WOW64的32位程序其實擁有64位程序的全部功能
包括32注入64位、枚舉64位進程模塊、Hook64位模塊、調用64位API等等等等....
因為WOW64程序不是完全的虛擬化的，是偽虛擬化，本身就是一個64位進程
只是自己以為是32位程序而已
就如黑客帝國里面一樣，只要你意識到了，就能超越你認為所不能的。

RtlGetNativeSystemInformation = _NtWow64GetNativeSystemInformation@16 RtlQueueApcWow64Thread = _RtlQueueApcWow64Thread@20 RtlWow64CallFunction64 = _RtlWow64CallFunction64@28 RtlWow64EnableFsRedirection = _RtlWow64EnableFsRedirection@4 RtlWow64EnableFsRedirectionEx = _RtlWow64EnableFsRedirectionEx@8 RtlWow64LogMessageInEventLogger = _RtlWow64LogMessageInEventLogger@12 ZwWow64CallFunction64 = _ZwWow64CallFunction64@28 ZwWow64CsrAllocateCaptureBuffer = _NtWow64CsrAllocateCaptureBuffer@8 ZwWow64CsrAllocateMessagePointer = _ZwWow64CsrAllocateMessagePointer@12 ZwWow64CsrCaptureMessageBuffer = _ZwWow64CsrCaptureMessageBuffer@16 ZwWow64CsrCaptureMessageString = _NtWow64CsrCaptureMessageString@20 ZwWow64CsrClientCallServer = _ZwWow64CsrClientCallServer@16 ZwWow64CsrClientConnectToServer = _ZwWow64CsrClientConnectToServer@20 ZwWow64CsrFreeCaptureBuffer = _NtWow64CsrFreeCaptureBuffer@4 ZwWow64CsrGetProcessId = _NtWow64CsrGetProcessId@0 ZwWow64CsrIdentifyAlertableThread = _ZwWow64CsrIdentifyAlertableThread@0 ZwWow64CsrVerifyRegion = _NtWow64CsrVerifyRegion@8 ZwWow64DebuggerCall = _ZwWow64DebuggerCall@20 ZwWow64GetCurrentProcessorNumberEx = _NtWow64GetCurrentProcessorNumberEx@4 ZwWow64GetNativeSystemInformation = _NtWow64GetNativeSystemInformation@16 ZwWow64InterlockedPopEntrySList = _NtWow64InterlockedPopEntrySList@4 ZwWow64QueryInformationProcess64 = _NtWow64QueryInformationProcess64@20 ZwWow64QueryVirtualMemory64 = _ZwWow64QueryVirtualMemory64@32 ZwWow64ReadVirtualMemory64 = _ZwWow64ReadVirtualMemory64@28 ZwWow64WriteVirtualMemory64 = _NtWow64WriteVirtualMemory64@28

?

轉載于:https://www.cnblogs.com/Yvanlin/p/4075189.html

總結

以上是生活随笔為你收集整理的wow64的全部內容，希望文章能夠幫你解決所遇到的問題。

如果覺得生活随笔網站內容還不錯，歡迎將生活随笔推薦給好友。