我正在使用Sigcheck检查exe文件(MSACCESS.EXE)的MachineType
如果Sigcheck指出exe的MachineType是32位GOTO ...
如果Sigcheck指出exe的MachineType是64位GOTO ...
该怎么写?终端中Sigcheck.exe的输出为:
c:\program files (x86)\microsoft office\office16\MSACCESS.EXE:
Verified: Signed Signing date: 9:51 AM 1/23/2019 Publisher: Microsoft Corporation Company: Microsoft Corporation Description: Microsoft Access Product: Microsoft Office 2016 Prod version: 16.0.4813.1000 File version: 16.0.4813.1000 MachineType: 32-bit
更新:
This is the output I am receiving
更多详细信息:
使用Sigcheck.exe
我首先运行以下批处理脚本:
@echo off
sigcheck.exe "C:\Program Files (x86)\Microsoft Office\Office16\MSACCESS.EXE"
接着你说的话:
Set TestPath=%1
for /F "delims=" %%l in ('sigcheck %TestPath%^|findstr MachineType') do set ArchLine=%%l
if not "%ArchLine%"=="%ArchLine:64=%" echo The file is 64bit
if not "%ArchLine%"=="%ArchLine:32=%" echo The file is 32bit
永远不会有两个32/64位响应,因为我只指向1个文件。
因此在这种情况下,它应该只说“文件为32位”
更新2:
@echo off
sigcheck.exe "c:\program files (x86)\microsoft office\root\office16\MSACCESS.EXE"
Set TestPath=%1
:: See if sigcheck is in the path
where sigcheck.exe 2>NUL 1>NUL
if not "%ERRORLEVEL%"=="0" echo sigcheck.exe is not in your path && PAUSE
:: Make sure the file exists
if not exist "%TestPath%" echo %TestPath% does not exist && PAUSE
for /F "delims=" %%l in ('sigcheck %TestPath%^|findstr MachineType') do set ArchLine=%%l
if not "%ArchLine%"=="%ArchLine:n/a=%" echo Not an executable file && PAUSE
if not "%ArchLine%"=="%ArchLine:64=%" echo 64bit
if not "%ArchLine%"=="%ArchLine:32=%" echo 32bit
以下是我得到的完整答复:
Sigcheck v2.72 - File version and signature viewer Copyright (C) 2004-2019 Mark Russinovich Sysinternals - www.sysinternals.com c:\program files (x86)\microsoft office\root\office16\MSACCESS.EXE: Verified: Signed Signing date: 6:18 AM 3/6/2019 Publisher: Microsoft Corporation Company: Microsoft Corporation Description: Microsoft Access Product: Microsoft Office Prod version: 16.0.11328.20158 File version: 16.0.11328.20158 MachineType: 32-bit does not exist Press any key to continue . . .
答案 0 :(得分:0)
这应该有效。 我已经删除了东西供您查找。
@echo off
:: Assign the first parameter passed to this batch file to the
:: following variable. This batch NEEDs something to look up.
Set PEBinaryPath=%~1
:: Make sure the caller passed at least one command line parameter.
if "%PEBinaryPath%"=="" (
echo %~nx0 requires one parameter.
echo This parameter is the path to a PE binary to check for compiled architecture.
echo Ie. %~nx0 "%windir%\Sytem32\notepad.exe"
goto :EOF
)
:: See if sigcheck is in the path
where sigcheck.exe 2>NUL 1>NUL
if not "%ERRORLEVEL%"=="0" echo sigcheck.exe is not in your path&& goto :EOF
:: Make sure the file exists
if not exist "%PEBinaryPath%" echo %PEBinaryPath% does not exist&& goto :EOF
:: Take the output from sigcheck, parse it and put it into a variable called MachineTypeLine
for /F "delims=" %%l in ('sigcheck "%PEBinaryPath%"^|findstr MachineType') do set MachineTypeLine=%%l
:: See if the line contains "n/a", 64, or 32
if not "%MachineTypeLine%"=="%MachineTypeLine:n/a=%" echo Not a PE format binary file&& goto :EOF
if not "%MachineTypeLine%"=="%MachineTypeLine:64=%" echo 64bit
if not "%MachineTypeLine%"=="%MachineTypeLine:32=%" echo 32bit
结果:
C:\>test.bat
test.bat requires one parameter.
This parameter is the path to a PE binary to check for compiled architecture.
Ie. test.bat "C:\WINDOWS\Sytem32\notepad.exe"
C:\>test.bat c:\windows\system.ini
Not an executable file
C:\>test.bat c:\bobs\yeruncle.exe
c:\bobs\yeruncle.exe does not exist
C:\>test.bat c:\windows\System32\notepad.exe
64bit
C:\>test.bat c:\windows\SysWOW64\notepad.exe
32bit
对于/ F ,它运行命令并将发现的内容放入变量中。
/ F命令运行为 sigcheck ,但我将结果通过管道传送到 findstr 对我来说大部分解析。我们没有这样做,但是可以确定 很多 更容易,因为它只给我返回包含单词“ MachineType “
结果变量( ArchLine )看起来像(包括空格)
MachineType: 64-bit
祝你好运!