From: Dmitry Timoshkov <dmitry@baikal.ru>
Subject: [PATCH] kernel32: Implement IsWow64Process2.
Message-Id: <20200617152937.b547df80e358d2f1d1e352ab@baikal.ru>
Date: Wed, 17 Jun 2020 15:29:37 +0800

Signed-off-by: Dmitry Timoshkov <dmitry@baikal.ru>
---
 .../api-ms-win-core-wow64-l1-1-1.spec         |  1 +
 dlls/kernel32/kernel32.spec                   |  1 +
 dlls/kernelbase/kernelbase.spec               |  2 +-
 dlls/kernelbase/process.c                     | 81 +++++++++++++++++++
 include/winbase.h                             |  1 +
 5 files changed, 85 insertions(+), 1 deletion(-)

diff --git a/dlls/api-ms-win-core-wow64-l1-1-1/api-ms-win-core-wow64-l1-1-1.spec b/dlls/api-ms-win-core-wow64-l1-1-1/api-ms-win-core-wow64-l1-1-1.spec
index 08fa02c3fc..99ba713409 100644
--- a/dlls/api-ms-win-core-wow64-l1-1-1/api-ms-win-core-wow64-l1-1-1.spec
+++ b/dlls/api-ms-win-core-wow64-l1-1-1/api-ms-win-core-wow64-l1-1-1.spec
@@ -1,5 +1,6 @@
 @ stdcall GetSystemWow64DirectoryA(ptr long) kernel32.GetSystemWow64DirectoryA
 @ stdcall GetSystemWow64DirectoryW(ptr long) kernel32.GetSystemWow64DirectoryW
 @ stdcall IsWow64Process(ptr ptr) kernel32.IsWow64Process
+@ stdcall IsWow64Process2(ptr ptr ptr) kernel32.IsWow64Process2
 @ stdcall Wow64DisableWow64FsRedirection(ptr) kernel32.Wow64DisableWow64FsRedirection
 @ stdcall Wow64RevertWow64FsRedirection(ptr) kernel32.Wow64RevertWow64FsRedirection
diff --git a/dlls/kernel32/kernel32.spec b/dlls/kernel32/kernel32.spec
index 17322bcd90..e7a7f162b7 100644
--- a/dlls/kernel32/kernel32.spec
+++ b/dlls/kernel32/kernel32.spec
@@ -999,6 +999,7 @@
 @ stdcall -import IsValidNLSVersion(long wstr ptr)
 # @ stub IsValidUILanguage
 @ stdcall -import IsWow64Process(ptr ptr)
+@ stdcall -import IsWow64Process2(ptr ptr ptr)
 @ stdcall -import K32EmptyWorkingSet(long)
 @ stdcall -import K32EnumDeviceDrivers(ptr long ptr)
 @ stdcall -import K32EnumPageFilesA(ptr ptr)
diff --git a/dlls/kernelbase/kernelbase.spec b/dlls/kernelbase/kernelbase.spec
index 5e177a4932..a05bf223e8 100644
--- a/dlls/kernelbase/kernelbase.spec
+++ b/dlls/kernelbase/kernelbase.spec
@@ -884,7 +884,7 @@
 @ stdcall IsValidSid(ptr)
 @ stdcall IsWellKnownSid(ptr long)
 @ stdcall IsWow64Process(ptr ptr)
-# @ stub IsWow64Process2
+@ stdcall IsWow64Process2(ptr ptr ptr)
 @ stdcall K32EmptyWorkingSet(long)
 @ stdcall K32EnumDeviceDrivers(ptr long ptr)
 @ stdcall K32EnumPageFilesA(ptr ptr)
diff --git a/dlls/kernelbase/process.c b/dlls/kernelbase/process.c
index a3b168543f..b6e0d54ef8 100644
--- a/dlls/kernelbase/process.c
+++ b/dlls/kernelbase/process.c
@@ -882,6 +882,87 @@ BOOL WINAPI DECLSPEC_HOTPATCH IsProcessorFeaturePresent ( DWORD feature )
 }
 
 
+/**********************************************************************
+ *           IsWow64Process2   (kernelbase.@)
+ */
+BOOL WINAPI DECLSPEC_HOTPATCH IsWow64Process2( HANDLE process, USHORT *machine, USHORT *native_machine )
+{
+    BOOL wow64;
+    SYSTEM_CPU_INFORMATION sci;
+    NTSTATUS status;
+
+    if (!IsWow64Process( process, &wow64 ))
+        return FALSE;
+
+    status = NtQuerySystemInformation( SystemCpuInformation, &sci, sizeof(sci), NULL );
+    if (status)
+        return set_ntstatus( status );
+
+    if (!wow64)
+        *machine = IMAGE_FILE_MACHINE_UNKNOWN;
+    else
+    {
+        if (process != GetCurrentProcess())
+        {
+            FIXME("not implemented for other process\n");
+            *machine = IMAGE_FILE_MACHINE_UNKNOWN;
+        }
+        else
+        {
+            IMAGE_NT_HEADERS *nt;
+            nt = RtlImageNtHeader( NtCurrentTeb()->Peb->ImageBaseAddress );
+            *machine = nt->FileHeader.Machine;
+        }
+    }
+
+    switch (sci.Architecture)
+    {
+    case PROCESSOR_ARCHITECTURE_INTEL:
+        *native_machine = IMAGE_FILE_MACHINE_I386;
+        break;
+
+    case PROCESSOR_ARCHITECTURE_ALPHA:
+        *native_machine = IMAGE_FILE_MACHINE_ALPHA;
+        break;
+
+    case PROCESSOR_ARCHITECTURE_ARM:
+        *native_machine = IMAGE_FILE_MACHINE_ARM;
+        break;
+
+    case PROCESSOR_ARCHITECTURE_IA64:
+        *native_machine = IMAGE_FILE_MACHINE_IA64;
+        break;
+
+    case PROCESSOR_ARCHITECTURE_ALPHA64:
+        *native_machine = IMAGE_FILE_MACHINE_ALPHA64;
+        break;
+
+    case PROCESSOR_ARCHITECTURE_AMD64:
+        *native_machine = IMAGE_FILE_MACHINE_AMD64;
+        break;
+
+    case PROCESSOR_ARCHITECTURE_ARM64:
+        *native_machine = IMAGE_FILE_MACHINE_ARM64;
+        break;
+
+    case PROCESSOR_ARCHITECTURE_MIPS:
+    case PROCESSOR_ARCHITECTURE_PPC:
+    case PROCESSOR_ARCHITECTURE_SHX:
+    case PROCESSOR_ARCHITECTURE_MSIL:
+    case PROCESSOR_ARCHITECTURE_IA32_ON_WIN64:
+    case PROCESSOR_ARCHITECTURE_NEUTRAL:
+    case PROCESSOR_ARCHITECTURE_ARM32_ON_WIN64:
+    case PROCESSOR_ARCHITECTURE_IA32_ON_ARM64:
+    default:
+        FIXME("unknown architecture %u\n", sci.Architecture);
+        *native_machine = IMAGE_FILE_MACHINE_UNKNOWN;
+        break;
+    }
+
+    return TRUE;
+}
+
+
 /**********************************************************************
  *           IsWow64Process   (kernelbase.@)
  */
diff --git a/include/winbase.h b/include/winbase.h
index 39a4a9c9ac..981d4ea76a 100644
--- a/include/winbase.h
+++ b/include/winbase.h
@@ -2406,6 +2406,7 @@ WINADVAPI  BOOL        WINAPI IsValidSecurityDescriptor(PSECURITY_DESCRIPTOR);
 WINADVAPI  BOOL        WINAPI IsValidSid(PSID);
 WINADVAPI  BOOL        WINAPI IsWellKnownSid(PSID,WELL_KNOWN_SID_TYPE);
 WINBASEAPI BOOL        WINAPI IsWow64Process(HANDLE,PBOOL);
+WINBASEAPI BOOL        WINAPI IsWow64Process2(HANDLE,USHORT*,USHORT*);
 WINADVAPI  BOOL        WINAPI ImpersonateLoggedOnUser(HANDLE);
 WINADVAPI  BOOL        WINAPI ImpersonateNamedPipeClient(HANDLE);
 WINADVAPI  BOOL        WINAPI ImpersonateSelf(SECURITY_IMPERSONATION_LEVEL);

-- 
2.26.2