bphlpt wrote:I mean if someone was going to manually create the SysWOW64 folder, they could just as easily create the cmd.exe file inside it, even if it was a zero byte file, so I don't think that provides much extra protection, really.
Is not about someone, is about some "not verry well written" setup package.
The Internet is full of this kind of stupid setup packages, that come sometimes,
to acomplish many verry well written programs. Sometimes, software developers
are verry good in his programming language, C++ for example, but are less experienced
into solving packaging and distributing software, inno setup, for example.
There are real chances to find some x32/x64 setup package that want to drop some dll
or exe into SysWOW64 folder, and to create it, even if you are running into one x86 OS.
But the chance that someone/some setup pack to try to overwrite the existing
cmd.exe, is less efective. Maybe just some kind of malware, can try to replace cmd.exe
that allready come with OS.
Maybe one combined method, checking PROCESSOR_ARCHITECTURE and plus,
checking for %windir%\SysWOW64\cmd.exe will approach to the desired 100%.