32位系统上的Wow64:还原

时间:2017-04-09 21:15:57

标签: c++ windows 32bit-64bit 32-bit

该线程解释了如何管理Wow64DisableWow64FsRedirection函数以在32位和64位系统上工作: Wow64DisableWow64FsRedirection on 32-bit Windows XP

但是,在禁用Wow64之后,它们似乎没有恢复。

通常,代码是:

PVOID pOldValue = NULL;
Wow64DisableWow64FsRedirection(&pOldValue);
std::string path = C:/Windows/system32/prog.exe;
ShellExecuteA(NULL, ("open"), LPCSTR(path.c_str()), NULL, NULL, SW_SHOWNORMAL);
Wow64RevertWow64FsRedirection(pOldValue);

然而,使用另一个帖子中显示的代码,不是"还原":

typedef BOOL WINAPI fntype_Wow64DisableWow64FsRedirection(PVOID *OldValue);
auto pfnWow64DisableWow64FsRedirection = (fntype_Wow64DisableWow64FsRedirection*)GetProcAddress(GetModuleHandleA("kernel32.dll"), "Wow64DisableWow64FsRedirection");

if (pfnWow64DisableWow64FsRedirection) {
   // function found, call it via pointer
   PVOID arg;
   (*pfnWow64DisableWow64FsRedirection)(&arg);
    std::string path = C:/Windows/system32/prog.exe;
ShellExecuteA(NULL, ("open"), LPCSTR(path.c_str()), NULL, NULL, SW_SHOWNORMAL);
}

我想我应该做以下事情,但我不确定所有*和& 

typedef BOOL WINAPI fntype_Wow64DisableWow64FsRedirection(PVOID *OldValue);
auto pfnWow64DisableWow64FsRedirection =(fntype_Wow64DisableWow64FsRedirection*)GetProcAddress(GetModuleHandleA("kernel32.dll"), "Wow64DisableWow64FsRedirection");

typedef BOOL WINAPI fntype_Wow64RevertWow64FsRedirection(PVOID OldValue);
auto pfnWow64RevertWow64FsRedirection = (fntype_Wow64RevertWow64FsRedirection*)GetProcAddress(GetModuleHandleA("kernel32.dll"), "Wow64RevertWow64FsRedirection");

if (pfnWow64DisableWow64FsRedirection) 
{
    // function found, call it via pointer
    PVOID arg;
    (*pfnWow64DisableWow64FsRedirection)(&arg);
    std::string path = C:/Windows/system32/prog.exe;
    ShellExecuteA(NULL, ("open"), LPCSTR(path.c_str()), NULL, NULL, SW_SHOWNORMAL);
    ShellExecuteA(NULL, ("open"), LPCSTR(path.c_str()), NULL, NULL, SW_SHOWNORMAL);
    (*pfnWow64RevertWow64FsRedirection)(arg);
}

非常感谢,

亚历

1 个答案:

答案 0 :(得分:0)

You must detect a run-time whether the function is available or not.

This can be done by getting the functions address by calling LoadLibrary + GetProcAddress. Normally delay loading would be a alternative but it is not supported on kernel32.dll.

typedef BOOL (WINAPI*W64DW64FR)(PVOID *OldValue);
W64DW64FR w64dw64fr = (W64DW64FR) GetProcAddress(LoadLibraryA("kernel32"), "Wow64DisableWow64FsRedirection");

if (w64dw64fr) 
{
   PVOID old;
   w64dw64fr(&old);
}
相关问题
最新问题