Skip to content

Incorrect pointer size for WoW64 processes #49

Open
Open
Incorrect pointer size for WoW64 processes#49
@Cycloctane

Description

@Cycloctane
Cycloctane
opened on Jan 20, 2026

minidump library determines pointer size based on ProcessorArchitecture. However, if the dumpfile is generated from a 32-bit process running on 64-bit machine (using wow64.dll), the pointer size will be 64bit, which is not the actual size of pointers in dump file memory.

Reproduce:

  1. Run a 32-bit program on 64-bit os and create a minidump file.

  2. Use python minidump to parse it. Pointer size and unpack format are not correct.

dump_reader = MinidumpFileReader(MinidumpFile.parse("test2.dmp"))
print(dump_reader.sizeof_ptr) # 8
print(dump_reader.unpack_ptr) # "<Q"

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions