1、使用 IsWow64Process2
说明
Determines whether the specified process is running under WOW64; also returns additional machine process and architecture information.
语法
BOOL IsWow64Process2(
HANDLE hProcess,
USHORT *pProcessMachine,
USHORT *pNativeMachine
);
参数
hProcess
A handle to the process. The handle must have the PROCESS_QUERY_INFORMATION or PROCESS_QUERY_LIMITED_INFORMATION access right. For more information, see Process Security and Access Rights.
pProcessMachine
On success, returns a pointer to an IMAGE_FILE_MACHINE_* value. The value will be IMAGE_FILE_MACHINE_UNKNOWN if the target process is not a WOW64 process; otherwise, it will identify the type of WoW process.
pNativeMachine
On success, returns a pointer to a possible IMAGE_FILE_MACHINE_* value identifying the native architecture of host system.
Return Value
If the function succeeds, the return value is a nonzero value.
If the function fails, the return value is zero. To get extended error information, call GetLastError.
Remarks
IsWow64Process2 provides an improved direct replacement for IsWow64Process. In addition to determining if the specified process is running under WOW64, IsWow64Process2 returns the following information:
- Whether the target process, specified by hProcess, is running under Wow or not.
- The architecture of the target process.
- Optionally, the architecture of the host system.
Requirements
| Minimum supported client | Windows 10, version 1511 [desktop apps | UWP apps] |
|---|---|
| Minimum supported server | Windows Server 2016 [desktop apps | UWP apps] |
例子:
USHORT uProcessMachine = 0;
USHORT uNativeMachine = 0;
if (IsWow64Process2(GetCurrentProcess(), &uProcessMachine, &uNativeMachine))
{
std::cout << std::hex << "uProcessMachine: 0x" << uProcessMachine << std::endl;
std::cout << std::hex << "uNativeMachine: 0x" << uNativeMachine << std::endl;
}
2、使用 IsWow64Process
代码
// hProcess 如果参数为null,INVALID_HANDLE_VALUE 函数将使用 GetCurrentProcess
// Wow64Process指向一个bool值,
// 如果该进程是32位进程,运行在64操作系统下,该值为true,否则为false。
// 如果该进程是一个64位应用程序,运行在64位系统上,该值也被设置为false。
// 返回值:如果函数成功返回值为非零值。
// 如果该函数失败,则返回值为零。要获取扩展的错误的信息,请调用GetLastError.
BOOL IsWow64Process(__in HANDLE hProcess, __out PBOOL Wow64Process)
{
if (INVALID_HANDLE_VALUE == hProcess || nullptr == hProcess)
hProcess = ::GetCurrentProcess();
BOOL bRet = FALSE;
HMODULE hKernel32 = NULL;
typedef BOOL(WINAPI *LPFN_ISWOW64PROCESS) (HANDLE, PBOOL);
do
{
hKernel32 = ::LoadLibrary(TEXT("Kernel32.dll"));
if (NULL == hKernel32)
break;
LPFN_ISWOW64PROCESS lpIsWow64Process = (LPFN_ISWOW64PROCESS)::GetProcAddress(hKernel32, "IsWow64Process");
if (NULL == lpIsWow64Process)
break;
bRet = lpIsWow64Process(hProcess, Wow64Process);
} while (FALSE);
if (NULL != hKernel32)
::FreeLibrary(hKernel32);
return bRet;
}
