Author:猪头三
The times, doing to modify code of ordinary 32bit program on Ring3 for compatible with 64bit system, Log to modify and learn depth of heart on here.
Program territory is wide range, Anybody go through is limit, And I isn't specialist, So I always principle is: When use, study, and log.
Only private base knowledge is strong, and take some new , that is going well.
1. Redirection mechanism and aim of 64bit system
64bit Windows system use redirection mechanism for not have wrong to compatible 32bit program run on 64bit system.Aim is to let's 32bit program can handle key file and key register, and avoid clash with 64bit program.
Microsoft use redirection's principle is simple, That has two copys for key file/folder or key register, one copy is accessed by 32bit program, one copy is accessed by 64bit program.
2. How control 32bit and 64bit program access the corresponding copy by 64bit system, The question is kernel featrue of redirection.
Example: 31bit program need access system32 directory on 64bit Windows.
The natural case: System directory turn to syswow64 directory on redirection mechanism of 64bit Windows systemer internal, Infact operate syswow64.
System32 directory is used for 64bit program, Syswow64 directory is used for 32bit program.
Code example: 32bit program have code:
deletefile('c:\windows\system32\a.txt') ;
On 64bit system,The code will delete a.txt on syswow64 directory, won't delete a.txt on system32.
3. If 32bit program access real system32 directory , How to do?
Microsoft offer a suit of API, can do it. Through Wow64DisableWow64FsRedirection and Wow64RevertWow64FsRedirection API fit use.
Code example: 32bit program have code
Wow64DisableWow64FsRedirection // Close redirection
deletefile('c:\windows\system32\a.txt') ;
Wow64RevertWow64FsRedirection // Recover redirection
he code will delete a.txt on system32 directory, won't delete a.txt on syswow64 directory.
4. When whole disk enumerate system directory and 32bit program don't close redirection feature , Can both enumerate 32bit and 64 bit directory?
Through test, Can't enumerate in the meantime, only do two repeat scan, First enumerate 32bit directory on open redirection, Then second close redirection, after enumerate 64bit directory.
6. Have copy of register after redirection?
YES
Example:32bit program regular access HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID' on 64bit Windows system
Because redirection intervene, 32bit access 'HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432node\CLSID'
7. When whole disk enumerate system directory and 32bit program don't close redirection feature , Can both enumerate 32bit and 64 bit register imformation?
Through test, Can't enumerate in the meantime, only do two repeat scan, First enumerate 32bit register imformation on open redirection, Then second close redirection, after enumerate 64bit register imformation.
8. 32bit program don't close redirection feature on 64bit windows system, Can access key directory and key register of 32bit copy by hard code.
Yes,Can do.
Code example:
deletefile('c:\windows\syswow64\a.txt') ;
No comments:
Post a Comment