On 10/28/20 2:26 AM, Dmitry Timoshkov wrote:
Zebediah Figura z.figura12@gmail.com wrote:
+#ifndef _WIN64 +void *Wow64Transition; +#endif
/***********************************************************************
restart_winevdm@@ -4061,6 +4064,14 @@ static NTSTATUS process_init(void) status = build_builtin_module( params->DllPath.Buffer, &nt_name, meminfo.AllocationBase, 0, &wm ); assert( !status );
+#ifndef _WIN64
- if ((status = load_dll( params->DllPath.Buffer, L"C:\windows\system32\wow64cpu.dll",
NULL, 0, &wm )) == STATUS_SUCCESS)Wow64Transition = wm->ldr.DllBase;- else
WARN( "could not load wow64cpu.dll, status %#x\n", status );+#endif
According to your test Wow64Transition is supposed to hold the pointer to pointer containing wow64cpu's base. What's the correct interpretation of Wow64Transition?
It's apparently supposed to be a function pointer in wow64cpu.dll, probably a 32-to-64 system call thunk. I.e. it's not supposed to point to the DLL base, probably; it's just easier to set it to that, and League of Legends is happy enough with it.
Note that the extra level of indirection apparent in the tests is just due to GetProcAddress().