New version of wow64ext library is available for download:
http://rewolf.pl/stuff/rewolf.wow64ext.v1.0.0.5.zip
Changelog
- Added VirtualProtectEx64
- Bugfix for ReadProcessMemory64 / WriteProcessMemory64 – lpNumberOfBytesRead / lpNumberOfBytesWritten is declared as SIZE_T pointer. SIZE_T on x64 platforms is 64bit value, but wow64ext library is 32bit, so SIZE_T will be 32bit. Passing this pointer directly to the x64 version of NtReadVirtualMemory / NtWriteVirtualMemory would lead to a buffer overflow. To keep backward compatibility, I’ve introduced intermediate DWORD64 value that is used internally by ReadProcessMemory64 / WriteProcessMemory64, result is cropped to 32bit value, but it shouldn’t be a problem most cases.
Link to described fix:
https://code.google.com/p/rewolf-wow64ext/source/detail?r=474542f2eb4fc29fd1dde4cd852c419bd6ad1ea0#
i’ve discovered some strange issue – when i enabled GlobalFlag=2 for my application, in order to see ldr debug output, calling GetProcAddress64 gives me fault while calling LdrGetProcedureAddress (unhandled exception 0x80000002: datatype misaligned). windbg shows that exception occured in ntdll.dll, while executing sse code with not 16-byte aligned argument.
I’ll check it and let you know what could possibly go wrong.
i’ve found problem in X64Call. You are incorrectly aligning stack. Stack must be aligned to 16 (not 8 bytes). rsp before “call func” in X64Call must be (rsp%16)==0.
Thanks for the info! I’ll fix & release it asap.
Stack should be aligned by 16 minus 8.
The 8 is reserved for return address when CALL is executed.
Thanks, this was fixed in v1.0.0.6