使用WMI,如何确定远程进程是32位还是64位?

时间:2011-03-03 11:11:41

标签: c# 64-bit wmi win32-process

我有一个使用WMI从远程计算机查询的win32_process对象的集合。如何确定每个进程是32位还是64位?

2 个答案:

答案 0 :(得分:1)

WMI没有此功能。解决方案是通过P / Invoke使用IsWow64Process测试每个进程的HandleThis code应该可以帮助您理解。

答案 1 :(得分:0)

试试这个:

/// <summary>
/// Retrieves the platform information from the process architecture.
/// </summary>
/// <param name="path"></param>
/// <returns></returns>
public static string GetPlatform(string path)
{
    string result = "";
    try
    {
        const int pePointerOffset = 60;
        const int machineOffset = 4;
        var data = new byte[4096];
        using (Stream s = new FileStream(path, FileMode.Open, FileAccess.Read))
        {
            s.Read(data, 0, 4096);
        }
        // Dos header is 64 bytes, last element, long (4 bytes) is the address of 
        // the PE header
        int peHeaderAddr = BitConverter.ToInt32(data, pePointerOffset);
        int machineUint = BitConverter.ToUInt16(data, peHeaderAddr +
                                                      machineOffset);
        result = ((MachineType) machineUint).ToString();
    }
    catch { }

    return result;
}



public enum MachineType
{
    Native = 0,
    X86 = 0x014c,
    Amd64 = 0x0200,
    X64 = 0x8664
}
相关问题
最新问题