Eli Fulkerson .com HomeProjectsArchtype
 

Archtype.exe

Description:

Archtype.exe is a command line utility that examines executables (".exe"s) and determines whether they are compiled for 32 or 64 bit architectures. It also pulls out the build date, whether symbols are included and some other flags from COFF header.

Download:

archtype.exe
source code (its C#)

Example:


C:\archtype archtype.exe

        File : archtype.exe
Architecture : i386 (32-bit)
  Build Date : 2014-04-13 13:00:42
     Symbols : None
       Flags : IMAGE_FILE_EXECUTABLE_IMAGE
               IMAGE_FILE_32BIT_MACHINE

C:\

Usage:


C:\archtype /?

Usage: archtype.exe [/?] [/v] filename

Options:
    -?          Get this help screen.
    -v          Get version information.

Archtype opens up the specified files (or filenames, wildcards * ? are allowed) searches for
the headers of the executable.  It will attempt to identify:

Architecture : Either i386 (32bit), x86_64 (64bit) or IA64(Itanium)
Build Date   : The date the executable was created
Symbols      : Whether or not the executable contains debugging symbols
Flags        : These are the 'Characteristics' flags, reproduced below

Characteristics flags:
(reproduced from: http://msdn.microsoft.com/en-us/library/windows/desktop/ms680313(v=vs.85).aspx )
IMAGE_FILE_RELOCS_STRIPPED         = 0x0001,   // Relocation information was stripped from the file. The file
                                               // must be loaded at its preferred base address. If the base address
                                               // is not available, the loader reports an error.
IMAGE_FILE_EXECUTABLE_IMAGE        = 0x0002,   // The file is executable (there are no unresolved external references).
IMAGE_FILE_LINE_NUMS_STRIPPED      = 0x0004,   // COFF line numbers were stripped from the file.
IMAGE_FILE_LOCAL_SYMS_STRIPPED     = 0x0008,   // COFF symbol table entries were stripped from file.
IMAGE_FILE_AGGRESIVE_WS_TRIM       = 0x0010,   // Aggressively trim the working set. This value is obsolete.
IMAGE_FILE_LARGE_ADDRESS_AWARE     = 0x0020,   // The application can handle addresses larger than 2 GB.
IMAGE_FILE_BYTES_REVERSED_LO       = 0x0080,   // The bytes of the word are reversed. This flag is obsolete.
IMAGE_FILE_32BIT_MACHINE           = 0x0100,   // The computer supports 32-bit words.
IMAGE_FILE_DEBUG_STRIPPED          = 0x0200,   // Debugging information was removed and stored separately in another file.
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP = 0x0400,   // If the image is on removable media, copy it to and run it from the swap file.
IMAGE_FILE_NET_RUN_FROM_SWAP       = 0x0800,   // If the image is on the network, copy it to and run it from the swap file.
IMAGE_FILE_SYSTEM                  = 0x1000,   // The image is a system file.
IMAGE_FILE_DLL                     = 0x2000,   // The image is a DLL file. While it is an executable file, it cannot be run directly.
IMAGE_FILE_UP_SYSTEM_ONLY          = 0x4000,   // The file should be run only on a uniprocessor computer.
IMAGE_FILE_BYTES_REVERSED_HI       = 0x8000    // The bytes of the word are reversed. This flag is obsolete.


archtype.exe by Eli Fulkerson, August 2014
See http://www.elifulkerson.com for updates.
© 2024 Eli Fulkerson. All rights reserved. Sitemap.