Enumerating 32-bit modules from 32-bit processes in WOW64
- From: "Philip Sloss" <stuff@xxxxxxxxx>
- Date: Sun, 12 Jun 2005 23:14:03 -0000
When I enumerate the modules in a 32-bit process from either the same or
other 32-bit process running in WOW64, the behavior I'm seeing is that the
path reported from some of the modules points to the 64-bit system directory
(%windir%\system32), while others point to the WOW64 system directory
(%windir%\SysWOW64).
First, is anyone else seeing this behavior? And second, is this the
intended behavior?
There does seem to be some inconsistency in the paths -- if I run a 32-bit
program through a 32-bit debugger and watch the DLL load events, the paths
to the Windows modules point to the WOW64 system directory.
I've looked at a few different methods for enumerating modules in a process;
so far, this mix of system32/syswow64 paths appears via calls to the
Toolhelp functions, the PSAPI functions, and also calling NTDLL functions.
Thanks,
Philip Sloss
.
- Follow-Ups:
- Re: Enumerating 32-bit modules from 32-bit processes in WOW64
- From: Jochen Kalmbach [MVP]
- Re: Enumerating 32-bit modules from 32-bit processes in WOW64
- From: Jochen Kalmbach [MVP]
- Re: Enumerating 32-bit modules from 32-bit processes in WOW64
- Prev by Date: Getting user logon data in Win98, how?
- Next by Date: Re: Getting user logon data in Win98, how?
- Previous by thread: Getting user logon data in Win98, how?
- Next by thread: Re: Enumerating 32-bit modules from 32-bit processes in WOW64
- Index(es):
