Skip to content

Instantly share code, notes, and snippets.

What would you like to do?
Checks if the system is 32 or 64 bit
#ifdef _MSC_VER
#include <stdint.h>
#include <inttypes.h>
#include <stdio.h>
bool is_system64_bit()
uint32_t flag = 0;
#ifdef _MSC_VER
__asm {
xor eax, eax
mov ax, cs
shr eax, 5
mov flag, eax
__asm__ volatile (
"xor %%eax, %%eax \n"
"mov %%cs, %%ax \n"
"shr $5, %%eax \n"
"mov %%eax, %0 \n"
:"=r"(flag) /* flag is output operand */
: /* no input operand */
:"%eax"); /* %eax is clobbered */
return (flag > 0);
int main()
bool is64bit = is_system64_bit();
if (is64bit) {
printf("64 bit\n");
} else {
printf("32 bit\n");
return is64bit;

This comment has been minimized.

Copy link
Owner Author

commented Aug 15, 2017

This is a trick that I found in Kronos malware. I am not the author.
Read also this document:


This comment has been minimized.

Copy link

commented Aug 16, 2017

Interesting! Does this help in avoiding detection in any way? Like instead of using something like sizeof(int) or value of size_t ...

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.