Some of you probably know that there is no easy way to read, write or enumerate memory regions of native x64 processes from x86 process that is running under WOW64 layer. Probably the only way it can be done is to use hack that I’ve described few months ago (Mixing x86 with x64 code). In that case there will be need to get address of x64 version of NtReadVirtualMemory / NtWriteVirtualMemory / NtQueryVirtualMemory and call it through X64Call(). Including all those hacky lines of code into even very small project doesn’t sound good even for me :) So I’ve decided to wrap it into glossy, shiny library called WOW64Ext.dll.
Library is very small and can be downloaded from http://code.google.com/p/rewolf-wow64ext/. For now it includes only 6 functions:
Description of all functions can be found on a wiki page http://code.google.com/p/rewolf-wow64ext/wiki/ExportedFunctions. There is also sample application that utilizes described library to enumerate and dump all allocated memory regions from both x86 and x64 processes http://code.google.com/p/rewolf-wow64ext/source/browse/sample/main.cpp. I’m planning to extend this library over time with some more functions, but it will probably depends on my needs and requests from users (if there will be any users of course :))
Library is licensed unde LGPL, so you may use even in commercial projects.