how to check if exe is set as LARGEADDRESSAWARE

16.1k views Asked by At

I am developing a C# program that will load files and get information such as loaded file created date, modification date, size etc. Another thing that I need to know is whether the loaded file (executable.exe) is linked with the LARGEADDRESSAWARE flag. The FileInfo class doesn't provide this information.

Does anyone know how in C# can I find out whether a given executable.exe is linked with the LARGEADDRESSAWARE flag (to handle addresses larger than 2 GB)?

3

There are 3 answers

0
Will On BEST ANSWER

Here is some code that checks for the Large Address Aware flag. All you have to do is pass a stream that is pointed to the start of an executable.

IsLargeAware("some.exe");

static bool IsLargeAware(string file)
{
    using (var fs = File.OpenRead(file))
    {
        return IsLargeAware(fs);
    }
}
/// <summary>
/// Checks if the stream is a MZ header and if it is large address aware
/// </summary>
/// <param name="stream">Stream to check, make sure its at the start of the MZ header</param>
/// <exception cref=""></exception>
/// <returns></returns>
static bool IsLargeAware(Stream stream)
{
    const int IMAGE_FILE_LARGE_ADDRESS_AWARE = 0x20;

    var br = new BinaryReader(stream);

    if (br.ReadInt16() != 0x5A4D)       //No MZ Header
        return false;

    br.BaseStream.Position = 0x3C;
    var peloc = br.ReadInt32();         //Get the PE header location.

    br.BaseStream.Position = peloc;
    if (br.ReadInt32() != 0x4550)       //No PE header
        return false;

    br.BaseStream.Position += 0x12;
    return (br.ReadInt16() & IMAGE_FILE_LARGE_ADDRESS_AWARE) == IMAGE_FILE_LARGE_ADDRESS_AWARE;
}
1
M.Babcock On

The MSDN documentation for /LARGEADDRESSAWARE states:

If an application was linked with /LARGEADDRESSAWARE, DUMPBIN /HEADERS will display information to that effect.

If you're looking for a way to do this programatically, you could invoke dumpbin from your application and parse the output.

Update:

There is also a good blog post here that discusses the issue in more depth.

0
Michael Fitzpatrick On

From Will's answer above I'm using the following in my x86 setup package:

    static bool LargeAware(string file) {
        using (var fs = File.Open(file, FileMode.Open, FileAccess.ReadWrite, FileShare.None)) {
            bool b = LargeAware(fs);
            fs.Close();
            return b;
        }
    }

    const int IMAGE_FILE_LARGE_ADDRESS_AWARE = 0x20;
    static bool LargeAware(Stream stream) {

        var br = new BinaryReader(stream);
        var bw = new BinaryWriter(stream);

        if (br.ReadInt16() != 0x5A4D)       //No MZ Header
            return false;

        br.BaseStream.Position = 0x3C;
        var peloc = br.ReadInt32();         //Get the PE header location.

        br.BaseStream.Position = peloc;
        if (br.ReadInt32() != 0x4550)       //No PE header
            return false;

        br.BaseStream.Position += 0x12;
        long nFilePos = (int)br.BaseStream.Position;
        Int16 nLgaInt = br.ReadInt16();
        bool bIsLGA = (nLgaInt & IMAGE_FILE_LARGE_ADDRESS_AWARE) == IMAGE_FILE_LARGE_ADDRESS_AWARE;
        if (bIsLGA)
            return true;
        nLgaInt |= IMAGE_FILE_LARGE_ADDRESS_AWARE;
        long nFilePos1 = bw.Seek((int)nFilePos, SeekOrigin.Begin);
        bw.Write(nLgaInt);
        bw.Flush();
        long nFilePos2 = br.BaseStream.Seek(nFilePos, SeekOrigin.Begin);
        nLgaInt = br.ReadInt16();
        bIsLGA = (nLgaInt & IMAGE_FILE_LARGE_ADDRESS_AWARE) == IMAGE_FILE_LARGE_ADDRESS_AWARE;
        return bIsLGA;
    }