Is My Windows 64-bit or 32-bit? Detecting with MASM32 Assembly

Kategori Genel
13.09.2018
854 Okunma

Hi, after seeing how kronos malware detect the bitness of Windows and jj2007‘s topic on MASM32 forums, i have decided to write a small application and learn how to detect windows’ bit level by using MASM32 and WINAPI.

hasherezade’s approach

Thanks to hasherezade, the technique which she had found in kronos malware is unique. Interestingly cs returns 5-bit value when OS is 32-bit and 6-bit when OS is 64-bit. So by checking the 6th bit from right to left you can dedect the bitness of operating system.

Checking If C:\Windows\SysWow64 Directory Exists

By checking the existance of C:\Windows\SysWow64 directory we can dedect the bit level of windows.

Using IsWow64Process API

IsWow64ProcessAPI return value if the OS is running WOW64 or not. So we can detect that if we are on 64-bit or 32-bit windows:

Using GetNativeSystemInfo API and SYSTEM_INFO struct

Using GetNativeSystemInfo API with SYSTEM_INFO structure, we can detect our “installed operating systems processor type”

English Commented RadASM Project:
[dm]172[/dm]

Turkish Commented Source Codes:
[dm]170[/dm]
[dm]171[/dm]

Comments of this post

Henüz yorum bulunmuyor!