x
This website is using cookies. We use cookies to ensure that we give you the best experience on our website. More info. That's Fine
HPC:Factor Logo 
 

Using a HEX editor to ascertain the CPU architecutre of a Windows CE .exe file or .dll

CESD|200268

Applies To

  • Windows CE 1.0
  • Windows CE 2.0
  • Windows CE 2.10, 2.11, 2.12
  • Windows CE 3.0
  • Windows CE .net 4.0, 4.1, 4.2
  • Windows CE 5.0
  • Windows CE 6.0
  • Windows CE 7.0
  • Windows CE 8.0

Overview

This article demonstrates how to discern the supported CPU architecutre of a Windows CE .exe file or .dll file using a standard HEX editor program. This is useful if you need to evaluate the compatibility of a file but do not have a specific evaliation tool such as Windows-CE-PE-Info to hand to evaluate the PE header for you.

More Info

You will require any binary file compatibile HEX Editor/Viewer in order to evaluae the PE header to deduce the binary architecture. You can evaluate the PE header on any operating system or platform (including Windows CE iteself). It will make no difference to the result if you use Windows, Max, Linux, Windows CE or any other system to open the file.

Please Note: The following procedure will only work on MS-DOS 2.0 or higher .exe files that expose the standard MZ header. Not all executable programs are necessarily compiled using this method - although most are. This process will not help you to evaludate Windows CE CAB installer files.

How To

  1. Open the .exe file or .dll file in the HEX Editor / HEX Viewer. It will look similar to the screenshot below.xx
    Hex Editor Screenshot with a Windows CE .exe open in it
  2. Ensure that the file has a MZ header: On the HEX view (left hand side) the first two bytes will be "4D, 5A". Displayed on the right hand string view, the same first two bytes will read "MZ".
    Note: The presence of the string "This program cannnot be run in DOS mode." is also a typical give-away of that the file has the correct header.
  3. On the right hand side, locate the string "This program cannnot be run in DOS mode."
  4. Follow in a left to right fashion from the end of the "This program cannnot be run in DOS mode." string in the string viewer until you encouter "P, E" (or 50, 45 in the HEX view).
  5. Immediately after the PE there will be two blank characters (bytes), skip over these two blanks onto the first character following the blanks (Á in the image above).
  6. On the HEX view, note the HEX value for the first type byes that come after HEX 50, 45, 00, 00.
    In the example above the value following 50, 45, 00, 00 is: C0, 01
  7. Reverse the byte i.e. C0, 01 becomes 01, C0 which can be formatted as 0x01C0
    Note:
    The 0x is used to indicate that the value following 0x is a Hexadecimal value and not a decimal or octal value.
  8. You can now use the list below to lookup the compiler architecture used to create the binary file.

CPU Architecture HEX Codes

  • 0x0000 - CEF - Common Executable Format
  • 0x01A2 - SH3
  • 0x01A6 - SH4
  • 0x014C - x86
  • 0x0166 - MIPS R4000
  • 0x01C0 - ARM
  • 0x01C2 - Thumb
  • 0x01F0 - PowerPC
  • 0x0200 - IA64
  • 0x8664 - AMD64

See Also

View: Windows-CE-PE-Info