Skip to content

Instantly share code, notes, and snippets.

What would you like to do?
Checks if the system is 32 or 64 bit
#ifdef _MSC_VER
#include <stdint.h>
#include <inttypes.h>
#include <stdio.h>
bool is_system64_bit()
uint32_t flag = 0;
#ifdef _MSC_VER
__asm {
xor eax, eax
mov ax, cs
shr eax, 5
mov flag, eax
__asm__ volatile (
"xor %%eax, %%eax \n"
"mov %%cs, %%ax \n"
"shr $5, %%eax \n"
"mov %%eax, %0 \n"
:"=r"(flag) /* flag is output operand */
: /* no input operand */
:"%eax"); /* %eax is clobbered */
return (flag > 0);
int main()
bool is64bit = is_system64_bit();
if (is64bit) {
printf("64 bit\n");
} else {
printf("32 bit\n");
return is64bit;
Copy link

hasherezade commented Aug 15, 2017

This is a trick that I found in Kronos malware. I am not the author.
Read also this document:

Copy link

CodeMaxx commented Aug 16, 2017

Interesting! Does this help in avoiding detection in any way? Like instead of using something like sizeof(int) or value of size_t ...

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment