Home
Blogs
Forums
News
Portfolios
Projects
Tutorials
34 users logged in
New? Learn about game development.
Before posting, review our community guidelines.
Follow Us
Chat in the GameDev.net Discord!
Mastodon
Back to General and Gameplay Programming

Wow64cpu module

Started by
7 comments, last by Idov 12 years, 4 months ago
Hi!
I have a process which debugs another 32bit process on windows7 (x64).
I paused the debugged process and watched it using ProcessMonitor.
In ProcessMonitor, on the top of the stack i see a method from wow64cpu.dll but my debugged process doesn't load this DLL!

I even wrote a litlle program in C# to show me what modules are loaded, and this DLL is not loaded.

How can the debbuged process use a method from that DLL>

what is going on??? :(
Advertisement
[color=#222222][font=arial, sans-serif][size=2]WOW64 == Windows 32-bit on Windows 64-bit

[/font]
[color=#222222][font=arial, sans-serif][size=2]Nothing is going on. Just ignore it! (It's the mechanism with which windows x64 emulates the 32bit DLL's required for the 32bit process). [/font]

[color="#222222"][font="arial, sans-serif"]WOW64 == Windows 32-bit on Windows 64-bit

[/font]
[color="#222222"][font="arial, sans-serif"]Nothing is going on. Just ignore it! (It's the mechanism with which windows x64 emulates the 32bit DLL's required for the 32bit process). [/font]



Ok, I want to ignore it. :)
But I need to identify it when it happens so I'll be able to associate addresses in the callstack with the module and ignore them.
Is it even possible getting the information about this module (base address and size) if it isn't really even loaded?

But I need to identify it when it happens so I'll be able to associate addresses in the callstack with the module and ignore them.
No you don't, because there aren't any.

You're not understanding, think of the wow64cpu dll as the emulator that allows your code to run. A program can't see into it's emulator.
"In order to understand recursion, you must first understand recursion."
My website dedicated to sorting algorithms

[quote name='Idov' timestamp='1323456580' post='4892280']
But I need to identify it when it happens so I'll be able to associate addresses in the callstack with the module and ignore them.
No you don't, because there aren't any.

You're not understanding, think of the wow64cpu dll as the emulator that allows your code to run. A program can't see into it's emulator.
[/quote]

what? wait...

Maybe there aren't any addresses from this module in the callstack (I suppose I really didn't see any in the callstack), but my EIP register of my debugged process' thread DOES point at an instruction in wow64cpu :)
Did you mean that I can't get the information about wow64cpu?
Think of it this way: if you took a digital logic analyzer and pointed it at the right spot on your CPU while executing a program, you could see the microcode instructions being shuffled around. Does this mean you can debug the microcode layer of the CPU circuit from your assembly language program?

Wielder of the Sacred Wands
[Work - ArenaNet] [Epoch Language] [Scribblings]

ok, so how can "ProcessHacker" or "ProcessExplorer" display stack frames from this wow64cpu?
On 64-bit computers, Process Explorer is a 64-bit program so it exists outside the 'emulator' and can see into it.

To get the full user-mode call stack of a WoW64 thread, call GetThreadContext and StackWalk64(IMAGE_FILE_MACHINE_X64, ...) (for the 64-bit code), then call Wow64GetContextThread and StackWalk64(IMAGE_FILE_MACHINE_I386, ...) (for the 32-bit code)

To get the kernel side stacks that Process Explorer also displays requires a driver and peeking into documented-but-not-officially-so structures.
Site : Blog - Twitter
ok, thanks :)

This topic is closed to new replies.

Advertisement

Popular Topics

Aybe One
How do you manage yourself and your time as years pass on? GDNet Lounge
Jikoob
Too many managers? General and Gameplay Programming
ReignOnU
Do your part to stop global warming and climate change GDNet Lounge
Konjointed
C++ how do you use dependency injection? For Beginners
aigan
The promise of freedom in story games Game Design and Theory
robertrobert
Facebook Ads for sales on steam, does it work? Games Business and Law
Advertisement

Recommended Tutorials

Myopic Rhino
How to Cache Graphical Tiles General and Gameplay Programming
Myopic Rhino
Interview with Alan Yu Interviews
Myopic Rhino
Targeting - A variation of dead reckoning Networking and Multiplayer
Myopic Rhino
Real-time Object Morphing Graphics and GPU Programming
GameDev.net
The Basics of GLSL 4.0 Shaders Graphics and GPU Programming

Reticulating splines

About GameDev.net
Community Guidelines
Terms of Service
Privacy Policy
Contact Us
Copyright (c) 1999-2024 GameDev.net, LLC
Back to Top