May 21, 2008
Tip and Trick Editorial

How to Suppress and Bypass System32 File System Redirect to SysWOW64 Folder with Sysnative

In 64-bit (x64) Windows operating system, including Windows Vista, Microsoft implements a feature called File System Redirector on WOW64 (Windows-32-on-Windows-64 that runs 32-bit programs without modifications) subsystem layer for 32-bit programs or DLL (dynamic link libraries) which provides a WOW64 sandbox for registry calls and some file system calls. The filesystem redirection forces 32-bit application attempts to be installed into or accessed from %windir%\System32, been intercepted and get redirected or re-pointed to %windir%\SysWOW64 instead.

The reason for the Filesystem Redirector is that in x64 edition of Windows OS, %windir%\System32 directory is reserved for 64-bit applications. However, most DLL implements Windows API has the same file names and paths that were not changed when porting to 64-bit. As there cannot be two 32-bit and 64-bit DLLs with same name and same path exist on the same system at the same time, so File System Redirector automatically isolates and makes 32-bit applications or non-64-bit aware programs use a different directory as their System32 directory, which is %windir%\SysWOW64 folder. It’s also as a way to avoid incompatibility issue to prevent a 32-bit binary from accidentally accessing data from a 64-bit binary.

However, in some cases, such as when patching the 64-bit tcpip.sys resides in %windir%\System32, the original System32 directory has to be accessed and used in order to avoid “File not found” or “The system cannot find the file specified” error. The similar symptoms is especially evident for command-line batch script which has to access 32-bit programs in the Program Files or %windir%\System32 folder, which both get redirected to Program Files (x86) and %windir%\SysWOW64 folder.

To workaround the problem, and forces a program or batch command script to get access to 32-bit programs in %windir%\System32 folder, bypassing the file system redirection, a special alias or pseudo-directory name been added on WOW64 subsystem starting with Windows Vista.

32-bit applications can access the native system directory by substituting %windir%\Sysnative for %windir%\System32. WOW64 recognizes Sysnative as a special alias used to indicate that the file system should not redirect the access. The Sysnative is just a virtual directory, alias or pseudo-directory that is not visible in Windows Explorer, directory listing, and does not support native 64-bit processes that already been accessing the %windir%\System32 folder. As such, Sysnative can only be used in file system calls, and not in application’s user interface such as dialog box to open or select folder.

Get latest updates via email: