0

When searching for how to determine whether a process is a 64-bit or 32-bit process I saw a lot of suggestions to use the IsWow64Process function. In the documentation I saw this snippet about the value it sets:

A pointer to a value that is set to TRUE if the process is running under WOW64 on an Intel64 or x64 processor. If the process is running under 32-bit Windows, the value is set to FALSE. If the process is a 32-bit application running under 64-bit Windows 10 on ARM, the value is set to FALSE. If the process is a 64-bit application running under 64-bit Windows, the value is also set to FALSE.

Looking at that last sentence, it sounds like some 64-bit applications will have the same flag set as 32-bit applications! Is this really the case and, if so, how can I determine whether a process is truly 32-bit or 64?

chillsauce
  • 157
  • 1
  • 8
  • 2
    Does this answer your question? [How can I determine whether a process is 32 or 64 bit?](https://stackoverflow.com/questions/14184137/how-can-i-determine-whether-a-process-is-32-or-64-bit) – Axalo Mar 24 '20 at 05:11
  • 3
    WOW64 is a specific case of a 32 bit application running in an emulation layer on a 64 bit OS. – Jonathan Potter Mar 24 '20 at 05:41
  • You can disambiguate between a 32-bit application running on a 32-bit version of Windows and a 64-bit application running on a 64-bit version of Windows. At compile time. For the latter case the `_WIN64` preprocessor symbol is defined. See [How to detect programmatically whether you are running on 64-bit Windows](https://devblogs.microsoft.com/oldnewthing/20050201-00/?p=36553). – IInspectable Mar 24 '20 at 07:49

1 Answers1

3

Directly from the Microsoft Docs website:

IsWow64Process2 provides an improved direct replacement for IsWow64Process.

Also:

IsWow64Process2 removes the ambiguity inherent to multiple WOW environments by explicitly returning both the architecture of the host and guest for a given process.

With this new function, the confusion is cleared up as it returns the target process's architecture AND the machine's architecture. You can use those values to then verify if a 32-bit process is really running on a 64-bit cpu, or otherwise.

This is the link: IsWow64Process2

(Thanks @Remy Lebeau for clarification) However, since this function is not available on versions of Windows earlier than Windows 10 version 1511, you can use GetSystemInfo or GetNativeSystemInfo (WOW64 programs) to determine the CPU architecure. Then, you can use the information returned from IsWow64Process to determine the architecure of the target process.

Arush Agarampur
  • 1,340
  • 7
  • 20