Why copying to system32 automatically copies to sysWOW64 instead?

陌路散爱 提交于 2019-12-04 03:17:53

问题


I'm trying to copy a file to C:\windows\system32 by calling CopyFileA - debugging shows that indeed the string "C:\windows\system32\filename" is sent to CopyFileA, but my file is copied to "C:\windows\system32\sysWOW64\filename" instead. Does anyone know why does that happen?


回答1:


On 64bit Windows, Windows does filesystem redirection for 32bit processes. To disable, call Wow64DisableWow64FsRedirection

For the app to also run on 32bit Windows XP, Wow64DisableWow64FsRedirection must be dynamically linked at run-time. Here is the code I use:

BOOL DisableWow64FsRedirection(PVOID* OldValue)
{
#ifdef WIN64
    UNREFERENCED_PARAMETER(OldValue);
    return TRUE;
#else
    typedef BOOL (WINAPI * LPWOW64DISABLEWOW64FSREDIRECTION)(PVOID *);

    LPWOW64DISABLEWOW64FSREDIRECTION    fnWow64DisableWow64FsRedirection;
    HMODULE                             kernelMod;
    BOOL                                success = TRUE;

    kernelMod = GetModuleHandleW(L"kernel32");
    if (kernelMod)
    {
        fnWow64DisableWow64FsRedirection = (LPWOW64DISABLEWOW64FSREDIRECTION)GetProcAddress(kernelMod, "Wow64DisableWow64FsRedirection");
        if (fnWow64DisableWow64FsRedirection)
            success = fnWow64DisableWow64FsRedirection(OldValue);
    }

    return success;
#endif
}

BOOL RevertWow64FsRedirection(PVOID OldValue)
{
#ifdef WIN64
    UNREFERENCED_PARAMETER(OldValue);
    return TRUE;
#else
    typedef BOOL (WINAPI * LPWOW64REVERTWOW64FSREDIRECTION)(PVOID);

    LPWOW64REVERTWOW64FSREDIRECTION fnWow64RevertWow64FsRedirection;
    HMODULE                         kernelMod;
    BOOL                            success = TRUE;

    kernelMod = GetModuleHandleW(L"kernel32");
    if (kernelMod)
    {
        fnWow64RevertWow64FsRedirection = (LPWOW64REVERTWOW64FSREDIRECTION)GetProcAddress(kernelMod, "Wow64RevertWow64FsRedirection");
        if (fnWow64RevertWow64FsRedirection)
            success = fnWow64RevertWow64FsRedirection(OldValue);
    }

    return success;
#endif
}



回答2:


Simply if you want to check the operating system then check it and access the folder system32 is like:

string os = Environment.GetEnvironmentVariable("WINDIR") + "\\SysWOW64";
            if (Directory.Exists(os))
            {
                destinationDir = Path.Combine(Environment.ExpandEnvironmentVariables("%windir%"), "sysnative\\");
        }

By this you can copy the file in system32 folder.

Enjoy: Ali Raza




回答3:


this solution seems better for me: credit to Bevan Collins.

BOOL changeWow64Redirection(PVOID& param, BOOL toDisable = true)
{
#ifdef WIN64
  UNREFERENCED_PARAMETER(OldValue);
  return TRUE;
#else
  typedef BOOL (WINAPI * LPWOW64CHANGEWOW64FSREDIRECTION)(PVOID *);
  LPWOW64CHANGEWOW64FSREDIRECTION     fnWow64ChangeWow64FsRedirection;
  HMODULE                             kernelMod;
  BOOL                                success = FALSE;
  kernelMod = GetModuleHandle(_T("kernel32"));
  if (kernelMod)
  {
    if (toDisable)
      fnWow64ChangeWow64FsRedirection = (LPWOW64CHANGEWOW64FSREDIRECTION)GetProcAddress(kernelMod, "Wow64DisableWow64FsRedirection");
    else
      fnWow64ChangeWow64FsRedirection = (LPWOW64CHANGEWOW64FSREDIRECTION)GetProcAddress(kernelMod, "Wow64RevertWow64FsRedirection");
    if (fnWow64ChangeWow64FsRedirection)
      success = fnWow64ChangeWow64FsRedirection(&param);
  }
  return success;
#endif //WIN64
}


来源:https://stackoverflow.com/questions/7247057/why-copying-to-system32-automatically-copies-to-syswow64-instead

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!