0

Is there some sort of Windows API or other reasonably straightforward way to determine whether or not the currently running program has IMAGE_FILE_LARGE_ADDRESS_AWARE enabled? I know that I can open up the process's exe as a file, read its header information, and parse it somewhere out of there, but if there's some cleaner way to do it, I'd like to know.

To be clear: I am talking about the currently executing process - i.e. I want to write code that detects this flag (or lack thereof) for its own executable, not for some entirely different executable.

Bob Vesterman
  • 1,127
  • 1
  • 11
  • 31

1 Answers1

1

Use the GlobalMemoryStatusEx function to query the amount of virtual memory available to your process.

If ullTotalVirtual returns more than 2GB in a 32-bit process you know the LARGE_ADDRESS_AWARE flag is set.

Jonathan Potter
  • 36,172
  • 4
  • 64
  • 79
  • Thanks, but if I understand correctly this is not exactly what I'm looking for (I might have phrased it poorly). This tells you that more than 2GB is available, not whether or not the flag is set. The flag can be set without more than 2GB being available. I literally want to know whether or not the flag is set, not whether or not more than 2GB is available. – Bob Vesterman Nov 25 '14 at 21:47
  • @BobVesterman If the flag is set more than 2GB will be available, that's the whole point of the flag. Remember this is virtual address space, not physical memory. – Jonathan Potter Nov 25 '14 at 21:50
  • The whole purpose of the flag is to increase the amount of virtual memory available to the process. There is no point in looking for the actual flag itself, you should be looking for the effect that the flag triggers - ie more virtual memory being available. What's the point in just looking for the flag itself? – Remy Lebeau Nov 25 '14 at 21:51
  • Remy, please believe me that I am literally looking for whether or not the flag is set. If you think that's a pointless thing to be literally looking for, so be it, but it's what I'm looking for nonetheless. – Bob Vesterman Nov 25 '14 at 21:51
  • The **only way** a 32-bit process has more than 2GB of virtual address space is if the flag is set... – Jonathan Potter Nov 25 '14 at 21:52
  • 1
    The ONLY way to look for the actual flag is to parse the executable's PE header. There is no API for querying the value of the flag. – Remy Lebeau Nov 25 '14 at 21:52
  • 1
    Jonathan, are you sure about that? I believe that the flag has no effect on certain operating systems (e.g. XP if I remember correctly), if, for example, the 3GB switch is not enabled in boot.ini. – Bob Vesterman Nov 25 '14 at 21:55
  • I know the only way it has more than 2GB is if the flag is set. But I don't think it's true that it necessarily has more than 2GB if the flag is set. Both are important to me. – Bob Vesterman Nov 25 '14 at 21:56
  • @Bob Parse the file if you must then – David Heffernan Nov 27 '14 at 04:40