Skip to content

Instantly share code, notes, and snippets.

What would you like to do?
Get-BinaryType function Finds bitness of .exe witih Powershell
function Get-BinaryType
Gets the binary executable type for a given set of files
PowerShell wrapper around the GetBinaryType Windows API that inspects file headers
and reports the binary file type (e.g., 32-bit Windows app, 64-bit Windows app,
16-bit DOS/Windows app, etc.)
File path(s) to inspect
#Reports the file type of C:\Windows\Explorer.exe:
Get-BinaryType C:\Windows\Explorer.exe
#Attempts to get the binary type of all files in the current directory
Get-ChildItem | where { !$_.PsIsContainer } | Get-BinaryType
#Attempts to get the binary type of all exe files in the windows directory,
#ignoring any non-terminating errors
Get-ChildItem $env:windir -filter *.exe | Get-BinaryType -ErrorAction SilentlyContinue
#From a 32bit process on a 64 bit Windows install, attempts to get the binary type of all exe files
#in the windows system32 directory by bypassing filesystem redirection using "sysnative",
#ignoring any non-terminating errors, and finally showing the file name and binary type
Get-ChildItem $env:windir\sysnative -filter *.exe | Get-BinaryType -ErrorAction SilentlyContinue -passthrough | select Name,BinaryType
Author: Battleship, Aaron Margosis
SupportsShouldProcess = $false,
ConfirmImpact = "none",
DefaultParameterSetName = ""
HelpMessage = "Enter binary file(s) to examine",
Position = 0,
Mandatory = $true,
ValueFromPipeline = $true,
ValueFromPipelineByPropertyName = $true
[ValidateScript({Test-Path $_.FullName})]
#add the enum for the binary types
#Using more user friendly names since they won't likely be used outside this context
Add-Type "
public enum BinaryType
BIT32 = 0, // A 32-bit Windows-based application, SCS_32BIT_BINARY
DOS = 1, // An MS-DOS – based application, SCS_DOS_BINARY
WOW = 2, // A 16-bit Windows-based application, SCS_WOW_BINARY
PIF = 3, // A PIF file that executes an MS-DOS based application, SCS_PIF_BINARY
POSIX = 4, // A POSIX based application, SCS_POSIX_BINARY
OS216 = 5, // A 16-bit OS/2-based application, SCS_OS216_BINARY
BIT64 = 6 // A 64-bit Windows-based application, SCS_64BIT_BINARY
catch {} #type already been loaded, do nothing
# create the win32 signature
$Signature =
public static extern bool GetBinaryType(
string lpApplicationName,
ref int lpBinaryType
# Create a new type that lets us access the Windows API function
Add-Type -MemberDefinition $Signature `
-Name BinaryType `
-Namespace Win32Utils
catch {} #type already been loaded, do nothing
foreach ($Item in $Path)
$ReturnedType = -1
Write-Verbose "Attempting to get type for file: $($Item.FullName)"
$Result = [Win32Utils.BinaryType]::GetBinaryType($Item.FullName, [ref] $ReturnedType)
#if the function returned $false, indicating an error, or the binary type wasn't returned
if (!$Result -or ($ReturnedType -eq -1))
Write-Error "Failed to get binary type for file $($Item.FullName)"
$ToReturn = [BinaryType]$ReturnedType
if ($PassThrough)
#get the file object, attach a property indicating the type, and passthru to pipeline
Get-Item $Item.FullName -Force |
Add-Member -MemberType noteproperty -Name BinaryType -Value $ToReturn -Force -PassThru
#Put enum object directly into pipeline
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.