Thanks to Shay Levy from http://powershellmagazine.com for showing how to do this: here's a small function that returns the architecture an executable was compiled for:
function Get-FileArchitecture { param ( $filePath = "$env:windir\notepad.exe" ) $Architecture = 'Native,I386,Itanium,x64'.Split(',') $data = New-Object System.Byte[] 4096 $stream = New-Object System.IO.FileStream -ArgumentList $filePath,Open,Read [void]$stream.Read($data,0,60) $PE_HEADER_ADDR = [System.BitConverter]::ToInt32($data, 60) $Architecture[[System.BitConverter]::ToUInt16($data, $PE_HEADER_ADDR + 4)] }
Simply submit a path to an exe file, and you get back the architecture it was compiled for.
This line would dump all non-64-bit applications from your Windows folder (which you would, of course, only run on a 64-bit system):
Get-ChildItem $env:windir -Filter *.exe -ErrorAction SilentlyContinue -Recurse | ForEach-Object { $arch = Get-FileArchitecture $_.FullName if ('x64','native' -notcontains $arch) { $object = $_ | Select-Object -Property Name, Architecture, FullName $object.Architecture = $arch $object } }
