64位系统上32位进程拷贝文件到System32目录时的重定向

64位系统上，32位进程拷贝文件到"System32"目录时，会被文件系统重定向到"SysWOW64"目录

 

要禁用这种重定向，需要用到下面2个API：

Wow64DisableWow64FsRedirection()

Wow64RevertWow64FsRedirection()

下面是微软的示例代码：

  #ifdef _WIN32_WINNT
  #undef _WIN32_WINNT
  #endif
  #define _WIN32_WINNT 0x0501
  
  #ifdef NTDDI_VERSION
  #undef NTDDI_VERSION
  #endif
  #define NTDDI_VERSION 0x05010000
  
  #include <Windows.h>
  
  void main()
  {
      HANDLE hFile = INVALID_HANDLE_VALUE;
      PVOID OldValue = NULL;
  
      //  Disable redirection immediately prior to the native API
  
      //  function call.
  
      if( Wow64DisableWow64FsRedirection(&OldValue) ) 
      {
          //  Any function calls in this block of code should be as concise
  
          //  and as simple as possible to avoid unintended results.
  
          hFile = CreateFile(TEXT("C:\\Windows\\System32\\Notepad.exe"),
              GENERIC_READ,
              FILE_SHARE_READ,
              NULL,
              OPEN_EXISTING,
              FILE_ATTRIBUTE_NORMAL,
              NULL);
  
          //  Immediately re-enable redirection. Note that any resources
  
          //  associated with OldValue are cleaned up by this call.
  
          if ( FALSE == Wow64RevertWow64FsRedirection(OldValue) )
          {
              //  Failure to re-enable redirection should be considered
  
              //  a criticial failure and execution aborted.
  
              return;
          }
      }
      
      //  The handle, if valid, now can be used as usual, and without
  
      //  leaving redirection disabled. 
  
      if( INVALID_HANDLE_VALUE != hFile )  
      {
          // Use the file handle
  
      }
  }

 

参考：

https://msdn.microsoft.com/zh-cn/library/windows/desktop/aa365743%28v=vs.85%29.aspx?f=255&MSPPError=-2147217396