You probably know from DOS / Windows / Linux / Mac OS, that it is impossible to create two files with the same name and extension in the same folder / directory.
Yesterday, I saw a miracle – two programs show the same file differently. One program was PHP interpreter (fread funciton), other FAR Manager.
First reaction – PHP must be mishandling binary data. Quick search – fread is Binary-safe file read… second thought – PHP ord is converting using Windows code page… no bin2hex is giving the same result.
Second reaction – if two programs show this file differently, and as an example I was using .exe file, this must be some virus or worm, that has installed some poorly coded rootkit.
Today, with fresh view on this strange behavior, I started to get picture from memory. PHP is 32-bit program, FAR that I am using is 64-bit. Raymond Chen or someone else from Microsoft has written, that Windows does not allow 32-bit programs access 64-bit dlls, so that must be it.
A little search and – Registry and file redirection (Article ID: 896456):
The WOW64 subsystem isolates 32-bit binaries from 64-bit binaries by redirecting registry calls and some file system calls. The WOW64 subsystem isolates the binaries to prevent a 32-bit binary from accidentally accessing data from a 64-bit binary. For example, a 32-bit binary that runs a .dll file from the %systemroot%\System32 folder might accidentally try to access a 64-bit .dll file that is not compatible with the 32-bit binary. To prevent this, the WOW64 subsystem redirects the access from the %systemroot%\System32 folder to the %systemroot%\SysWOW64 folder. This redirection prevents compatibility errors because it requires the .dll file to be specifically designed to work with 32-bit programs.
My test file path was: C:\Windows\System32\Notepad.exe and 32-bit application accessed redirected version – C:\Windows\SysWOW64\notepad.exe. This is by design in 64-bit world.
P.S. OS version Windows 7 Ultimate 64-bit.