Introduction |
| This article provides an overview of the Windows on Windows 64 (WOW64) sub-system and associated techniques that support 32 bit applications under Windows 7 / Vista 64. The Enterprise, Ultimate and Professional versions of 64 bit Windows 7 also support a 32 bit Windows XP virtual machine, which is available as optional download. Your PC must support hardware level virtualisation to use this facility. The purpose of this add on, generally referred to as XPM, is to provide an environment that will support legacy hardware and software that will not work under Windows 7. Having tested XPM, I would advise that you only use it as a last resort. It will provide legacy support if you have no other options but, compared to other virtualisation products, performance is disappointing and the default configuration raises a number of security issues. |
| Discussion |
| Under Windows 7 / Vista 64, 32-bit applications run on top of an emulation of a 32 bit operating system that is called Windows on Windows 64, or WOW64 for short. WOW64 intercepts all operating system calls made by a 32 bit application. For each operating system call made, WOW64 generates native 64 bit system calls, converting 32 bit data structures into 64 bit aligned structures. The appropriate native 64 bit system call is passed to the operating system kernel, and any output data from the 64 bit system call is converted into a format appropriate for the calling application before being passed back. Like 32 bit applications, WOW64 runs in user mode so any errors that occur in translating an operating system call will only occur at that level. The 64 bit operating system kernel cannot be affected. Since WOW64 runs in user mode, all 32 bit application code must also run in user mode. This explains why 32 bit kernel mode device drivers and applications that rely on them, will not work under Windows 7 / Vista 64. The WOW64 emulator consists of the following DLLs:
Along with the 64-bit version of Ntdll.dll, these are the only 64-bit binaries that can be loaded into a 32-bit process. At startup, Wow64.dll loads the 32 bit version of Ntdll.dll and runs its initialization code, which loads all necessary 32 bit DLLs. Almost all 32 bit DLLs are unmodified copies of the original 32 bit Windows binaries. However, some of these DLLs have been modified to behave differently on WOW64 than they do on 32 bit Windows. This is usually because they share memory with 64 bit system components. In addition to handling operating system calls, the WOW64 interface needs to ensure that files and registry settings for 32 bit applications are kept apart from those for 64 bit applications. To achieve this two mechanisms are used, File and Registry Redirection. File Redirection This ensures that there are separate folders for program and operating system files for 32 and 64 bit applications. 32 bit applications files are installed into C:\Program Files(x86) 32 bit system files are installed into C:\WINDOWS\SysWOW64 For 64 bit applications, files are installed to C:\Program Files and C:\WINDOWS\SYSTEM32 The WOW64 file redirector ensures that requests from 32 bit applications to open files in C:\Program Files or C:\WINDOWS\SYSTEM32 are redirected to the appropriate 32 bit directories. There is one issue with file redirection that users and developers should be aware of. Many 64 bit applications still use 32 bit installation routines. To ensure that an application is installed correctly, i.e. to C:\Program Files, the installation routine should make an operating system call to temporarily suspend the WOW64 file redirector. After installation another operating system call needs to be made to re-enable the redirector. If this approach isn't followed then the application will be installed to C:\Program Files (x86). A classic example of this is the 64 bit development version of Firefox 3.5, codenamed Shiretoko, which is installed to C:\Program Files(x86)\Shiretok o. Firefox still functions correctly, the only thing you can't do is change the icon for the application. Registry Redirection Registry keys specific to 32-bit applications are redirected from HKEY_LOCAL_MACHINE\ Software to HKEY_LOCAL_MACHINE\ Software\ WOW6432Node You may also occasionally see Registry entries under HKEY_CURRENT_ USER\Software\ WOW6432Node although this is unusual. This approach allows both the 32 bit and 64 bit versions of an application to be installed side-by-side without overwriting each other’s settings. Some redirected keys and/or values are also reflected. This means that if a 32 bit application makes a change to the redirected section of the registry, that change is also made to the 64 bit part of the registry, and vice-versa. Key reflection uses a policy of last writer wins. For example, if I:
Double-clicking on a file with the extension XYZ in Explorer would load the application installed in step 3, as it was the last one to associate itself with this extension. All of this is done transparently for 32 bit applications by WOW64, which, in intercepting calls to the operating system, detects references to file paths and registry keys and maps them accordingly. Code Injection Code injection is used to add functionality to existing applications. The majority of shell extensions rely on this technique to add themselves to Explorer. Under 64 bit Windows it is not possible to inject 32 bit code into a 64 bit process, nor is it possible to inject 64 bit code into a 32 bit process. This explains why most 32 bit shell extensions do not work under Windows 7 / Vista 64. |
| Summary |
| Most 32 bit applications will run quite happily under Windows 7 / Vista 64. The main exceptions are:
Some applications may work with reduced functionality. These include uninstallers, registry cleaners and tweaking programs, amongst others, since they only have access to that part of the Registry made visible to them by WOW64. |
Posts
No comments:
Post a Comment