hfxiang

利用楼主的工具及思路，做了个测试pe文件 Subsystem及Machine 的脚本，以便得知所下载的应用其使用环境。请指教。

示例：peinfo.cmd 7za.exe 7za64.exe ldd.exe ldd64.exe

第 1 个文件：
"G:\Program Files\depends_dlls\depends\7za.exe"
Machine = [0x014C] - Intel 386.
Subsystem = [0x0003] - CLI

第 2 个文件：
"G:\Program Files\depends_dlls\depends\7za64.exe"
Machine = [0x8664] - AMD64 (K8)
Subsystem = [0x0003] - CLI

第 3 个文件：
"G:\Program Files\depends_dlls\depends\ldd.exe"
Machine = [0x014C] - Intel 386.
Subsystem = [0x0003] - CLI

第 4 个文件：
"G:\Program Files\depends_dlls\depends\ldd64.exe"
Machine = [0x8664] - AMD64 (K8)
Subsystem = [0x0003] - CLI



::------------------------------------以下部分为脚本内容，请以ANSI格式保存为PeInfo.cmd------------------------------------

@setlocal enabledelayedexpansion
@rem 保存echo状态
@set echo=off
@for /f "delims=" %%a in ('echo') do @(
        if "%%a"=="ECHO 处于打开状态。" @set echo=on
        if "%%a"=="ECHO is on." @set echo=on
)
@echo off
echo;正在执行：&&echo;"%~0" %*&&echo;

@rem 设置文件计数器
set /a nnn=0

@rem 判断参数是否包含文件夹
set "IsFolder="
for %%a in (%*) do (
        set "Dir_a=%%~aa"
        if defined Dir_a if "[!Dir_a:~0,1!]"=="[d]" set "IsFolder=%%~a"
)

@rem 添加文件查询路径（主要为%~dp0及%~dp1）
echo;%path%|find.exe /i "%~dp0;">nul 2>&1 || path %~dp0;%path%
if defined IsFolder echo;%path%|find.exe /i "%IsFolder%;">nul 2>&1 || path %IsFolder%;%path%

@rem 设置工作目录
cd /d "%~dp0"
if defined IsFolder cd /d "%IsFolder%"

@rem 测试peinfo.exe文件路径
set "FilePath="
for %%a in ("peinfo.exe") do (
        if not "[%%~$path:a]"=="[]" for %%b in ("%%~$path:a") do (
                set "Dir_a=%%~ab"
                if defined Dir_a if not "[!Dir_a:~0,1!]"=="[d]" set "FilePath=%%~fb"
        )
)
if not defined FilePath  echo;&&echo;“peinfo.exe”指令文件（应用程序）不在PATH环境变量指定的路径中，请先安装“peinfo.exe”应用程序后再重试&&echo;请按任意键退出脚本&&goto :ExitBatch
set "peinfo_path=%FilePath%"

if defined IsFolder (
        @rem echo;文件夹优先级高于文件，本次只处置文件夹 %IsFolder% 下的 exe 文件
        for /r "%IsFolder%" %%a in (*.exe) do if exist "%%~fa" call :Detach_file "%peinfo_path%" "%%~fa"
) else (
        @rem echo;本次处理的是参数列表中的文件
        for %%a in (%*) do if exist "%%~fa" call :Detach_file "%peinfo_path%" "%%~fa"
)

:ExitBatch
:End
(
        echo !echo!
        if /i %nnn% EQU 0 echo;未找到指定文件，请做相应检查后重试！！！&&echo;
        endlocal
        echo;脚本运行结束，请按任意键（建议按“空格键”）退出。
        pause>nul
        exit /b
)

:Detach_file
call :Pe_Info "%~f1" "%~f2" Machine Subsystem
set /a nnn+=1
echo;
echo;第 !nnn! 个文件：
echo;"%~f2"
echo;
echo;Machine = %Machine%
echo;Subsystem = %Subsystem%
echo;
echo;校验指令：
echo;"%~f1" "%~f2" /Subsystem /Machine
echo;
exit /b

:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
:Pe_Info <Find_PE_info_app> <PE_info_to_be_found> [Machine] [Subsystem]
:: 说明： 查找应用程序Machine及Subsystem；
::  %1        输入：Find_PE_info_app    -- 工具程序PeInfo.exe全路径
::  %2        输入：PE_info_to_be_found -- 待查找应用程序全路径
::  %3        输出：Machine             -- CPU架构
::  %4        输出：Subsystem           -- 子系统
setlocal enabledelayedexpansion
set "Machine="
set "Subsystem="
for /f "skip=1 tokens=1,3" %%a in ('@"%~f1" "%~f2" /Subsystem /Machine 2^>nul') do set "%%a=%%b"

if /i "[%Machine%]" == "[0x0000]" (set "Machine=[%Machine%] - UNKNOWN"
) else if /i "[%Machine%]" == "[0x014c]" (set "Machine=[%Machine%] - Intel 386."
) else if /i "[%Machine%]" == "[0x0160]" (set "Machine=[%Machine%] - big-endian"
) else if /i "[%Machine%]" == "[0x0166]" (set "Machine=[%Machine%] - MIPS little-endian"
) else if /i "[%Machine%]" == "[0x0168]" (set "Machine=[%Machine%] - MIPS little-endian"
) else if /i "[%Machine%]" == "[0x0169]" (set "Machine=[%Machine%] - MIPS little-endian WCE v2"
) else if /i "[%Machine%]" == "[0x0184]" (set "Machine=[%Machine%] - Alpha_AXP"
) else if /i "[%Machine%]" == "[0x01a2]" (set "Machine=[%Machine%] - SH3 little-endian"
) else if /i "[%Machine%]" == "[0x01a3]" (set "Machine=[%Machine%] - SH3DSP"
) else if /i "[%Machine%]" == "[0x01a4]" (set "Machine=[%Machine%] - SH3E little-endian"
) else if /i "[%Machine%]" == "[0x01a6]" (set "Machine=[%Machine%] - SH4 little-endian"
) else if /i "[%Machine%]" == "[0x01a8]" (set "Machine=[%Machine%] - SH5"
) else if /i "[%Machine%]" == "[0x01c0]" (set "Machine=[%Machine%] - ARM Little-Endian"
) else if /i "[%Machine%]" == "[0x01c2]" (set "Machine=[%Machine%] - THUMB"
) else if /i "[%Machine%]" == "[0x01d3]" (set "Machine=[%Machine%] - AM33"
) else if /i "[%Machine%]" == "[0x01F0]" (set "Machine=[%Machine%] - IBM PowerPC Little-Endian"
) else if /i "[%Machine%]" == "[0x01f1]" (set "Machine=[%Machine%] - POWERPCFP"
) else if /i "[%Machine%]" == "[0x0200]" (set "Machine=[%Machine%] - Intel 64"
) else if /i "[%Machine%]" == "[0x0266]" (set "Machine=[%Machine%] - MIPS"
) else if /i "[%Machine%]" == "[0x0284]" (set "Machine=[%Machine%] - ALPHA64"
) else if /i "[%Machine%]" == "[0x0366]" (set "Machine=[%Machine%] - MIPS"
) else if /i "[%Machine%]" == "[0x0466]" (set "Machine=[%Machine%] - MIPS"
) else if /i "[%Machine%]" == "[0x0284]" (set "Machine=[%Machine%] - ALPHA64"
) else if /i "[%Machine%]" == "[0x0520]" (set "Machine=[%Machine%] - Infineon"
) else if /i "[%Machine%]" == "[0x0CEF]" (set "Machine=[%Machine%] - CEF"
) else if /i "[%Machine%]" == "[0x0EBC]" (set "Machine=[%Machine%] - EFI Byte Code"
) else if /i "[%Machine%]" == "[0x8664]" (set "Machine=[%Machine%] - AMD64 (K8)"
) else if /i "[%Machine%]" == "[0x9041]" (set "Machine=[%Machine%] - M32R little-endian"
) else if /i "[%Machine%]" == "[0xAA64]" (set "Machine=[%Machine%] - ARM64"
) else if /i "[%Machine%]" == "[0xC0EE]" (set "Machine=[%Machine%] - CEE"
) else (set "Machine=[-%Machine%-] - UNKNOWN"
)

if /i "[%Subsystem%]" == "[0x0002]" (set "Subsystem=[%Subsystem%] - GUI"
) else if /i "[%Subsystem%]" == "[0x0003]" (set "Subsystem=[%Subsystem%] - CLI"
) else (set "Subsystem=[-%Subsystem%-] - UNKNOWN"
)

endlocal&set "%3=%Machine%"&set "%4=%Subsystem%"&goto :EOF
:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::

::------------------------------------脚本内容到此为止，请以ANSI格式保存为PeInfo.cmd------------------------------------