the famous GNU file for Windows. It will tell you all sorts of information about an executable.
Example:
$ file winrar-x64-392b1.exe
winrar-x64-392b1.exe: PE32+ executable for MS Windows (GUI)
$ file display.exe
display.exe: PE32 executable for MS Windows (GUI) Intel 80386 32-bit</pre>As you can see, the 64-bit WinRAR installer is classified as PE32+, which signifies a 64-bit executable. The 32-bit application is simply PE32, a 32-bit executable.
8The easiest way, without installing another program or running the file, is just to right click on the file, choose Properties, and then go the the Compatibility tab. If there are no greyed out options and Windows XP and 9x modes are offered, it's 32-bit. If there are greyed out options and Vista is the earliest mode offered, it's 64-bit. No need to start the application at all.
If the application is already started, you can of course still use the *32 idea mentioned in other answers. However, this is not available in Windows 8.x and its new task manager. Fortunately, you can enable a Platform column by right-clicking on the column headers in the Details tab and choosing Select columns. The column will contain either "32-bit" or "64-bit" as appropriate.
4If you got Visual Studio or the Platform SDK installed you can use dumpbin /headers to look at the PE header values.
Example for a 64-bit executable:
PE signature found
File Type: EXECUTABLE IMAGE
FILE HEADER VALUES 8664 machine (x64) 5 number of sections 4987EDCA time date stamp Tue Feb 03 08:10:02 2009 0 file pointer to symbol table 0 number of symbols F0 size of optional header 23 characteristics Relocations stripped Executable Application can handle large (>2GB) addresses
OPTIONAL HEADER VALUES 20B magic # (PE32+) 8.00 linker version 2A600 size of code 18A00 size of initialized data 0 size of uninitialized data 2AE90 entry point (000000000042AE90) 1000 base of code ...And for 32 bit:
PE signature found
File Type: EXECUTABLE IMAGE
FILE HEADER VALUES 14C machine (x86) 3 number of sections 4B0C786D time date stamp Wed Nov 25 01:21:01 2009 0 file pointer to symbol table 0 number of symbols E0 size of optional header 103 characteristics Relocations stripped Executable 32 bit word machine
OPTIONAL HEADER VALUES 10B magic # (PE32) 9.00 linker version 42000 size of code 4000 size of initialized data 6F000 size of uninitialized data B0EE0 entry point (004B0EE0) 70000 base of code ...The first value in the file header tells you the architecture: either 0x14C for x86 or 0x8664 for x64.
1If you have a hex editor program, just open your file with it and shortly after the standard header intro stuff (like "This program cannot be run in DOS mode...") you will see either
"PE..L" (hex code: 504500004C) = 32 bit
or
"PE..d†" (hex code: 504500006486) = 64 bit
5EXE Explorer
Executable File Explorer for OS/2, NE, PE32, PE32+ and VxD file types.
This application is based on MiTeC Portable Executable Reader. It reads and displays executable file properties and structure. It is compatible with PE32 (Portable Executable), PE32+ (64bit), NE (Windows 3.x New Executable) and VxD (Windows 9x Virtual Device Driver) file types. .NET executables are supported too.
It enumerates introduced classes, used units and forms for files compiled by Borland compilers.
Note: It comes with a GUI and lets you 'explore' the Windows binary file structure.
Sadly, it does not seem to even accept a target binary to open from the command line.
But the detail it gives might be useful in some cases.
You can check using sigcheck.exe which is part of Sysinternals Suite, e.g.
$ sigcheck.exe some_app.exe
Sigcheck v2.51 - File version and signature viewer
Copyright (C) 2004-2016 Mark Russinovich
Sysinternals -
C:/Program Files (x86)/Foo App\some_app.exe: Verified: Signed Signing date: 14:48 23/12/2015 Publisher: X Company: X Description: X Product: Some App Prod version: 5.0.0.1241 File version: 5.0.0.1241 MachineType: 32-bitAnother simple way is to use PESnoop:
C:\> pesnoop photoshop.exe /pe_dh
------------------------------------------------------------------------------- PESnoop 2.0 - Advanced PE32/PE32+/COFF OBJ,LIB command line dumper by yoda
-------------------------------------------------------------------------------
Dump of file: photoshop.exe...
Modus: 64bit Portable Executable Image...
...One place to get PESnoop is here:
-- Dave
And for you GUI enthusiasts, the absolute easiest way is to install this Explorer extension:
-- Dave
1Dependency Walker is a useful GUI tool to verify not only exe files but also DLL files. A 64 bit DLL or EXE file will have a little 64 icon next to it.
filever /bad *.exeWAMD64 or W32i or W16 will be in the first column.
If you run the program, you can use "Process Monitor" (ProcMon) from Sysinternal Suite.
Its portable and gives you a lot of info about your processes.
1More in general
"Zoraya ter Beek, age 29, just died by assisted suicide in the Netherlands. She was physically healthy, but psychologically depressed. It's an abomination that an entire society would actively facilitate, even encourage, someone ending their own life because they had no hope. Th…"
