How to interpret the CorFlags flags?

Question

How do I interpret the CorFlags flags and how should I use it to determine if a .NET assembly was built for x86 or x64?

Could it be the following?

co         


        

Answer 1

To add more detail to the other answers, the actual important value is the hexadecimal CorFlags value since it carries the most information. Here's the list of bits that comprise it:

[Flags]
public enum CorFlags
{
    ILOnly           = 0x00000001,
    Requires32Bit    = 0x00000002,
    ILLibrary        = 0x00000004,
    StrongNameSigned = 0x00000008,
    NativeEntryPoint = 0x00000010,
    TrackDebugData   = 0x00010000,
    Prefers32Bit     = 0x00020000,
}

Corflags outputs the four bits of this value separately (ILONLY, 32BITREQ, 32BITPREF and Signed). However the full CorFlags value also contains information about whether the assembly is strong-name signed or delay signed (0x8 bit) as well as ILLibrary, NativeEntryPoint and TrackDebugData bits (I don't know what those mean).

Note that CorFlags output Signed is not exactly the StrongNameSigned bit. It will print Signed 1 if the assembly is either delay-signed or fully signed, whereas StrongNameSigned bit is set if the assembly is fully signed only.