Why different processes see different instances of the System32 folder?

10

10

I am running Windows 8 Enterprise x64. I logged on using an account from the Administrators group. When I open Windows Explorer or a command prompt, then I can see the file cdd.dll:

Windows Explorer

C:\Windows\system32>dir cdd.dll
 Volume in drive C has no label.
 Volume Serial Number is ▨▨▨▨-▨▨▨▨

 Directory of C:\Windows\system32

07/25/2012  09:49 PM           199,680 cdd.dll

But if I open an Open File dialog from Chrome browser, Visual Studio or some other applications (they are all 32-bit apps) and navigate to C:\Windows\system32 then there is no such file (the filter is set to show All Files). And if I invoke the "Open command window here" context menu item using Shift+RightClick in the Open File dialog and type dir it confirms that there is no such file:

Open File Dialog

C:\Windows\System32>dir cdd.dll
 Volume in drive C has no label.
 Volume Serial Number is ▨▨▨▨-▨▨▨▨

 Directory of C:\Windows\System32

File Not Found

This effect is not specific to cdd.dll, many other files differ as well. I've been told that this is an effect of the file system virtualization, that I know very little about.

Could you please explain or give me a reference that explains how this actually works? Are there actually several different instances of the System32 folder. What is their physical location on the disk? Is it possible to access from a 32-bit process files in a different System32 folder than one shown to 32-bit processes by default.

Vladimir Reshetnikov

Posted 2013-07-15T23:09:36.643

Reputation: 686

Do they appear in any x64 apps? I have a hunch that Windows "hides" 64-bit drivers (cdd.dll is a display driver) from 32-bit apps. – Nathan C – 2013-07-15T23:49:39.777

Yes, all 64-bit apps that allow to browse the file system (e.g. have an Open File dialog) show the same files as Windows Explorer. – Vladimir Reshetnikov – 2013-07-15T23:54:35.573

@VladimirReshetnikov Is there somthing you still don't understand, you edited your question but did not include any more details, you also did not accept any of the answers. Do you need anything else clarified? – Scott Chamberlain – 2013-07-16T21:40:58.350

@ScottChamberlain I just edited tags. You answer is very good. Thanks! – Vladimir Reshetnikov – 2013-07-17T02:27:19.373

Answers

11

The issue is folder redirection, If a 32 bit program attempts to access the %windir%\System32 folder it will be invisibly redirected to the %windir%\SysWOW64 directory, this is for 32/64 bit application compatibility.

All the files in System32 are 64 bit, however if a program was incorrectly written they may have hardcoded the System32 in to their program when looking for a DLL. To prevent random program crashes from incorrectly written programs Microsoft does that redirect.

If you need to access the System32 folder and not the SysWOW64 folder navigate to the "hidden" folder %windir%\sysnative which will take you to the "real" System32 folder and you can browse the folder like normal.

Scott Chamberlain

Posted 2013-07-15T23:09:36.643

Reputation: 28 923

%windir% is a environment variable, you could type it in just like that in windows and it would work, 99% of the time it represents C:\Windows – Scott Chamberlain – 2013-07-16T21:39:32.767

4

WOW64 (Windows on Windows 64bit) uses various technologies/techniques to support 32bit applications. Among those is Folder and Registry redirectors.

Windows Dev Center: Desktop Running 32-bit Applications

Brian

Posted 2013-07-15T23:09:36.643

Reputation: 8 439

And more specifically, information on Application Compatibility Profiles which is what makes this magic happen. – David Hoelzer – 2013-07-16T00:41:52.490

Asked: 2013-07-15T23:09:36.643

Viewed: 886 times

Active: 2013-07-16T17:36:21.657