Question about the IsWow64Process function

Question

When searching for how to determine whether a process is a 64-bit or 32-bit process I saw a lot of suggestions to use the IsWow64Process function. In the documentation I saw this snippet about the value it sets:

A pointer to a value that is set to TRUE if the process is running under WOW64 on an Intel64 or x64 processor. If the process is running under 32-bit Windows, the value is set to FALSE. If the process is a 32-bit application running under 64-bit Windows 10 on ARM, the value is set to FALSE. If the process is a 64-bit application running under 64-bit Windows, the value is also set to FALSE.

Looking at that last sentence, it sounds like some 64-bit applications will have the same flag set as 32-bit applications! Is this really the case and, if so, how can I determine whether a process is truly 32-bit or 64?

Answer 1

Directly from the Microsoft Docs website:

IsWow64Process2 provides an improved direct replacement for IsWow64Process.

Also:

IsWow64Process2 removes the ambiguity inherent to multiple WOW environments by explicitly returning both the architecture of the host and guest for a given process.

With this new function, the confusion is cleared up as it returns the target process's architecture AND the machine's architecture. You can use those values to then verify if a 32-bit process is really running on a 64-bit cpu, or otherwise.

This is the link: IsWow64Process2

---

(Thanks @Remy Lebeau for clarification) However, since this function is not available on versions of Windows earlier than Windows 10 version 1511, you can use GetSystemInfo or GetNativeSystemInfo (WOW64 programs) to determine the CPU architecure. Then, you can use the information returned from IsWow64Process to determine the architecure of the target process.