From 1ec9816d9a994ac7f675045ec7a86ee7a7b37277 Mon Sep 17 00:00:00 2001
From: ahm3dgg <ahm3dgg@proton.me>
Date: Wed, 7 Jan 2026 19:50:26 +0200
Subject: [PATCH] Return STATUS_IMAGE_MACHINE_TYPE_MISMATCH in case a 64-bit
 process tries to map a 32-bit executable

---
 src/common/platform/status.hpp            | 1 +
 src/windows-emulator/syscalls/section.cpp | 6 ++++++
 2 files changed, 7 insertions(+)

diff --git a/src/common/platform/status.hpp b/src/common/platform/status.hpp
index 80663621..935cb406 100644
--- a/src/common/platform/status.hpp
+++ b/src/common/platform/status.hpp
@@ -86,6 +86,7 @@ using NTSTATUS = std::uint32_t;
 #define STATUS_PORT_NOT_SET               ((NTSTATUS)0xC0000353L)
 #define STATUS_DEBUGGER_INACTIVE          ((NTSTATUS)0xC0000354L)
 #define STATUS_IMAGE_NOT_AT_BASE          ((NTSTATUS)0x40000003L)
+#define STATUS_IMAGE_MACHINE_TYPE_MISMATCH	((NTSTATUS)0x4000000EL)
 
 #define FILE_DEVICE_NETWORK               0x00000012
 #define FSCTL_AFD_BASE                    FILE_DEVICE_NETWORK
diff --git a/src/windows-emulator/syscalls/section.cpp b/src/windows-emulator/syscalls/section.cpp
index 786d3518..26659907 100644
--- a/src/windows-emulator/syscalls/section.cpp
+++ b/src/windows-emulator/syscalls/section.cpp
@@ -276,6 +276,12 @@ namespace syscalls
 
             base_address.write(binary->image_base);
 
+            // Should return STATUS_IMAGE_MACHINE_TYPE_MISMATCH if a 64-bit process tried to map a 32-bit PE.
+            if (!c.win_emu.process.is_wow64_process && binary->machine == IMAGE_FILE_MACHINE_I386)
+            {
+                return STATUS_IMAGE_MACHINE_TYPE_MISMATCH;
+            }
+
             if (c.win_emu.mod_manager.get_module_load_count_by_path(section_entry->file_name) > 1)
             {
                 return STATUS_IMAGE_NOT_AT_BASE;