KBEC-00156 - Launching 32-bit WOW64 shells in 64-bit Windows

Summary

By default, the ElectricFlow agent runs the cmd shells found in System32 directory which on 64-bit systems is a 64-bit cmd shell.

If you want to debug the setup of 32-bit applications, such as an ElectricFlow agent or encryption software, which may work different in 32-bit than 64-bit mode, you must use the 32-bit command line environment.

Solution

1. Use msinfo32.exe from a command shell to determine the OS architecture. Under the "System Summary" the field "System Type" will say 64 or 32.
2. Make sure the WOW64 package is installed on your 64-bit system.
3. When you open a cmd shell, it will be a 64-bit cmd shell.
4. Reference a direct path to the 32-bit WOW64 command shell in the step "shell" entry.

Example shell specification

%windir%\SysWoW64\cmd.exe

By default, most Windows systems use this hard coded path:

Example logic using environment variables.

C:\Windows\SysWoW64\cmd.exe

Because the cmd inherits the parents environment (the agent is running 32 bit remember) the following will detect if you are on a 64-bit system.

References

1. Information on WOW64 http://en.wikipedia.org/wiki/WOW64
2. WOW64 is optional http://msdn.microsoft.com/en-us/library/dd371790%28VS.85%29.aspx
3. The example code is from http://blogs.msdn.com/b/david.wang/archive/2006/03/26/howto-detect-process-bitness.aspx