Recent

« previous next »
Pages: [1]

Author Topic: [Windows Vista 64] Trying to use IsWow64Process  (Read 8314 times)

Hiam87

  • New member
  • *
  • Posts: 7
[Windows Vista 64] Trying to use IsWow64Process
« on: July 09, 2009, 08:38:22 pm »
I can't find the reason to why this should not work:

Code: [Select]
unit Code;

{$MODE Delphi}{$H+}

interface

uses
  Classes, SysUtils, LResources, Forms, Controls, Graphics, Dialogs, StdCtrls,
  Windows;

type

  { TForm1 }

  TForm1 = class(TForm)
    Button1: TButton;
    Button2: TButton;
    procedure Button1Click(Sender: TObject);
  private
    { private declarations }
  public
    { public declarations }
  end;

var
  Form1: TForm1;

implementation

{ TForm1 }

function IsWow64Process(hProcess: THandle; out Wow64Process: BOOL): BOOL;
external 'kernel32.dll' name 'IsWow64Process';

function IntToHex(dwValue, dwDigits: DWord): String; stdcall;
const
  hex: array[0..$F] of char = ('0','1','2','3','4','5','6','7','8','9','A','B','C','D','E','F');
begin
  if (dwDigits > 8) then
    dwDigits := 8;
  Result := Copy(
       hex[(dwValue and $F0000000) shr 28]+
       hex[(dwValue and $0F000000) shr 24]+
       hex[(dwValue and $00F00000) shr 20]+
       hex[(dwValue and $000F0000) shr 16]+
       hex[(dwValue and $0000F000) shr 12]+
       hex[(dwValue and $00000F00) shr 8]+
       hex[(dwValue and $000000F0) shr 4]+
       hex[(dwValue and $0000000F) shr 0],9-dwDigits,dwDigits);
end;

function EnabledDebugPrivilege(const bEnabled: Boolean):Boolean;  //提升权限
var
  hToken: THandle;
  tp: TOKEN_PRIVILEGES;
  a: DWORD;
const
  SE_DEBUG_NAME = 'SeDebugPrivilege';
begin
  Result:=False;
  if (OpenProcessToken(GetCurrentProcess, TOKEN_ADJUST_PRIVILEGES, hToken)) then
  begin
    tp.PrivilegeCount :=1;
    LookupPrivilegeValue(nil, SE_DEBUG_NAME, tp.Privileges[0].Luid);
    if bEnabled then
      tp.Privileges[0].Attributes := SE_PRIVILEGE_ENABLED
    else
      tp.Privileges[0].Attributes := 0;
    a:=0;
    AdjustTokenPrivileges(hToken, False, @tp, SizeOf(tp), nil, @a);
    Result:= GetLastError = ERROR_SUCCESS;
    CloseHandle(hToken);
  end;
end;

procedure TForm1.Button1Click(Sender: TObject);
var
IsWow64Result: Bool;
ProcessH: THandle;
ProcID: DWORD;
noteh: hwnd;
ThreadId: dword;
begin
EnabledDebugPrivilege(true);
noteh := FindWindow(nil,'Untitled - Notepad');
ThreadId := GetWindowThreadProcessId(noteh,@ProcID);
ProcessH := OpenProcess(PROCESS_ALL_ACCESS, False, ProcID);
IsWow64Process(ProcessH,IsWow64Result);
if(IsWow64Result = true)then
begin
ShowMessage('Yes it is a 64');
end;
end;

initialization
  {$I code.lrs}

end.     

Yet it does not. Does anyone have a clue?
Logged

Marc

  • Administrator
  • Hero Member
  • *
  • Posts: 2583
Re: [Windows Vista 64] Trying to use IsWow64Process
« Reply #1 on: July 10, 2009, 02:04:52 am »
why using this
Code: [Select]
  noteh := FindWindow(nil,'Untitled - Notepad');
  ThreadId := GetWindowThreadProcessId(noteh,@ProcID);
  ProcessH := OpenProcess(PROCESS_ALL_ACCESS, False, ProcID);
And not checking your own exe by
Code: [Select]

  ProcessH := GetCurrentProcess;

notepad is a win64 executable, so it is not running in a WOW64, so checking for it fails.
If you compile your app wint a 32bit version of fpc it is running in the WOW64

BTW: formatting a hex string can be done by IntToHex(int, digits)

BTW2: it is not needed to compare a boolean to True (since the outcome is a boolean too)
Code: [Select]
if(IsWow64Result = true)thenis the same as
Code: [Select]
if IsWow64Result then
Logged
//--
{$I stdsig.inc}
//-I still can't read someones mind
//-Bugs reported here will be forgotten. Use the bug tracker

Hiam87

  • New member
  • *
  • Posts: 7
Re: [Windows Vista 64] Trying to use IsWow64Process
« Reply #2 on: July 10, 2009, 08:08:00 pm »
Quote from: Marc on July 10, 2009, 02:04:52 am
why using this
Code: [Select]
 noteh := FindWindow(nil,'Untitled - Notepad');
  ThreadId := GetWindowThreadProcessId(noteh,@ProcID);
  ProcessH := OpenProcess(PROCESS_ALL_ACCESS, False, ProcID);
And not checking your own exe by
Code: [Select]

  ProcessH := GetCurrentProcess;

notepad is a win64 executable, so it is not running in a WOW64, so checking for it fails.
If you compile your app wint a 32bit version of fpc it is running in the WOW64

BTW: formatting a hex string can be done by IntToHex(int, digits)

BTW2: it is not needed to compare a boolean to True (since the outcome is a boolean too)
Code: [Select]
if(IsWow64Result = true)thenis the same as
Code: [Select]
if IsWow64Result then

First of all, thanks for your feedback. Allright, so when compiling a x64-binary you can't use the function? Never saw anything about it, so thanks for clearing that up.  

Why im using OpenProcess and etc? Because im after the handle fo another application and not my own.
But the handle of in this case, as an example, notepad.

As for "BTW" I'm using my own IntToHex as a begining to cut down on not necessery libraries.

As for BTW, i know, i just like to see what the code do in clear text before i optimze it, i'm terrible at speed-optimized code.
All in all, thanks for your response :)
« Last Edit: July 10, 2009, 10:25:50 pm by Hiam87 »
Logged

Marc

  • Administrator
  • Hero Member
  • *
  • Posts: 2583
Re: [Windows Vista 64] Trying to use IsWow64Process
« Reply #3 on: July 11, 2009, 02:12:50 am »
Quote
First of all, thanks for your feedback. Allright, so when compiling a x64-binary you can't use the function? Never saw anything about it, so thanks for clearing that up. 
You can use the function but it will return False for 64bit exes. THe wow64 runs an 32bit exe in an 64bit environment, so 64bit exes never need to use the wow64.

Quote
As for "BTW" I'm using my own IntToHex as a begining to cut down on not necessery libraries.
By using lazarus, there is a big chance that you already have that function included in your exe
Logged
//--
{$I stdsig.inc}
//-I still can't read someones mind
//-Bugs reported here will be forgotten. Use the bug tracker
Pages: [1]
« previous next »
 

TinyPortal © 2005-2018