Windows

List of DLLs in x64 Windows for wow64?

There is a 32 bit process on a 64 bit system. I'm trying to get a list of DLLs via:

1. PEB and Module32Next
   C:\Windows\SYSTEM32\ntdll.dll
   C:\Windows\SYSTEM32\kernel32.dll
   C:\Windows\SYSTEM32\kernelbase.dll
   C:\Windows\SYSTEM32\user32.dll
   C:\Windows\SYSTEM32\ gdi32.dll
   C:\Windows\SYSTEM32\msvcr100.dll
   C:\Windows\SYSTEM32\imm32.dll
   
2. Process Explorer
   C:\Windows\SysWOW64\bcryptprimitives.dll
   C:\Windows\SysWOW64\combase.dll
   C:\Windows\SysWOW64\cryptbase.dll
   C:\Windows\SysWOW64\dwmapi.dll
   C:\Windows\SysWOW64\gdi32 .dll
   C:\Windows\SysWOW64\imm32.dll
   

Why in case 1 "C:\Windows\SYSTEM32\" and not C:\Windows\SysWOW64\ It is
requested from a 32 bit (WOW64) process for itself.

HANDLE h;
PEB p;
PROCESS_BASIC_INFORMATION s;
DWORD w=0;
HMODULE hMsi;
PLDR_MODULE curr;
PLDR_MODULE b;
DWORD adr;
BYTE *bfv;
long sz;
DWORD r;
HANDLE hf;
MODULEENTRY32 pf;


hMsi=LoadLibrary("ntdll.dll");
NtQueryInformationProcess=(NtQueryInformationProcessQ)GetProcAddress(hMsi,"NtQueryInformationProcess");


h=CreateToolhelp32Snapshot(TH32CS_SNAPMODULE,GetCurrentProcessId());
ZeroMemory(&pf,sizeof(pf));
pf.dwSize=sizeof(pf);
Module32First(h,&pf);
for(;;)
{
  ZeroMemory(&pf,sizeof(pf));
  pf.dwSize=sizeof(pf);
  w=Module32Next(h,&pf);
  printf("%s \n",pf.szExePath);
  if( w==0 ) break;
}

MessageBox(0,0,0,1);


ZeroMemory(&s,sizeof(s));
h=OpenProcess(PROCESS_QUERY_INFORMATION|PROCESS_VM_READ,0,GetCurrentProcessId());
if( h>0 )
{
  if( NtQueryInformationProcess(h,ProcessBasicInformation,&s,sizeof(s),&w)==0 )
  {
    // if( GetProcAddress(LoadLibrary("kernel32.dll"),"IsWow64Process")==0 )
    // {
      ZeroMemory(&p,sizeof(p));
      ReadProcessMemory(h,s.PebBaseAddress,&p,sizeof(p),&w);
      if( w>0 )
      {
        curr=(PLDR_MODULE)p.Ldr->InMemoryOrderModuleList.Flink;
        curr=(PLDR_MODULE)((DWORD)curr-sizeof(LIST_ENTRY));
        b=(PLDR_MODULE)&p.Ldr->InMemoryOrderModuleList;
        b=(PLDR_MODULE)((DWORD)b-sizeof(LIST_ENTRY));

        while(curr!=b)
        {
          printf("%p \n",curr);
          wprintf(L"%s \n",curr->FullDllName.Buffer);
          printf(" \n");

          curr=(PLDR_MODULE)curr->InMemoryOrderModuleList.Flink;
          curr=(PLDR_MODULE)((DWORD)curr-sizeof(LIST_ENTRY));
        }
      }
    }
  }
}