Re: Enumerating 32-bit modules from 32-bit processes in WOW64

I don't have anymore an IA64 with win2003-gold handy to check this,
so, I cannot answer for sure.
I seem to recall the behavior of the loader has always been as described
below.

In any case, there has been a good amount work on the Wow64 subsystem
in order to achieve parity with the pure win32 environment,
in the x64 release timeframe, so, I would not be surprised if something
has/had changed
in the way results are presented.

The reason why this is a so much interesting detail, is still not clear in
this thread.

--
This posting is provided "AS IS" with no warranties, and confers no rights.
Use of any included script samples are subject to the terms specified at
http://www.microsoft.com/info/cpyright.htm


"Philip Sloss" <development@xxxxxxxxx> wrote in message
news:O91XvMQcFHA.4028@xxxxxxxxxxxxxxxxxxxxxxx
> "Ivan Brugiolo [MSFT]" <ivanbrug@xxxxxxxxxxxxxxxxxxxx> wrote in message
> news:uptjKuPcFHA.3560@xxxxxxxxxxxxxxxxxxxxxxx
> > The rule of the thumb is the following:
> >
> > ntdll.dll is special, and, it should be `c:\windows\system32\ntdll.dll`
> > always,
> > at least from the point of view of hte loader list.
> > (smss.exe has that different, for a reason that would take a long time
to
> > explain)
> > in 32-bit processes under Wow64, the DllSearch path has
> > `c:\windows\syswow64` first,
> > so, unqualified laod will go over there.
> > Qualified loads will go to `c:\windows\system32`, internally redirected
to
> > syswow64.
>
> Hi Ivan,
>
> Thanks for the clarification. Hope you don't mind one more: has this
> behavior been changed from the IA-64 releases, or has it been the same
since
> the original IA-64 release?
>
> Thanks,
>
> Philip Sloss
>
>


.

Relevant Pages

  • Re: Detecting OS loader lock
    ... For the same reason it would be very nice to either ... get the loader lock's state, or a "try" version of critical APIs like ... entries in the event log, the service runs, everything looks ok -> hmm why ...
    (microsoft.public.win32.programmer.kernel)
  • Re: Please revert git commit 1ad3dcc0
    ... The only reason was a failed LTP testcase which fills up the FD table and then called exec. ... loader and MISC_FMT_OPEN_BINARY, and the ELF loader _does_ actually do it for the case. ... there wasn't any reason to return EMFILE. ... If the spec did require it, then that would be an argument that the LTP testcase is valid, and for keeping the original patch. ...
    (Linux-Kernel)
  • Re: Scandal over swearing ZX interface
    ... the loader, as I recall. ... Techno-Cop has something along those lines. ... was it Paperboy, it was some Elite game from long ago) ...
    (comp.sys.sinclair)
  • Re: [ANNOUNCE] Release Digsig 1.5: kernel module for run-timeauthentication of binaries
    ... you don't sign nor need to sign perl or bash scripts. ... Why would a loader ... be written in ELF itself? ... There's absolutely no reason for that. ...
    (Linux-Kernel)
  • Re: PXE Loader register dump
    ... > Building the boot loader arguments ... > Relocating the loader and the BTX ... the BIOS executed a breakpoint for some reason: ... like it is supposed to just keep going when it hits a breakpoint. ...
    (freebsd-current)