[英]How do I tell which actual dll is being returned (x86 v x64)?
Let's focus on one dll: C:\\Windows\\System32\\wbem\\wmiutils.dll. 让我们专注于一个dll:C:\\ Windows \\ System32 \\ wbem \\ wmiutils.dll。 Why?
为什么? Because it's the file in which I personally discovered Windows delivers a different dll depending on process architecture.
因为这是我亲自发现的文件,Windows根据进程体系结构提供了不同的dll。
TLDR; TLDR; Is there a way to programmatically determine the actual path of the dll that was returned by the file system redirector?
有没有办法以编程方式确定文件系统重定向器返回的dll的实际路径?
I understand that if launched as a x86 process, I get C:\\Windows\\SysWOW64\\wbem\\wmiutils.dll. 我了解如果以x86进程启动,则会得到C:\\ Windows \\ SysWOW64 \\ wbem \\ wmiutils.dll。 And, if launched as a x64 process, I get C:\\Windows\\System32\\wbem\\wmiutils.dll.
而且,如果以x64进程启动,我会得到C:\\ Windows \\ System32 \\ wbem \\ wmiutils.dll。
I need to determine which wmiutils.dll I'm actually looking at. 我需要确定我实际上正在看哪个wmiutils.dll。 The redirector makes system32\\wbem\\wmiutils.dll look and feel identical but it's not.
重定向程序使system32 \\ wbem \\ wmiutils.dll外观相同,但事实并非如此。 If I use parent path, I get C:\\Windows\\System32\\wbem even though I may/may not be looking at C:\\Windows\\SysWOW64\\wbem.
如果我使用父路径,即使我可能/可能不在查看C:\\ Windows \\ SysWOW64 \\ wbem,我也会得到C:\\ Windows \\ System32 \\ wbem。
Any sweet python magic to make this happen? 任何甜美的Python魔术都能做到这一点? I can't seem to see anything from other languages I can port.
我似乎看不到我可以移植的其他语言的任何内容。 Based on my use case, I've come up with a couple hacks but they're just that.
根据我的用例,我提出了一些技巧,但仅此而已。 Hoping somebody has found a solution as easy as parent path that actually works in this case.
希望有人找到了在这种情况下实际可行的解决方案,就像父路径一样简单。
import ctypes, hashlib
k32 = ctypes.windll.kernel32
oldValue = ctypes.c_long(0)
k32.Wow64DisableWow64FsRedirection(ctypes.byref(oldValue)) # Should open 32-bit
with open(r"C:\Windows\System32\wbem\wmiutil.dll", "rb") as f:
checksum32 = hashlib.md5(f.read()).hexdigest()
k32.Wow64RevertWow64FsRedirection(oldValue) # Should use what Windows thinks you need
with open(r"C:\Windows\System32\wbem\wmiutil.dll", "rb") as f:
checksum64 = hashlib.md5(f.read()).hexdigest()
if (checksum32 != checksum64):
print("You're running 64bit wmiutil dll")
I don't have Windows Python to test this, but it should work according to https://msdn.microsoft.com/en-us/library/windows/desktop/aa365745%28v=vs.85%29.aspx . 我没有Windows Python可以对此进行测试,但是它应该可以根据https://msdn.microsoft.com/en-us/library/windows/desktop/aa365745%28v=vs.85%29.aspx进行工作。
I think an easier way would be to just do some test like creating a struct and seeing if it's 8 bytes or 4 bytes. 我认为更简单的方法是进行一些测试,例如创建结构并查看它是8字节还是4字节。 Then you can assume that Windows is using the 64-bit version of DLLs if it's 8 bytes.
然后,可以假定Windows使用的是8位字节的DLL的64位版本。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.