#1
|
|||
|
|||
Process type detaction
https://ibb.co/y5sjcsW
Code:
bool is64BitProcess(DWORD pid) { BOOL f64 = FALSE; //fnIsWow64Process =(LPFN_ISWOW64PROCESS) GetProcAddress(GetModuleHandle(L"kernelbase.dll"), "IsWow64Process"); HANDLE hProcess = OpenProcess(PROCESS_ALL_ACCESS, FALSE, pid); if (hProcess == 0) return -1; IsWow64Process(hProcess, &f64) ; return f64; } Here whole Sorce code https://www.mediafire.com/file/z4ul73x3dra8imx/CppCLR_WinformsProject2.rar/file compile with VS2019 x64bit. |
#2
|
|||
|
|||
Some recommendations:
1) instead of calling GetProcAddress() on each call, better do it once (eg add this checkup: if (fnIsWow64Process != nullptr) fnIsWow64Process =(LPFN_ISWOW64PROCESS) GetProcAddress(GetModuleHandle(L"kernel32"), "IsWow64Process"); 2) the recommendation is to use the PROCESS_QUERY_LIMITED_INFORMATION for desired access, not PROCESS_ALL_ACCESS 3) I guess you need to check the result of winapi call, eg: if (!IsWow64Process(hProcess, &f64)) { //error here } 4) instead of "kernelbase.dll" use "kernel32" string Last edited by sendersu; 10-28-2022 at 03:13. |
The Following User Says Thank You to sendersu For This Useful Post: | ||
tonyweb (10-28-2022) |
#3
|
||||
|
||||
Perhaps try this.. might prove more accurate:
Code:
/* * PsIsProcess32bit * * Purpose: * * Return TRUE if process is wow64. * */ BOOL PsIsProcess32bit( _In_ HANDLE hProcess ) { NTSTATUS Status; PROCESS_EXTENDED_BASIC_INFORMATION pebi{}; if (hProcess == NULL) { return FALSE; } RtlSecureZeroMemory(&pebi, sizeof(pebi)); pebi.Size = sizeof(PROCESS_EXTENDED_BASIC_INFORMATION); Status = NtQueryInformationProcess(hProcess, ProcessBasicInformation, &pebi, sizeof(pebi), NULL); if (NT_SUCCESS(Status)) { return (pebi.IsWow64Process == 1); } return FALSE; } Quote:
__________________
Best Wishes, Fyyre -- https://github.com/Fyyre |
The Following User Gave Reputation+1 to Fyyre For This Useful Post: | ||
user1 (10-30-2022) |
The Following 3 Users Say Thank You to Fyyre For This Useful Post: | ||
Tags |
.net, c++, cli, x64 |
Thread Tools | |
Display Modes | |
|
|