IsWow64Process

From aldeid
Jump to navigation Jump to search

Description

Determines whether the specified process is running under WOW64. In other terms, it tells whether the process is running as a 32-bit process on a 64-bit system.

Syntax

BOOL WINAPI IsWow64Process(
  _In_  HANDLE hProcess,
  _Out_ PBOOL  Wow64Process
);

Parameters

hProcess [in]
A handle to the process. The handle must have the PROCESS_QUERY_INFORMATION or PROCESS_QUERY_LIMITED_INFORMATION access right.
Windows Server 2003 and Windows XP: The handle must have the PROCESS_QUERY_INFORMATION access right.
Wow64Process [out]
A pointer to a value that is set to TRUE if the process is running under WOW64. If the process is running under 32-bit Windows, the value is set to FALSE. If the process is a 64-bit application running under 64-bit Windows, the value is also set to FALSE.

Return value

If the function succeeds, the return value is a nonzero value.

If the function fails, the return value is zero. To get extended error information, call GetLastError.

Example

Below is a malware extract using IsWow64Process to determine its environment: