0

I know what I'm doing is weird, please don't worry about that. What is happening, however, is absolutely insane.

If I try to copy a DLL file from C:\SysWOW32\ from the command line using copy on Windows 7 64-bit, I actually end up getting the file that's in C:\System32\. Why is this happening?

OK - dumpbin is able to differentiate the DLL files

C:\Users\user\Desktop>dumpbin /headers C:\Windows\System32\opengl32.dll | grep machine
            8664 machine (x64)

C:\Users\user\Desktop>dumpbin /headers C:\Windows\SysWOW64\opengl32.dll | grep machine
             14C machine (x86)
             32 bit word machine

NOT OK - Other commands, like md5sum (from GOW) get the wrong bytes!

C:\Users\user\Desktop>md5sum C:\Windows\system32\opengl32.dll
\d1bbe227367ed791d5fcf08e132d2956 *C:\\Windows\\system32\\opengl32.dll

C:\Users\user\Desktop>md5sum C:\Windows\SysWow64\opengl32.dll
\d1bbe227367ed791d5fcf08e132d2956 *C:\\Windows\\SysWow64\\opengl32.dll

NOT OK - Copying a 64-bit DLL using the command line

C:\Users\user\Desktop>copy C:\Windows\System32\opengl32.dll .
        1 file(s) copied.

C:\Users\user\Desktop>dir opengl32.dll
07/13/2009  06:16 PM           791,552 opengl32.dll

C:\Users\user\Desktop>md5sum opengl32.dll
d1bbe227367ed791d5fcf08e132d2956 *opengl32.dll

C:\Users\user\Desktop>dumpbin /headers opengl32.dll | grep machine
             14C machine (x86)
             32 bit word machine

Wrong! Why did the 32-bit DLL get copied??

OK - Copying a 32-bit DLL using the command line

C:\Users\user\Desktop>copy C:\Windows\SysWOW64\opengl32.dll .
Overwrite .\opengl32.dll? (Yes/No/All): yes
        1 file(s) copied.

C:\Users\user\Desktop>dir opengl32.dll
07/13/2009  06:16 PM           791,552 opengl32.dll

C:\Users\user\Desktop>md5sum C:\Windows\System32\opengl32.dll
\d1bbe227367ed791d5fcf08e132d2956 *C:\\Windows\\System32\\opengl32.dll

C:\Users\user\Desktop>dumpbin /headers opengl32.dll | grep machine
             14C machine (x86)
             32 bit word machine

OK - Copying a 64-bit DLL using Explorer

<control-drag System32\opengl32.dll to desktop>

C:\Users\user\Desktop>dir opengl32.dll
07/13/2009  06:41 PM         1,039,872 opengl32.dll

C:\Users\user\Desktop>md5sum opengl32.dll
585fed4cdb8034b8b58aeb8008255817 *opengl32.dll

C:\Users\user\Desktop>dumpbin /headers opengl32.dll | grep machine
            8664 machine (x64)

OK - Copying a 32-bit DLL using Explorer

<control-drag SysWow64\opengl32.dll to desktop>

C:\Users\user\Desktop>dir opengl32.dll
07/13/2009  06:16 PM           791,552 opengl32.dll

C:\Users\user\Desktop>md5sum opengl32.dll
d1bbe227367ed791d5fcf08e132d2956 *opengl32.dll

C:\Users\user\Desktop>dumpbin /headers opengl32.dll | grep machine
             14C machine (x86)
             32 bit word machine

Can anyone explain what's happening here?

a paid nerd
  • 30,702
  • 30
  • 134
  • 179
  • Are you doing the `copy` operation from the `Visual Studio Command Prompt`? – Mathias R. Jessen May 06 '15 at 00:48
  • See answer for http://stackoverflow.com/questions/949959/why-do-64-bit-dlls-go-to-system32-and-32-bit-dlls-to-syswow64-on-64-bit-windows (access to system32 is redirected for 32 bit programs to syswow64). – lmz May 06 '15 at 00:50
  • @MathiasR.Jessen Yes, or I've at least sourced `vsvarsall.bat` from a regular prompt. – a paid nerd May 06 '15 at 00:55

1 Answers1

3

The behavior you see is caused by SysWOW64 File System Redirection

md5sum.exe is a 32-bit binary, so when it requests C:\Windows\System32\opengl32.dll, the file system returns C:\Windows\SysWOW64\opengl32.dll.

Similarly, if you launch a 32-bit prompt (C:\Windows\SysWOW64\cmd.exe), perform a copy operation and inputs the argument C:\Windows\System32\opengl32.dll, C:\Windows\SysWOW64\opengl32.dll is copied

Mathias R. Jessen
  • 157,619
  • 12
  • 148
  • 206
  • @apaidnerd Yes, the `Wow64DisableWow64FsRedirection` function is [pretty easy to work with as well](http://serverfault.com/questions/678529/powershell-script-not-working-when-launched-from-ssh-or-winexe-from-a-mac-or-l/678530#678530) – Mathias R. Jessen May 06 '15 at 01:22