64位系统上32位进程拷贝文件到System32目录时的重定向

最新推荐文章于 2023-05-17 18:26:54 发布

gfang

最新推荐文章于 2023-05-17 18:26:54 发布

阅读量1k

点赞数

本文链接：https://blog.csdn.net/fanggai/article/details/70048532

版权

64位系统上，32位进程拷贝文件到"System32"目录时，会被文件系统重定向到"SysWOW64"目录

要禁用这种重定向，需要用到下面2个API：

Wow64DisableWow64FsRedirection()

Wow64RevertWow64FsRedirection()

下面是微软的示例代码：

  #ifdef _WIN32_WINNT
  #undef _WIN32_WINNT
  #endif
  #define _WIN32_WINNT 0x0501
  
  #ifdef NTDDI_VERSION
  #undef NTDDI_VERSION
  #endif
  #define NTDDI_VERSION 0x05010000
  
  #include <Windows.h>
  
  void main()
  {
      HANDLE hFile = INVALID_HANDLE_VALUE;
      PVOID OldValue = NULL;
  
      //  Disable redirection immediately prior to the native API
  
      //  function call.
  
      if( Wow64DisableWow64FsRedirection(&OldValue) ) 
      {
          //  Any function calls in this block of code should be as concise
  
          //  and as simple as possible to avoid unintended results.
  
          hFile = CreateFile(TEXT("C:\\Windows\\System32\\Notepad.exe"),
              GENERIC_READ,
              FILE_SHARE_READ,
              NULL,
              OPEN_EXISTING,
              FILE_ATTRIBUTE_NORMAL,
              NULL);
  
          //  Immediately re-enable redirection. Note that any resources
  
          //  associated with OldValue are cleaned up by this call.
  
          if ( FALSE == Wow64RevertWow64FsRedirection(OldValue) )
          {
              //  Failure to re-enable redirection should be considered
  
              //  a criticial failure and execution aborted.
  
              return;
          }
      }
      
      //  The handle, if valid, now can be used as usual, and without
  
      //  leaving redirection disabled. 
  
      if( INVALID_HANDLE_VALUE != hFile )  
      {
          // Use the file handle
  
      }
  }