Win32API question: accessing a PBOOL

[Phil Tomson]

I'm trying to call:
(from MSDN info):
" BOOL IsWow64Process(
HANDLE hProcess,
PBOOL Wow64Process
);

Parameters

hProcess
[in] Handle to a process.
Wow64Process
[out] Pointer to a value that is set to TRUE if the process is
running under WOW64. Otherwise, the value is set to FALSE.

Return Values

If the function succeeds, the return value is a nonzero value.

If the function fails, the return value is zero."

I can see that return value is 1 meaning that the call succeeded, but
I can't seem to get anything out of the Wow64Process parameter.

Here's the code snippet:

#########Should work on WinXP, other Wins will skip the relevant code
######
require 'Win32API'
begin
#only works on XP which is why we rescue:
Is64bit = Win32API.new("kernel32","IsWow64Process",['L','P'],'L')
rescue
puts "you're not on XP"
Is64bit = nil
isXP = false
else
puts "you're on XP, but is it 64 bit?"
isXP = true
end
#Now try to see if we're running on WinXP 64bit edition:
is64 = "f" #string to pass into the Wow64Process param
if isXP
puts "Possibly 64bit. Checking..."
result = Is64bit.call(GetCurrentProcess.call(),is64)
#is64 should be false on WinXP and true on WinXP-64bit#
puts "result is: #{result}, is64 is #{is64.unpack("L")}"
else
puts "Not 64bit"
end
#########end########

What I see (when it runs on an XP-64 box) is:

result is: 1, is64 is

So I can't seem to determine the result in the is64 param; I'd expect
either a 0 or 1.

What am I doing wrong?

Phil

 

[Park Heesob]

Hi,

I'm trying to call:
(from MSDN info):
" BOOL IsWow64Process(
HANDLE hProcess,
PBOOL Wow64Process
);

Parameters

hProcess
[in] Handle to a process.
Wow64Process
[out] Pointer to a value that is set to TRUE if the process is
running under WOW64. Otherwise, the value is set to FALSE.

Return Values

If the function succeeds, the return value is a nonzero value.

If the function fails, the return value is zero."

I can see that return value is 1 meaning that the call succeeded, but
I can't seem to get anything out of the Wow64Process parameter.

Here's the code snippet:

#########Should work on WinXP, other Wins will skip the relevant code
######
require 'Win32API'
begin
#only works on XP which is why we rescue:
Is64bit = Win32API.new("kernel32","IsWow64Process",['L','P'],'L')
rescue
puts "you're not on XP"
Is64bit = nil
isXP = false
else
puts "you're on XP, but is it 64 bit?"
isXP = true
end
#Now try to see if we're running on WinXP 64bit edition:
is64 = "f" #string to pass into the Wow64Process param
if isXP
puts "Possibly 64bit. Checking..."
result = Is64bit.call(GetCurrentProcess.call(),is64)
#is64 should be false on WinXP and true on WinXP-64bit#
puts "result is: #{result}, is64 is #{is64.unpack("L")}"
else
puts "Not 64bit"
end
#########end########

What I see (when it runs on an XP-64 box) is:

result is: 1, is64 is

So I can't seem to determine the result in the is64 param; I'd expect
either a 0 or 1.

What am I doing wrong?

Phil

I think the pointer type is 32 bit.

Here is sample code for
"BOOL GetSystemTimeAdjustment(
PDWORD lpTimeAdjustment,
PDWORD lpTimeIncrement,
PBOOL lpTimeAdjustmentDisabled
);"

====================================
require 'Win32API'


getSystemTimeAdjustment =
Win32API.new("kernel32","GetSystemTimeAdjustment",['P','P','P'],'L')

lpTimeAdjustment = "\0" * 4
lpTimeIncrement = "\0" * 4
lpTimeAdjustmentDisabled = "\0" * 4

p
getSystemTimeAdjustment.Call(lpTimeAdjustment,lpTimeIncrement,lpTimeAdjustme
ntDisabled)
p lpTimeAdjustment.unpack("L")[0]
p lpTimeIncrement.unpack("L")[0]
p lpTimeAdjustmentDisabled.unpack("L")[0]
=========================================

Regards,

Park Heesob

 

[Phil Tomson]

I'm trying to call:
(from MSDN info):
" BOOL IsWow64Process(
HANDLE hProcess,
PBOOL Wow64Process
);

Parameters

hProcess
[in] Handle to a process.
Wow64Process
[out] Pointer to a value that is set to TRUE if the process is
running under WOW64. Otherwise, the value is set to FALSE.

Return Values

If the function succeeds, the return value is a nonzero value.

If the function fails, the return value is zero."

I can see that return value is 1 meaning that the call succeeded, but
I can't seem to get anything out of the Wow64Process parameter.

Here's the code snippet:

#########Should work on WinXP, other Wins will skip the relevant code
######
require 'Win32API'
begin
#only works on XP which is why we rescue:
Is64bit = Win32API.new("kernel32","IsWow64Process",['L','P'],'L')
rescue
puts "you're not on XP"
Is64bit = nil
isXP = false
else
puts "you're on XP, but is it 64 bit?"
isXP = true
end
#Now try to see if we're running on WinXP 64bit edition:
is64 = "f" #string to pass into the Wow64Process param
if isXP
puts "Possibly 64bit. Checking..."
result = Is64bit.call(GetCurrentProcess.call(),is64)
#is64 should be false on WinXP and true on WinXP-64bit#
puts "result is: #{result}, is64 is #{is64.unpack("L")}"

Turns out I needed:
puts "result is: #{result}, is64 is #{is64.unpack("c")[0]}"

else
puts "Not 64bit"
end
#########end########

That works.

Phil