Is My Windows 64-bit or 32-bit? Detecting with MASM32 Assembly

Kategori Genel
622 Okunma

Hi, after seeing how kronos malware detect the bitness of Windows and jj2007‘s topic on MASM32 forums, i have decided to write a small application and learn how to detect windows’ bit level by using MASM32 and WINAPI.

hasherezade’s approach

Thanks to hasherezade, the technique which she had found in kronos malware is unique. Interestingly cs returns 5-bit value when OS is 32-bit and 6-bit when OS is 64-bit. So by checking the 6th bit from right to left you can dedect the bitness of operating system.

Checking If C:\Windows\SysWow64 Directory Exists

By checking the existance of C:\Windows\SysWow64 directory we can dedect the bit level of windows.

Using IsWow64Process API

IsWow64ProcessAPI return value if the OS is running WOW64 or not. So we can detect that if we are on 64-bit or 32-bit windows:

Using GetNativeSystemInfo API and SYSTEM_INFO struct

Using GetNativeSystemInfo API with SYSTEM_INFO structure, we can detect our “installed operating systems processor type”

English Commented RadASM Project: İndir: [SCT]BitnessDetectorCLIENG (14.44KB)
Tarih: 13/09/2018
Tıklanma: 118
Açıklama: Detects if our windows is 32bit or 64bit. Source codes are inside the zip package as RadASM Project. Pass: sctzine

Turkish Commented Source Codes: İndir: [SCT]BitnessDetectorCLI (8.81KB)
Tarih: 11/09/2018
Tıklanma: 132
Açıklama: Bu komut satırı aracı ve kaynak kodlar işletim sistemimizin kaç bit olduğunu 4 farklı yöntemle gösteriyor. Parola : sctzine İndir: [SCT]BitnessDetectorGUI (1.10MB)
Tarih: 11/09/2018
Tıklanma: 135
Açıklama: Bu grafik kullanıcı arayüzlü küçük araç ve kaynak kodları işletim sistemimizin bit seviyesini gösteriyor. 32 bit mi 64 bit mi? 4 farklı yöntem kullanıyor. Parola:sctzine

Share Button

Comments of this post

Henüz yorum bulunmuyor!