OS : Windows XP/2003/7/8/10 #9
Comments
|
I don't have Windows XP , can't test . |
|
The API "Wow64DisableWow64FsRedirection" does not exist in Windows XP X86-32 bit (it makes no sense if there is no Windows 32 on Windows 64), if you have it in XP X86-64 bit. https://stackoverflow.com/questions/25413612/wow64disablewow64fsredirection-on-32-bit-windows-xp Cheers. |
|
I can add - if Windows XP option not enabled in Config :-) |
|
Wow64disablewow64fsredir == 0x1 has no effect, in summary, ExeInfo PE does not load --_ (o_0) _-- |
|
Yes , static declaration function You can run Exeinfo after patch. not tested on Windows XP , but can be ok |
|
I have followed the instructions, the script complies, but, UPX fails. exeinfope_Fixed No repacked, running fails. Regards.
|
|
yea, Upx has bug , |
|
Wow, now everything works perfectly. exeinfope_Fixed, Repacking with UPX 4.10 Works. Thank you too much.
|
|
:-) |
|
nulling or changing the Wow64DisableWow64FsRedirection import in the binary is sort of a hacky way to fix this issue. You can change the code to load the API call if it exists. Something like this in C code: PVOID oldValue;
// NT 6.0+ only API; using address lookup call
HINSTANCE hDll = GetModuleHandleA("kernel32.dll");
Wow64DisableWow64FsRedirection_ wow64dwow64fsredir;
wow64dwow64fsredir = (Wow64DisableWow64FsRedirection_)GetProcAddress(hDll, "Wow64DisableWow64FsRedirection");
...
if (wow64dwow64fsredir != NULL) {
// call the function here if present
wow64dwow64fsredir(&oldValue);
}you can also do this for other NT6+ only API calls, but it might need more work depending on what the calls are. The source code hasn't been published so I can't know exactly how to implement this in your tool. |
You have broken the functionality on Windows XP x86-32 by using Wow64DisableWow64FsRedirection API.
Thank you in advance.
The text was updated successfully, but these errors were encountered: