Zebediah Figura <z.figura12(a)gmail.com> wrote:
+#ifndef _WIN64 +void *Wow64Transition; +#endif
/*********************************************************************** * restart_winevdm @@ -4061,6 +4064,14 @@ static NTSTATUS process_init(void) status = build_builtin_module( params->DllPath.Buffer, &nt_name, meminfo.AllocationBase, 0, &wm ); assert( !status );
+#ifndef _WIN64 + if ((status = load_dll( params->DllPath.Buffer, L"C:\\windows\\system32\\wow64cpu.dll", + NULL, 0, &wm )) == STATUS_SUCCESS) + Wow64Transition = wm->ldr.DllBase; + else + WARN( "could not load wow64cpu.dll, status %#x\n", status ); +#endif
According to your test Wow64Transition is supposed to hold the pointer to pointer containing wow64cpu's base. What's the correct interpretation of Wow64Transition? -- Dmitry.