malware_training_vol1 icon indicating copy to clipboard operation
malware_training_vol1 copied to clipboard

Published 20 hours ago verified publisher icon hasherezade

Vol1-Mod1.4WoW64-Slide3 - Emulator vs Subsystem

Open BlueSkeye opened this issue 3 years ago • 1 comments

AFAIU WoW64 is an emulator not a subsystem.

Microsoft itself defines WoW64 as an emulator : https://docs.microsoft.com/en-us/windows/win32/winprog64/wow64-implementation-details ... while it advertises WSL as a subsystem : https://docs.microsoft.com/en-us/windows/wsl/

BlueSkeye avatar Mar 26 '21 14:03 BlueSkeye

AFAIU WoW64 is an emulator not a subsystem.

Microsoft itself defines WoW64 as an emulator : https://docs.microsoft.com/en-us/windows/win32/winprog64/wow64-implementation-details

Yes, and this emulator is also known as subsystem.

"In computing on Microsoft platforms, WoW64 (Windows 32-bit on Windows 64-bit) is a subsystem of the Windows operating system capable of running 32-bit applications on 64-bit Windows." - via Wikipedia

"Dive deep into the WOW64 subsystem and see how malware abuses Heavens Gate" - FireEye's tweet

Just Google for more if you need.

hasherezade avatar Mar 26 '21 17:03 hasherezade