[CPP]View PlainCopy
- BOOL iswow64processex (HANDLE hprocess)
- {
- //If the system is x86, then the process cannot have x64
- bool isX86 = false;
- #ifndef _win64
- isX86 = GetProcAddress (GetModuleHandle (TEXT ("Ntdll")), "ntwow64debuggercall") = = nullptr? True:false;
- #endif
- if (isX86)
- return FALSE;
- //Process architecture is unknown, the system is x64, you can use the Iswow64process function to determine
- typedef BOOL (WINAPI *iswow64process) (HANDLE, pbool);
- Iswow64process fniswow64process;
- BOOL isWow64 = TRUE;
- Fniswow64process = (iswow64process) GetProcAddress (GetModuleHandle (TEXT ("kernel32")), "iswow64process");
- if (fniswow64process! = nullptr)
- Fniswow64process (hprocess, &ISWOW64);
- return!iswow64;
- }
First use OpenProcess to open the target process, and then pass the handle in the OK.
http://blog.csdn.net/aqtata/article/details/18361209
A method that determines whether a specified process is x64 (Ntdll determines if a x64 function exists)