一个工具是sigcheck:

sigcheck c:\Windows\winhlp32.exe

输出:

Sigcheck v2.71 - File version and signature viewer
Copyright (C) 2004-2018 Mark Russinovich
Sysinternals - www.sysinternals.com

c:\windows\winhlp32.exe:
        Verified:       Signed
        Signing date:   20:05 02.05.2022
        Publisher:      Microsoft Windows
        Company:        Microsoft Corporation
        Description:    Windows Winhlp32 Stub
        Product:        Microsoft® Windows® Operating System
        Prod version:   10.0.19041.1
        File version:   10.0.19041.1 (WinBuild.160101.0800)
        MachineType:    32-bit

sigcheck -nobanner c:\Windows\HelpPane.exe

输出:

c:\windows\HelpPane.exe:
        Verified:       Signed
        Signing date:   00:42 23.04.2022
        Publisher:      Microsoft Windows
        Company:        Microsoft Corporation
        Description:    Microsoft Help and Support
        Product:        Microsoft® Windows® Operating System
        Prod version:   10.0.19041.1151
        File version:   10.0.19041.1151 (WinBuild.160101.0800)
        MachineType:    64-bit

澄清一下，CorFlags.exe是. net Framework SDK的一部分。我的机器上有开发工具，对我来说，确定DLL是否仅为32位的最简单方法是:

打开Visual Studio命令提示符(Windows系统:菜单开始/程序/Microsoft Visual Studio/Visual Studio工具/Visual Studio 2008命令提示符) CD到包含有关DLL的目录 像这样运行corflags: corflags MyAssembly.dll

你会得到这样的输出:

Microsoft (R) .NET Framework CorFlags Conversion Tool.  Version  3.5.21022.8
Copyright (c) Microsoft Corporation.  All rights reserved.

Version   : v2.0.50727
CLR Header: 2.5
PE        : PE32
CorFlags  : 3
ILONLY    : 1
32BIT     : 1
Signed    : 0

根据评论，上述标志的解读如下:

任意CPU: PE = PE32, 32BIT = 0 x86: PE = PE32, 32BIT = 1 64位:PE = PE32+， 32BIT = 0

检查.NET程序集的目标平台的另一种方法是使用.NET Reflector检查程序集…

@ # ~ #€~ !我刚刚意识到新版本不是免费的!因此，更正一下，如果你有一个。net reflector的免费版本，你可以用它来检查目标平台。

下面是一个批处理文件，它将针对当前工作目录和所有子目录中的所有DLL文件和EXE文件运行corflags.exe，解析结果并显示每个目标体系结构。

Depending on the version of corflags.exe that is used, the line items in the output will either include 32BIT, or 32BITREQ (and 32BITPREF). Whichever of these two is included in the output is the critical line item that must be checked to differentiate between Any CPU and x86. If you are using an older version of corflags.exe (pre Windows SDK v8.0A), then only the 32BIT line item will be present in the output, as others have indicated in past answers. Otherwise 32BITREQ and 32BITPREF replace it.

这假设corflags.exe在%PATH%. exe文件中。确保这一点的最简单方法是使用开发人员命令提示符。或者，您也可以从默认位置复制它。

如果下面的批处理文件是针对一个非托管DLL或EXE文件运行的，它将错误地显示为x86，因为Corflags.exe的实际输出将是一个类似于:

CF008:指定的文件没有有效的托管头

@echo off

echo.
echo Target architecture for all exes and dlls:
echo.

REM For each exe and dll in this directory and all subdirectories...
for %%a in (.exe, .dll) do forfiles /s /m *%%a /c "cmd /c echo @relpath" > testfiles.txt

for /f %%b in (testfiles.txt) do (
    REM Dump corflags results to a text file
    corflags /nologo %%b > corflagsdeets.txt

   REM Parse the corflags results to look for key markers
   findstr /C:"PE32+">nul .\corflagsdeets.txt && (
      REM `PE32+` indicates x64
        echo %%~b = x64
    ) || (
      REM pre-v8 Windows SDK listed only "32BIT" line item,
      REM newer versions list "32BITREQ" and "32BITPREF" line items
        findstr /C:"32BITREQ  : 0">nul /C:"32BIT     : 0" .\corflagsdeets.txt && (
            REM `PE32` and NOT 32bit required indicates Any CPU
            echo %%~b = Any CPU
        ) || (
            REM `PE32` and 32bit required indicates x86
            echo %%~b = x86
        )
    )

    del corflagsdeets.txt
)

del testfiles.txt
echo.

一个工具是sigcheck:

sigcheck c:\Windows\winhlp32.exe

输出:

Sigcheck v2.71 - File version and signature viewer
Copyright (C) 2004-2018 Mark Russinovich
Sysinternals - www.sysinternals.com

c:\windows\winhlp32.exe:
        Verified:       Signed
        Signing date:   20:05 02.05.2022
        Publisher:      Microsoft Windows
        Company:        Microsoft Corporation
        Description:    Windows Winhlp32 Stub
        Product:        Microsoft® Windows® Operating System
        Prod version:   10.0.19041.1
        File version:   10.0.19041.1 (WinBuild.160101.0800)
        MachineType:    32-bit

sigcheck -nobanner c:\Windows\HelpPane.exe

输出:

c:\windows\HelpPane.exe:
        Verified:       Signed
        Signing date:   00:42 23.04.2022
        Publisher:      Microsoft Windows
        Company:        Microsoft Corporation
        Description:    Microsoft Help and Support
        Product:        Microsoft® Windows® Operating System
        Prod version:   10.0.19041.1151
        File version:   10.0.19041.1151 (WinBuild.160101.0800)
        MachineType:    64-bit

cfeduke注意到调用GetPEKind的可能性。在PowerShell中进行这个操作可能会很有趣。

例如，下面是可以使用的cmdlet代码:https://stackoverflow.com/a/16181743/64257

另外，在https://stackoverflow.com/a/4719567/64257网站上提到“PowerShell社区扩展中也有Get-PEHeader cmdlet，可以用来测试可执行图像。”