My x64 bit dx11 process loads dxgi.dll and claims to be using the one from C:\Windows\System32\dxgi.dll.
However, whenever I inspect it in ram, the opcodes don't match up at all as if its loading a different version of the dll.
How can I find the real location/module that it is using?
Windows maps the
system32folder to a different real folder depending on if the executable is 32 bit or 64 bit. Under a 32 bit process, this will map toSysWOW64, which contains the 32 bit binaries. A 64 bit process will get the 64 bit binaries insystem32. A 32 bit process can see the 64 bit binaries by using thesysnativefolder, which will map tosystem32.