Даже и не думайте пользоваться функцией Wow64DisableWow64FsRedirection!
?????? ???????????, ????????? ??????? ????? ???? ??????? Wow64DisableWow64FsRedirection. ??? ??????? ????????? ???????? ????????? ??????????????? ???????? ??????? ? Wow64. ??? ????? ???????????, ??? ???? ????? ???? ????????????? ??????????? ?????? ???? ???, ???? ????? ?????????? ??????????, ? ???, ??????????, ????????.
? ??? ??????? ?????????? ??-??????, ??? ??????????? ??????????????? ???????? ??????? ?? ???????? ???????? 32-? ?????? ????????? ?????????. ???, ??? ???????, ??????????? ?? system32 ? ?????? ??????????????? ?????/?????? ??????? ????????. ??-??????, ? ??? ????? ???????, ??????????? ????? ????? ????????? ???????????? ???? ????-????? ?? ??????? ????? Wow64DisableWow64FsRedirection ? Wow64RevertWow64FsRedirection.
«??? ??? ?????????» - ???????? ??, «???? ??? ??? ??????? ???? – ??? ???, ??? ?? ??????». ????? ??????. ??? ???????? ?????? ???????, ????? ????? ??????????? ??????? ???????? ????:
??????? ????? LoadLibrary. ?????? ??????? Win32 ???????? LoadLibrary. ???? ?? ???????? – Multimedia API. ?? ?? ????? ?????? ? ?????? ??????????, ???????? ??, ??? ???????????? ???????.
?????????? ???????? ????????? (Delayed Loading) – ??? ??????? ?????? ???????? ???????? ??????????. ???????? ?????? ? ???, ??? ???????? ????? ????????? ? ?????, ? ??? ????? ????? ???????????? ??????. ??? ??????????, ??? ??? ?????, ?????????? ?????????? ????????, ??? ??? ?? ?????????? ???????? ????????? ??????????.
??? ?????????? «DLL import forwarders» ????????? ??????? ??????????, ??? ??????? «Foo», ?????????????? ?? «Foo.dll», ?? ????? ???? ??????????? ? «Bar.dll». ? ?????????? ??? ??????? ???????? ????? ??????? «Foo», ????????? ?????????? ????????? «Bar.dll». ????????:
link /dump /exports c:\Windows\System32\kernel32.dll | findstr forwarded 1 0 AcquireSRWLockExclusive (forwarded to NTDLL.RtlAcquireSRWLockExclusive) 2 1 AcquireSRWLockShared (forwarded to NTDLL.RtlAcquireSRWLockShared) 14 D AddVectoredContinueHandler (forwarded to NTDLL.RtlAddVectoredContinueHandler) 15 E AddVectoredExceptionHandler (forwarded to NTDLL.RtlAddVectoredExceptionHandler) 70 45 CancelThreadpoolIo (forwarded to NTDLL.TpCancelAsyncIoOperation) 86 55 CloseThreadpool (forwarded to NTDLL.TpReleasePool) 87 56 CloseThreadpoolCleanupGroup (forwarded to NTDLL.TpReleaseCleanupGroup) 88 57 CloseThreadpoolCleanupGroupMembers (forwarded to NTDLL.TpReleaseCleanupGroupMembers) 89 58 CloseThreadpoolIo (forwarded to NTDLL.TpReleaseIoCompletion) 90 59 CloseThreadpoolTimer (forwarded to NTDLL.TpReleaseTimer) 91 5A CloseThreadpoolWait (forwarded to NTDLL.TpReleaseWait) 92 5B CloseThreadpoolWork (forwarded to NTDLL.TpReleaseWork)?????????????? ? COM ????????? ????? ????? ???????? ? ???????? ?????????????? ?????????. ? ???????, ??? ???? ????? QueryInterface ??? ????? ?????? ????? ???????????? ????????? ?? COM ?????????.
????????? ???? ? ?????? ??????? – ??????? ???? ? Windows. ?????????? ??? ????? ??????? LoadLibrary ? ????? ???????????? ??????. ? ???? ?????? ??????? ?? ??? ???, ?? ? ????? ?????? ???????????? ?????? ?????? ???? ??????????.
? ?.?. ? ?.?.
???????? ??? ? ? ???, ??? ???, ???????????? Wow64DisableWow64FsRedirection, ? ?????-??, ???????? ? ??????????? ???????. ??? ??? ??????????? ?? ????? ???????? ?? ??? ???, ???? ??? ?? ????? ??????? ? ?????????? ????????? ?? ?????? ?????????. ??? ???? ?? ?????? ????? ?????? ??, ???????????? ?????????? ??? ????????????? ??????, ??????? ????? ?????? ????????? ??? ? ??? ?????, ??? ?????? ?????? ?????? ?? ???????????.
PS. ? ????? ????? ???????????? Wow64DisableWow64FsRedirection? ???????????? ?????????????? ???????? – ????? CreateFile, ????????? ? Wow64DisableWow64FsRedirection ? Wow64RevertWow64FsRedirection.
Cross-posted from blog.not-a-kernel-guy.com.