wow64ext v1.0.0.4 – bugfix release

Bugfix release, there was a problem with GetModuleHandle64 in the previous version of the library (only v1.0.0.3 was affected). Basically I’ve failed at InLoadOrderModuleList iteration and I was skipping the last element, which is (usually) wow64cpu.dll.

Link to library hosted on google code:
Direct link to zip package:

Comments (4)

  1. 18:04, November 5, 2013Awk  / Reply

    Thanks! For Quick Bug Fix

  2. 18:14, November 5, 2013Awk  / Reply


    Sorry again but think there must be another bug\error with hooking:

    __declspec(naked) void Callback()
    __asm mov eax, 0
    DWORD64 s = GetProcAddress64(GetModuleHandle64(L"wow64cpu.dll"),"TurboDispatchJumpAddressStart");
    LPVOID sz = (LPVOID) s;
    LPVOID cake = Callback;
    HANDLE Handle = OpenProcess(PROCESS_ALL_ACCESS,false,GetCurrentProcessId());
    DWORD dwOldProtect = {0};
    *(BYTE*)(s) = 0xE9;
    *(DWORD*)(s+1) = ((DWORD)cake - ((DWORD)sz + 5));

    Error info: Unhandled exception at 0x0112E081 in wow64ext.exe: 0xC0000005: Access violation writing location 0x00002014.

    • 18:39, November 5, 2013ReWolf  / Reply

      • 19:22, November 5, 2013Awk  / Reply

        Okay, Your Library is perfect, it is the Microsoft Visual Studio 2012 LOL. I see the EIP hit my Callback, but VS cannot “emulate”\”understand” the x64 due to the VS Debug DLL being x86 thus the Exceptions and such.

        However, I am getting confused that VS was able to before somehow get the breakpoint being pointed towards the callback but suddenly now it fails. No clue, though.

Leave a Reply

Allowed Tags - You may use these HTML tags and attributes in your comment.

<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

Pingbacks (0)

› No pingbacks yet.