Why copying to system32 automatically copies to sysWOW64 instead?

Question

I\'m trying to copy a file to C:\\windows\\system32 by calling CopyFileA - debugging shows that indeed the string \"C:\\windows\\system32\\filename\" is sent to CopyFileA, b

Answer 1

On 64bit Windows, Windows does filesystem redirection for 32bit processes. To disable, call Wow64DisableWow64FsRedirection

For the app to also run on 32bit Windows XP, Wow64DisableWow64FsRedirection must be dynamically linked at run-time. Here is the code I use:

BOOL DisableWow64FsRedirection(PVOID* OldValue)
{
#ifdef WIN64
    UNREFERENCED_PARAMETER(OldValue);
    return TRUE;
#else
    typedef BOOL (WINAPI * LPWOW64DISABLEWOW64FSREDIRECTION)(PVOID *);

    LPWOW64DISABLEWOW64FSREDIRECTION    fnWow64DisableWow64FsRedirection;
    HMODULE                             kernelMod;
    BOOL                                success = TRUE;

    kernelMod = GetModuleHandleW(L"kernel32");
    if (kernelMod)
    {
        fnWow64DisableWow64FsRedirection = (LPWOW64DISABLEWOW64FSREDIRECTION)GetProcAddress(kernelMod, "Wow64DisableWow64FsRedirection");
        if (fnWow64DisableWow64FsRedirection)
            success = fnWow64DisableWow64FsRedirection(OldValue);
    }

    return success;
#endif
}

BOOL RevertWow64FsRedirection(PVOID OldValue)
{
#ifdef WIN64
    UNREFERENCED_PARAMETER(OldValue);
    return TRUE;
#else
    typedef BOOL (WINAPI * LPWOW64REVERTWOW64FSREDIRECTION)(PVOID);

    LPWOW64REVERTWOW64FSREDIRECTION fnWow64RevertWow64FsRedirection;
    HMODULE                         kernelMod;
    BOOL                            success = TRUE;

    kernelMod = GetModuleHandleW(L"kernel32");
    if (kernelMod)
    {
        fnWow64RevertWow64FsRedirection = (LPWOW64REVERTWOW64FSREDIRECTION)GetProcAddress(kernelMod, "Wow64RevertWow64FsRedirection");
        if (fnWow64RevertWow64FsRedirection)
            success = fnWow64RevertWow64FsRedirection(OldValue);
    }

    return success;
#endif
}