When hawkeye is spying an x86 process, it is injected in and therefore itself running as an x86 process. If a window belonging to an x64 process is selected, we try to determine the list of loaded modules for the owning process. This fails as an x86 process can't see x64 processes...
Because we base the framework version detection on this modules list, it appears that this version remains Unknown thus preventing injection.

Maybe we should base the fx detection on the Window class property:

• WindowsForms10 is .NET 1 (not supported)
• WindowsForms11 is .NET 2 (and greater?)

If we can only determine we have a .NET winforms window but not the precise Clr version, we may end up reloading Hawkeye twice, once in x64/.NET 4 so that we can detect the fx version, then if it is not .NET 4, but .NET 2 in the x64/.NET 2 version.

See Acorns.Hawkeye.Core\HawkeyeHook.cs in original Hawkeye.

The solution is to run the original Hawkeye.exe application (not injecting it but passing-it the target window handle) when x86 hawkeye tries to inspect an x64 process.
Because Hawkeye is compiled as 'Any Cpu', it'll run as x64 on a x64 box.
To summarize in these cases, we make a double-hop in order to attach the correct version of Hawkeye.