14

Given a Windows process handle, how can I determine, using C++ code, whether the process is 32 bit or 64 bit?

Cœur
  • 37,241
  • 25
  • 195
  • 267
Johnny Pauling
  • 12,701
  • 18
  • 65
  • 108
  • 1
    maybe this can help? http://stackoverflow.com/questions/495244/how-can-i-test-a-windows-dll-to-determine-if-it-is-32bit-or-64bit – Andy Prowl Jan 06 '13 at 16:29
  • I mean process module (HANDLE) – Johnny Pauling Jan 06 '13 at 16:29
  • @AndyProwl might be useful, is there an api to detect whether the module is 32 or 64? – Johnny Pauling Jan 06 '13 at 16:30
  • well, the first answer on that page says just that: "You can also use the ImageHelp API to do this - load the DLL with LoadImage and you'll get a LOADED_IMAGE structure which will contain a pointer to an IMAGE_NT_HEADERS structure. Deallocate the LOADED_IMAGE with ImageUnload." – Andy Prowl Jan 06 '13 at 16:31
  • Did you check this thread? http://superuser.com/questions/103071/quick-way-to-tell-if-an-installed-application-is-64-bit-or-32-bit – Arvind Jan 06 '13 at 16:31
  • 2
    @user1824407: He really meant **module**. Better get used to Windows terminology when commenting on Windows questions. – IInspectable Jan 06 '13 at 16:43
  • @Tim If he meant module, then he got the terms wrong too. The correct term is process. – David Heffernan Jan 06 '13 at 20:59
  • @JohnnyPauling If you have a `HANDLE` to a process, then you are asking how to find out information about processes other than the calling process. In which case you Nawaz's answer, which you accepted does not answer the question. – David Heffernan Jan 06 '13 at 21:02
  • @AndyProwl , LoadImage ? you maybe want to say ImageLoad? – milevyo May 01 '17 at 12:11
  • @HarryJohnston if your reopening was justified, please remove the link to the duplicate, otherwise please re-close the Question. – Cœur Jul 08 '18 at 16:06
  • @Cœur, neither the question as asked nor the accepted answer are the same as the proposed duplicate. But given the ambiguity I'm voting to close as unclear. – Harry Johnston Jul 08 '18 at 21:05

5 Answers5

48

If you have a process handle, use IsWow64Process().

If IsWow64Process() reports true, the process is 32-bit running on a 64-bit OS.

If IsWow64Process() reports false (or does not exist in kernel32.dll), then the process is either 32-bit running on a 32-bit OS, or is 64-bit running on a 64-bit OS. To know if the OS itself is 32-bit or 64-bit, use GetNativeSystemInfo() (or GetSystemInfo() if GetNativeSystemInfo() is not available in kernel32.dll).

Remy Lebeau
  • 555,201
  • 31
  • 458
  • 770
  • 6
    This is great, I've seen so many answers that forget to check what happens if IsWow64Process is false and assume that the system is 32-bit! – i_saw_drones Jun 30 '14 at 09:30
  • 1
    Note: better always use GetNativeSystemInfo, because GetSystemInfo returns the architecture the app was built for, if running under WOW64. – Darxis Jan 26 '17 at 00:34
  • 1
    @Darxis `GetNativeSystemInfo()` is not available on older systems, which is why I put `native` in parenthesis, to go along with the fact that `IsWow64Process()` is not always available. I have reworded my answer. – Remy Lebeau Jan 26 '17 at 01:03
  • Since this is now resurrected (irony that I would be seeing it today; I figured this independently so thanks for confirming that I did have the algorithm right), how far back are we talking about by "older systems"? I imagine I don't need to do this if I'm targeting Vista or by coincidence XP, right? – andlabs Jan 26 '17 at 07:35
  • 1
    @andlabs `IsWow64Process()` was introduced in XP SP2. `GetNativeSystemInfo()` was introduced in XP, not sure if it was in RTM or a SP. – Remy Lebeau Jan 26 '17 at 15:11
  • @RemyLebeau How does `GetSystemInfo()` tell you if the OS is 32-bit or 64-bit? All I can see is the processor architecture which is not the same thing. – steinybot Mar 28 '19 at 04:40
  • @Steiny the processor architecture is *exactly* how you find out. Some processors are 32bit, others are 64bit. The OS bitness matches the processor bitness. – Remy Lebeau Mar 28 '19 at 05:22
4
BOOL IsWow64(HANDLE process)
{
    BOOL bIsWow64 = FALSE;

    typedef BOOL(WINAPI *LPFN_ISWOW64PROCESS) (HANDLE, PBOOL);
    LPFN_ISWOW64PROCESS fnIsWow64Process;
    fnIsWow64Process = (LPFN_ISWOW64PROCESS)GetProcAddress(GetModuleHandle(TEXT("kernel32")), "IsWow64Process");

    if (NULL != fnIsWow64Process)
    {
        if (!fnIsWow64Process(process, &bIsWow64))
        {
            //handle error
        }
    }
    return bIsWow64;
}

bool IsX86Process(HANDLE process)
{
    SYSTEM_INFO systemInfo = { 0 };
    GetNativeSystemInfo(&systemInfo);

    // x86 environment
    if (systemInfo.wProcessorArchitecture == PROCESSOR_ARCHITECTURE_INTEL)
        return true;

    // Check if the process is an x86 process that is running on x64 environment.
    // IsWow64 returns true if the process is an x86 process
    return IsWow64(process);
}
Peter
  • 1,591
  • 6
  • 19
2

If you have handle to the module then you can do this:

IMAGE_NT_HEADERS * headers = ImageNtHeader(handle);

if ( headers->FileHeader.Machine == IMAGE_FILE_MACHINE_I386 )
{
    //module is x86
}
else if  ( headers->FileHeader.Machine == IMAGE_FILE_MACHINE_AMD64 )
{
    //module is x64
}

I took help from my own answer.

Community
  • 1
  • 1
Nawaz
  • 353,942
  • 115
  • 666
  • 851
  • 10
    That's utterly pointless. Since the function only works within the calling process, you are simply trying to determine whether or not the calling process is a 32 or 64 bit process. But you know that when you compiled. Crazy to run code to find out something known at compile time. – David Heffernan Jan 06 '13 at 21:01
  • 2
    Note that the (handle) to ImageNtHeader is *not* the same as a windows process HANDLE! ImageNtHeader expects a HMODULE/HINSTANCE, which is a totally different thing than the HANDLE that you might get from OpenProcess or similar. – BrendanMcK Jan 07 '13 at 16:08
0

Try

#include <Windows.h>
enum class process_architecture
{
    nun,
    x32,
    x64
};
enum class windows_architecture
{
    x32,
    x64
};
windows_architecture process::get_windows_architecture()
{
#ifdef _WIN64
    return windows_architecture::x64;
#else
    return windows_architecture::x32;
#endif
}

process_architecture get_process_architecture(DWORD id)
{
    BOOL is_wow_64 = FALSE;
    HANDLE h_process = OpenProcess(PROCESS_QUERY_LIMITED_INFORMATION, false, id);
    if (!h_process) return process_architecture::nun;
    bool result = IsWow64Process(h_process, &is_wow_64);
    CloseHandle(h_process);
    if (!result) return process_architecture::nun;
    if (is_wow_64) return process_architecture::x32;
    else if (get_windows_architecture() == windows_architecture::x32) return process_architecture::x32;
    else return process_architecture::x64;
}
Андрей Петрашевич
  • 135
  • 1
  • 6
0

If you do not want to use windows API, try:

int main()
{
    const int* pInt = nullptr;
    if (sizeof(pInt) == 8)
    {
        std::cout << "64 bit process";
    }
    else if(sizeof(pInt) == 4)
    {
        std::cout << "32 bit process";
    }
return 0;
}
Shashank
  • 116
  • 1
  • 5