[SOLVED] Is there a way to determine if an exe is 32 or 64 bit?

Is there a way to determine if an exe is 32 or 64 bit?

I have a exe and when i run the exe I can see under the Platform column in Task Manager that it is 64 bit. Is there a way I can determine this without having to run the app ? I have looked at Powershell and seen this , but it comes up as 32 which is wrong ?

$FilePath = "C:\Program Files\UsersApp\userdetailsCfg.exe"

[int32]$MACHINE_OFFSET = 4
[int32]$PE_POINTER_OFFSET = 60

[byte[]]$data = New-Object -TypeName System.Byte[] -ArgumentList 4096
$stream = New-Object -TypeName System.IO.FileStream -ArgumentList ($FilePath, 'Open', 'Read')
$stream.Read($data, 0, 4096) | Out-Null

[int32]$PE_HEADER_ADDR = [System.BitConverter]::ToInt32($data, $PE_POINTER_OFFSET)
[int32]$machineUint = [System.BitConverter]::ToUInt16($data, $PE_HEADER_ADDR + $MACHINE_OFFSET)
$stream.Close()

$result = "" | select FilePath, FileType, Is64Bit
$result.FilePath = $FilePath
$result.Is64Bit = $false

switch ($machineUint) 
{
    0      { $result.FileType = 'Native' }
    0x014c { $result.FileType = 'x86' }
    0x0200 { $result.FileType = 'Itanium' }
    0x8664 { $result.FileType = 'x64'; $result.is64Bit = $true; }
}
$result

Solution

Task Manager is not the only option to check for bitness.

There are MS SysInternals tools. Specifically, sigcheck.exe.

Sigcheck is a command-line utility that shows file version number, timestamp information, and digital signature details, including certificate chains. It also includes an option to check a file’s status on VirusTotal, a site that performs automated file scanning against over 40 antivirus engines, and an option to upload a file for > scanning.

https://learn.microsoft.com/en-us/sysinternals/downloads/sigcheck

Other ways, including the above, are discussed here - reference:

How to Check if a Program (.EXE or .DLL) is 32-bit or 64-bit

All over the web, there are pre-built Powershell scripts for bitness checks that you can use as-is or tweak as needed.

PowerShell: Get-FileBitness

PSTip How to determine if a file is 32-bit or 64-bit

$MACHINE_OFFSET = 4
$PE_POINTER_OFFSET = 60
$MachineType = Write-Output Native I386 Itanium x64
 
$filePath = "$env:windir\notepad.exe"
$data = New-Object System.Byte[] 4096
$stream = New-Object System.IO.FileStream -ArgumentList $filePath,Open,Read
$stream.Read($data,0,$PE_POINTER_OFFSET) | Out-Null
$PE_HEADER_ADDR = [System.BitConverter]::ToInt32($data, $PE_POINTER_OFFSET)
$machineUint = [System.BitConverter]::ToUInt16($data, $PE_HEADER_ADDR + $MACHINE_OFFSET)
$MachineType[$machineUint]

Get-BinaryType function Finds bitness of .exe with Powershell