WoW64 and So Can You

Today, the Duo Labs team is publishing a research paper on the limitations of Microsoft’s Enhanced Mitigation Experience Toolkit (EMET) when applied to processes running under WoW64. Time and time again, the costs and risks associated with new technology adoption drive the software industry to provide backward compatibility layers that aim to ease the transition but instead become sacred, ingrained features.

Often times, these features obfuscate the behavior of and stifle the effectiveness of various security components as is exemplified by this paper. In my opinion it is only when backward compatibility gets taken off the table can evolutionary leaps in our security models be made. The perfect example of this is the contrast of the out-of-the-box security posture of ARM and x86 editions of Windows.


HitmanPro.Alert 3.1 Build 332 BETA

A new build to mitigate the newly disclosed WoW64 bypass by Duo Security.

This build also supports Windows 10 "Threshold 2" build 10586 which was pushed to "Fast Ring" subscribers last week.


  • Added support for Windows 10 "Threshold 2" build 10586
  • Improved SysCall Mitigation to protect against various WoW64 bypasses.
  • Improved Installer to handle partly uninstalled installations.


Windows 10 x64 22H2 | Kubuntu 22.10 | Mint Cinnamon 21.1



Re: WoW64 and So Can You

Windows 10 x64 22H2 | Kubuntu 22.10 | Mint Cinnamon 21.1

This thread is closed from further comment. Please visit the forum to start a new thread.