News:

Masm32 SDK description, downloads and other helpful links
Message to All Guests
NB: Posting URL's See here: Posted URL Change

Main Menu

Detect if your Windows version is 32- or 64-bit

Started by jj2007, August 23, 2018, 01:20:01 PM

Previous topic - Next topic

bluedevil

i am sorry
i have find this after asking the question in the macros/macros.asm

  ; -----------------------
  ; test if file exists
  ; return values
  ; 1 = file exists
  ; 0 = file does not exist
  ; -----------------------
    fexist MACRO name_of_file
      IFNDEF __UNICODE__
        EXITM <rv(exist,name_of_file)>
      ELSE
        EXITM <rv(existW,name_of_file)>
      ENDIF
    ENDM
  ; -----------------------


And works nicely!
..Dreams make the future
But the past never lies..
BlueDeviL // SCT
My Code Site:
BlueDeviL Github

jj2007

Quote from: blue_devil on September 09, 2018, 04:48:28 PM
@jochen
how does your "Exist Macro" run on masm32
...
This is from MasmBasic.inc, but i cant find "MbExistP"

It's in \Masm32\MasmBasic\MasmBasic.lib

bluedevil

Quote from: jj2007 on September 09, 2018, 08:04:55 PM
It's in \Masm32\MasmBasic\MasmBasic.lib

I know it is in MasmBasic.lib but there is no MasmBasic.asm :icon_redface: right?
..Dreams make the future
But the past never lies..
BlueDeviL // SCT
My Code Site:
BlueDeviL Github

bluedevil

Quote from: jj2007 on August 25, 2018, 12:03:42 AM
Quote from: P1 on August 24, 2018, 11:32:01 PM
invoke GetNativeSystemInfo, addr lp_SYSTEM_INFO

Thanks, Michael - that's what I use already:
Win64 MACRO
  pushad
  ifndef SysInfo
.DATA?
SysInfo SYSTEM_INFO <>
.CODE
  endif
  mov ebx, offset SysInfo
  invoke GetNativeSystemInfo, ebx
  cmp [ebx.SYSTEM_INFO.wProcessorArchitecture], PROCESSOR_ARCHITECTURE_AMD64
  popad
  EXITM <Zero?>
ENDM


@jj .SYSTEM_INFO.wProcessorArchitecture returns the bitness of processor not the operating system right? Or am i missing something?

from MSDN network - SYSTEM_INFO
QuotewProcessorArchitecture

    The processor architecture of the installed operating system. This member can be one of the following values.
..Dreams make the future
But the past never lies..
BlueDeviL // SCT
My Code Site:
BlueDeviL Github

jj2007

Quote from: blue_devil on September 11, 2018, 07:24:39 AM@jj .SYSTEM_INFO.wProcessorArchitecture returns the bitness of processor not the operating system right? Or am i missing something?

Good question! And precise answer:
QuotewProcessorArchitecture

    The processor architecture of the installed operating system. This member can be one of the following values.
::)

bluedevil

Last night i have worked too much late. Then, i couldn't understand what i have read. :icon_redface:

QuotewProcessorArchitecture

    The processor architecture of the installed operating system. This member can be one of the following values.

I already have given answer to my question :icon_eek:
..Dreams make the future
But the past never lies..
BlueDeviL // SCT
My Code Site:
BlueDeviL Github

bluedevil

So we have 4 approaches to get bitness of windows

1.Hasherezade dedected an approach from the malware kronos. Interestingly cs returns 5 bit value when OS is 32bit and 6bit when OS is 64bit. So by checking the 6th bit from right to left you can dedect the bitness of operating system.
;hasherezade's apprach from kronos malware:
invoke StdOut, chr$("[ 1 ] hasherezade's apprach from kronos malware:",13,10)
invoke is_system64_bit
.if Zero?
print chr$("[ + ] 32-bit",13,10)
.else
print chr$("[ + ] 64-bit",13,10)
.endif
invoke StdOut, chr$(13,10,)


is_system64_bit PROC
; _______________________________________________________________________________
; Is your OS 64bit or not procedure
; Author    : hasherezade - https://gist.github.com/hasherezade/0994447e9d3dc184888fb2afd5a57301
; Receives  :
; Returns   : eax > 0 = 64-bit
; ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
    LOCAL flag:DWORD
   
    xor eax, eax
    mov ax, cs
    shr eax, 5
    mov flag, eax
    .IF flag > 0
        mov eax, TRUE
    .ELSE
        mov eax, FALSE
    .ENDIF
    ret
is_system64_bit ENDP


2. Checking the existance of  C:\Windows\SysWow64 we can dedect the bit level  of windows.
; Check if there is C:\Windows\SysWow64 directory:
print chr$("[ 2 ] SysWow64 directory exists?",13,10)
.if fexist("C:\Windows\SysWow64")
print chr$("[ + ] 64-bit",13,10)
.else
print chr$("[ + ] 32-bit",13,10)
.endif
invoke StdOut, chr$(13,10)


3. IsWow64ProcessAPI return value if the OS is running WOW64 or not.
; IsWow64ProcessAPI checks our OS runs WOW64:
print cfm$("[ 3 ] Query bitness with IsWow64Process APIs:\n")
xchg ebx, rv(GetProcAddress, rv(GetModuleHandle, "kernel32") , "IsWow64Process")
.if ebx
print "[ + ] IsWow64Process found: retval="
push eax
invoke IsWow64Process, rv(GetCurrentProcess), esp
pop ecx
mov bayrakIsWow64,cl
print str$(ecx),13,10
.if bayrakIsWow64==1
print chr$("[ + ] 64-bit",13,10)
.else
print chr$("[ + ] 32-bit",13,10)
.endif
.else
print "[ + ] IsWow64Process not found", 13, 10, 10
.endif
invoke StdOut, chr$(13,10)


4. Using GetNativeSystemInfo API with SYSTEM_INFO structure we can dedect our "installed operating systems processor type"
;05 GetNativeSystemInfo returns info to SYSTEM_INFO structure:
print cfm$("[ 4 ] Query bitness of OS with GetNativeSystemInfo API:\n")
mov ebx, offset sysinf
invoke GetNativeSystemInfo,ebx
cmp [ebx.SYSTEM_INFO.wProcessorArchitecture], PROCESSOR_ARCHITECTURE_AMD64
.if Zero?
print chr$("[ + ] 64-bit",13,10)
.else
print chr$("[ + ] 32-bit",13,10)
.endif


I add my sources; tested positive on vm/rm win10 x64 and vm win7 x86

@jj2007
You had shared 2 macros, but i have used the functions inside the macros in my sources. How can we use these macros inside the code as macros? I got error :/
..Dreams make the future
But the past never lies..
BlueDeviL // SCT
My Code Site:
BlueDeviL Github

jj2007

Quote from: blue_devil on September 13, 2018, 10:05:22 AM@jj2007
You had shared 2 macros, but i have used the functions inside the macros in my sources. How can we use these macros inside the code as macros? I got error :/

Sorry, tonight my crystal ball is not working properly :(

bluedevil

Quote from: jj2007 on September 13, 2018, 10:25:58 AM
Quote from: blue_devil on September 13, 2018, 10:05:22 AM@jj2007
You had shared 2 macros, but i have used the functions inside the macros in my sources. How can we use these macros inside the code as macros? I got error :/

Sorry, tonight my crystal ball is not working properly :(

::) :(
..Dreams make the future
But the past never lies..
BlueDeviL // SCT
My Code Site:
BlueDeviL Github

jj2007

a) which macros?
b) how did you use them?
c) how do you want to use them?
d) which errors?

bluedevil

Quote from: jj2007 on September 13, 2018, 05:16:58 PM
a) which macros?
b) how did you use them?
c) how do you want to use them?
d) which errors?
@jj sorry to bother you.
Macros are working, i just forgot to put paranthesis  :icon_redface: :(
wrong -> Win64
true -> Win64()
..Dreams make the future
But the past never lies..
BlueDeviL // SCT
My Code Site:
BlueDeviL Github

felipe

I have do it this in my little free time, i thought is not worthed to put this in a separete thread. Is just another bloated, but maybe effective too, way of get the bitness of the os. The .exe and .asm are attached. Here an explanation for those without the time to see the code:

Basically: 1) Run the systeminfo command from cmd redirecting the output to a .txt file.
                2) Scan the file for the string x32 or x64. This are unique strings in this output.
                3) And that's all folks.  :P

I have tested successfully in just 1 64 bit os (of course a windows one). It will be nice if someone can test it in a 32 bit system too. Ok bye.  :icon14:

Btw this is a 32 bits version, maybe if i have the time i will do it in a 64 bit one.  :icon14:

felipe

Here it is the same program that i uploaded above, but this is the 64 bit version (files .asm and .exe attached).  :icon14:

Raistlin

Don't we know 32 bit code runs on 64?
Don't we know 32 bit code is currently
faster than 64? Why the double effort?
Are you pondering what I'm pondering? It's time to take over the world ! - let's use ASSEMBLY...

felipe

Raistlin: If you are asking me why two versions of a program (32 and 64 bits) i think is worth the effort if you like to learn... :icon14:
If i had the time, i would learn even the itanium architecture (IA64)... :biggrin: