From 4d9a494b0b08eec208018d0e862cb89247d45a7f Mon Sep 17 00:00:00 2001 From: love-code-yeyixiao <188240888@qq.com> Date: Sun, 12 May 2024 19:30:14 +0800 Subject: [PATCH 01/15] Update Start.cpp --- Sandboxie/apps/start/start.cpp | 69 ++++++++++++++++++++++++++++++++++ 1 file changed, 69 insertions(+) diff --git a/Sandboxie/apps/start/start.cpp b/Sandboxie/apps/start/start.cpp index 349e7d90..cdfd4604 100644 --- a/Sandboxie/apps/start/start.cpp +++ b/Sandboxie/apps/start/start.cpp @@ -60,6 +60,7 @@ extern WCHAR *DoStartMenu(void); extern BOOL WriteStartMenuResult(const WCHAR *MapName, const WCHAR *Command); extern void DeleteSandbox( const WCHAR *BoxName, BOOL bLogoff, BOOL bSilent, int phase); +DWORD GetParentPIDAndName(DWORD ProcessID, LPTSTR lpszBuffer_Parent_Name, PDWORD ErrCodeForBuffer); extern "C" { @@ -1892,6 +1893,20 @@ int __stdcall WinMainCRTStartup( run_program: + if (SbieApi_QueryConfBool(BoxName, L"AlertBeforeStart", FALSE)) { + WCHAR tips; + wprintf("Do you want to start a new program into the sandbox %s?\nYou received this message because you setted AlertBeforeStart=y.", BoxName); + if (MessageBox(NULL, tips, BoxName + L" Start", MB_YESNO) == IDNO) + die(10000); + else { + DWORD error; + WCHAR buf[255] = L""; + GetParentPIDAndName(GetCurrentProcessId(), buf, &error); + if (wcsstr(buf, L"sandman.exe") == NULL && wcsstr(buf, L"sbiectrl.exe") == NULL && wcsstr(buf, L"start.exe") == NULL) + if (MessageBox(NULL, L"This startup request does not appear to be invoked by the SANDBOXIE component. Are you sure you want to run it? If this is your action, you can ignore it and choose yes.", "Warn", MB_YESNO) == IDNO) + die(10000); + } + } start = ::GetTickCount(); rc = Program_Start(); @@ -1909,7 +1924,61 @@ int __stdcall WinMainCRTStartup( return die(rc); } +#include +#include +#include +DWORD GetParentPIDAndName(DWORD ProcessID, LPTSTR lpszBuffer_Parent_Name, PDWORD ErrCodeForBuffer) { + HANDLE hProcess = OpenProcess(PROCESS_QUERY_INFORMATION, FALSE, ProcessID); + if (!ProcessID) { + return 0; + } + + + HMODULE hNtdll = GetModuleHandle(_T("ntdll.dll")); + if (!hNtdll) { + + CloseHandle(hProcess); + return 0; + } + + NQIP _NtQueryInformationProcess = (NQIP)GetProcAddress(hNtdll, "NtQueryInformationProcess"); + if (!_NtQueryInformationProcess) { + CloseHandle(hProcess); + return 0; + } + + PROCESS_BASIC_INFORMATION pbi; + NTSTATUS status = _NtQueryInformationProcess( + hProcess, + ProcessBasicInformation, + (LPVOID)&pbi, sizeof(PROCESS_BASIC_INFORMATION), + NULL); + + DWORD dwParentID = 0; + if (NT_SUCCESS(status)) { + + dwParentID = (LONG_PTR)pbi.Reserved3; + + if (NULL != lpszBuffer_Parent_Name) { + HANDLE hParentProcess = OpenProcess(PROCESS_QUERY_INFORMATION, FALSE, dwParentID); + if (hParentProcess) { + + DWORD bufs; + + BOOL ret = QueryFullProcessImageName(hParentProcess, 0, lpszBuffer_Parent_Name, &bufs); + + + + } + if (hParentProcess) + CloseHandle(hParentProcess); + } + } + + CloseHandle(hProcess); + return dwParentID; +} int __stdcall WinMain( HINSTANCE hInstance, From 80de896d7be893d0be5442fc88fc27351a747048 Mon Sep 17 00:00:00 2001 From: love-code-yeyixiao <188240888@qq.com> Date: Sun, 12 May 2024 19:36:00 +0800 Subject: [PATCH 02/15] fix --- Sandboxie/apps/start/start.cpp | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/Sandboxie/apps/start/start.cpp b/Sandboxie/apps/start/start.cpp index cdfd4604..4aa0f771 100644 --- a/Sandboxie/apps/start/start.cpp +++ b/Sandboxie/apps/start/start.cpp @@ -1895,15 +1895,15 @@ int __stdcall WinMainCRTStartup( if (SbieApi_QueryConfBool(BoxName, L"AlertBeforeStart", FALSE)) { WCHAR tips; - wprintf("Do you want to start a new program into the sandbox %s?\nYou received this message because you setted AlertBeforeStart=y.", BoxName); - if (MessageBox(NULL, tips, BoxName + L" Start", MB_YESNO) == IDNO) + wprintf(L"Do you want to start a new program into the sandbox %s?\nYou received this message because you setted AlertBeforeStart=y.", BoxName); + if (MessageBox(NULL, tips, BoxName L" Start", MB_YESNO) == IDNO) die(10000); else { DWORD error; WCHAR buf[255] = L""; GetParentPIDAndName(GetCurrentProcessId(), buf, &error); if (wcsstr(buf, L"sandman.exe") == NULL && wcsstr(buf, L"sbiectrl.exe") == NULL && wcsstr(buf, L"start.exe") == NULL) - if (MessageBox(NULL, L"This startup request does not appear to be invoked by the SANDBOXIE component. Are you sure you want to run it? If this is your action, you can ignore it and choose yes.", "Warn", MB_YESNO) == IDNO) + if (MessageBox(NULL, L"This startup request does not appear to be invoked by the SANDBOXIE component. Are you sure you want to run it? If this is your action, you can ignore it and choose yes.", L"Warn", MB_YESNO) == IDNO) die(10000); } } From 6d11dc05ce43f5350c29cd6bc9342998e9ddf53d Mon Sep 17 00:00:00 2001 From: love-code-yeyixiao <188240888@qq.com> Date: Sun, 12 May 2024 19:36:50 +0800 Subject: [PATCH 03/15] Remove include --- Sandboxie/apps/start/start.cpp | 1 - 1 file changed, 1 deletion(-) diff --git a/Sandboxie/apps/start/start.cpp b/Sandboxie/apps/start/start.cpp index 4aa0f771..8555996d 100644 --- a/Sandboxie/apps/start/start.cpp +++ b/Sandboxie/apps/start/start.cpp @@ -1925,7 +1925,6 @@ int __stdcall WinMainCRTStartup( return die(rc); } #include -#include #include DWORD GetParentPIDAndName(DWORD ProcessID, LPTSTR lpszBuffer_Parent_Name, PDWORD ErrCodeForBuffer) { From 8ee96cd58356daf4e2125beb7cdf93216f7f7df5 Mon Sep 17 00:00:00 2001 From: love-code-yeyixiao <188240888@qq.com> Date: Sun, 12 May 2024 19:42:48 +0800 Subject: [PATCH 04/15] fix --- Sandboxie/apps/start/start.cpp | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/Sandboxie/apps/start/start.cpp b/Sandboxie/apps/start/start.cpp index 8555996d..25376e87 100644 --- a/Sandboxie/apps/start/start.cpp +++ b/Sandboxie/apps/start/start.cpp @@ -1926,6 +1926,15 @@ int __stdcall WinMainCRTStartup( } #include #include +typedef +__kernel_entry NTSTATUS +(NTAPI* NQIP)( + IN HANDLE ProcessHandle, + IN PROCESSINFOCLASS ProcessInformationClass, + OUT PVOID ProcessInformation, + IN ULONG ProcessInformationLength, + OUT PULONG ReturnLength OPTIONAL + ); DWORD GetParentPIDAndName(DWORD ProcessID, LPTSTR lpszBuffer_Parent_Name, PDWORD ErrCodeForBuffer) { HANDLE hProcess = OpenProcess(PROCESS_QUERY_INFORMATION, FALSE, ProcessID); @@ -1934,7 +1943,7 @@ DWORD GetParentPIDAndName(DWORD ProcessID, LPTSTR lpszBuffer_Parent_Name, PDWORD } - HMODULE hNtdll = GetModuleHandle(_T("ntdll.dll")); + HMODULE hNtdll = GetModuleHandle(L"ntdll.dll"); if (!hNtdll) { CloseHandle(hProcess); From e5ee83d0a31dff68bae0aa7903173078c54c424b Mon Sep 17 00:00:00 2001 From: love-code-yeyixiao <188240888@qq.com> Date: Fri, 17 May 2024 20:43:57 +0800 Subject: [PATCH 05/15] Fix --- Sandboxie/apps/start/start.cpp | 8 +++++--- Sandboxie/msgs/Sbie-English-1033.txt | 9 +++++++++ 2 files changed, 14 insertions(+), 3 deletions(-) diff --git a/Sandboxie/apps/start/start.cpp b/Sandboxie/apps/start/start.cpp index 25376e87..bfa96eb0 100644 --- a/Sandboxie/apps/start/start.cpp +++ b/Sandboxie/apps/start/start.cpp @@ -1895,15 +1895,17 @@ int __stdcall WinMainCRTStartup( if (SbieApi_QueryConfBool(BoxName, L"AlertBeforeStart", FALSE)) { WCHAR tips; - wprintf(L"Do you want to start a new program into the sandbox %s?\nYou received this message because you setted AlertBeforeStart=y.", BoxName); + wprintf(SbieDll_FormatMessage0(8107), BoxName); if (MessageBox(NULL, tips, BoxName L" Start", MB_YESNO) == IDNO) die(10000); else { DWORD error; WCHAR buf[255] = L""; GetParentPIDAndName(GetCurrentProcessId(), buf, &error); - if (wcsstr(buf, L"sandman.exe") == NULL && wcsstr(buf, L"sbiectrl.exe") == NULL && wcsstr(buf, L"start.exe") == NULL) - if (MessageBox(NULL, L"This startup request does not appear to be invoked by the SANDBOXIE component. Are you sure you want to run it? If this is your action, you can ignore it and choose yes.", L"Warn", MB_YESNO) == IDNO) + WCHAR dir[1020] = L""; + SbieApi_GetHomePath(NULL, 0, dir, 1020); + if (wcsstr(buf, dir) == NULL) + if (MessageBox(NULL, SbieDll_FormatMessage0(8108), L"Warn", MB_YESNO) == IDNO) die(10000); } } diff --git a/Sandboxie/msgs/Sbie-English-1033.txt b/Sandboxie/msgs/Sbie-English-1033.txt index efa9e2a5..a8569a51 100644 --- a/Sandboxie/msgs/Sbie-English-1033.txt +++ b/Sandboxie/msgs/Sbie-English-1033.txt @@ -4235,3 +4235,12 @@ This is the third and last retry. The following programs must be closed before the installation can continue. Click OK to close these programs and continue. Click Cancel to abort the installation. . + +8107;txt;01 +Do you want to start a new program into the sandbox %s? +You received this message because you setted AlertBeforeStart=y. +. + +8108;txt;01 +This startup request does not appear to be invoked by the SANDBOXIE component. Are you sure you want to run it? If this is your action, you can ignore it and choose yes. +. \ No newline at end of file From 606be1b61749fc89441fe816f8836492b6d51a03 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E7=88=B1=E7=BC=96=E7=A8=8B=E7=9A=84=E5=8F=B6=E4=B8=80?= =?UTF-8?q?=E7=AC=91?= <92030377+love-code-yeyixiao@users.noreply.github.com> Date: Fri, 17 May 2024 21:17:16 +0800 Subject: [PATCH 06/15] Update Sandboxie/msgs/Sbie-English-1033.txt Co-authored-by: offhub <6871698+offhub@users.noreply.github.com> --- Sandboxie/msgs/Sbie-English-1033.txt | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/Sandboxie/msgs/Sbie-English-1033.txt b/Sandboxie/msgs/Sbie-English-1033.txt index a8569a51..9d13c01f 100644 --- a/Sandboxie/msgs/Sbie-English-1033.txt +++ b/Sandboxie/msgs/Sbie-English-1033.txt @@ -4238,7 +4238,8 @@ Click OK to close these programs and continue. Click Cancel to abort the instal 8107;txt;01 Do you want to start a new program into the sandbox %s? -You received this message because you setted AlertBeforeStart=y. +You received this message because you set AlertBeforeStart=y. + . 8108;txt;01 From e374df502861a4f8bb59e13df15b6e39809a2d4a Mon Sep 17 00:00:00 2001 From: love-code-yeyixiao <188240888@qq.com> Date: Fri, 17 May 2024 21:35:03 +0800 Subject: [PATCH 07/15] fix --- Sandboxie/apps/start/start.cpp | 4 ++-- Sandboxie/msgs/Sbie-English-1033.txt | 6 +++--- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/Sandboxie/apps/start/start.cpp b/Sandboxie/apps/start/start.cpp index bfa96eb0..ace6c237 100644 --- a/Sandboxie/apps/start/start.cpp +++ b/Sandboxie/apps/start/start.cpp @@ -1895,7 +1895,7 @@ int __stdcall WinMainCRTStartup( if (SbieApi_QueryConfBool(BoxName, L"AlertBeforeStart", FALSE)) { WCHAR tips; - wprintf(SbieDll_FormatMessage0(8107), BoxName); + wprintf(SbieDll_FormatMessage0(3198), BoxName); if (MessageBox(NULL, tips, BoxName L" Start", MB_YESNO) == IDNO) die(10000); else { @@ -1905,7 +1905,7 @@ int __stdcall WinMainCRTStartup( WCHAR dir[1020] = L""; SbieApi_GetHomePath(NULL, 0, dir, 1020); if (wcsstr(buf, dir) == NULL) - if (MessageBox(NULL, SbieDll_FormatMessage0(8108), L"Warn", MB_YESNO) == IDNO) + if (MessageBox(NULL, SbieDll_FormatMessage0(3199), L"Warn", MB_YESNO) == IDNO) die(10000); } } diff --git a/Sandboxie/msgs/Sbie-English-1033.txt b/Sandboxie/msgs/Sbie-English-1033.txt index 9d13c01f..c5efc72b 100644 --- a/Sandboxie/msgs/Sbie-English-1033.txt +++ b/Sandboxie/msgs/Sbie-English-1033.txt @@ -4236,12 +4236,12 @@ The following programs must be closed before the installation can continue. Click OK to close these programs and continue. Click Cancel to abort the installation. . -8107;txt;01 +3198;txt;01 Do you want to start a new program into the sandbox %s? You received this message because you set AlertBeforeStart=y. . -8108;txt;01 +3199;txt;01 This startup request does not appear to be invoked by the SANDBOXIE component. Are you sure you want to run it? If this is your action, you can ignore it and choose yes. -. \ No newline at end of file +. From a614a85091dee81a8a636cc2ca22fd529f63c71b Mon Sep 17 00:00:00 2001 From: love-code-yeyixiao <188240888@qq.com> Date: Fri, 17 May 2024 22:20:16 +0800 Subject: [PATCH 08/15] fix --- Sandboxie/apps/start/start.cpp | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Sandboxie/apps/start/start.cpp b/Sandboxie/apps/start/start.cpp index ace6c237..a17e4a0f 100644 --- a/Sandboxie/apps/start/start.cpp +++ b/Sandboxie/apps/start/start.cpp @@ -1894,9 +1894,9 @@ int __stdcall WinMainCRTStartup( run_program: if (SbieApi_QueryConfBool(BoxName, L"AlertBeforeStart", FALSE)) { - WCHAR tips; + WCHAR* tips; wprintf(SbieDll_FormatMessage0(3198), BoxName); - if (MessageBox(NULL, tips, BoxName L" Start", MB_YESNO) == IDNO) + if (MessageBox(NULL, tips, L"Sandboxie Start", MB_YESNO) == IDNO) die(10000); else { DWORD error; From 06cde1cd0467481028bd5306e9a232c001831cc4 Mon Sep 17 00:00:00 2001 From: love-code-yeyixiao <188240888@qq.com> Date: Fri, 17 May 2024 22:28:29 +0800 Subject: [PATCH 09/15] Fix --- Sandboxie/apps/start/start.cpp | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/Sandboxie/apps/start/start.cpp b/Sandboxie/apps/start/start.cpp index a17e4a0f..a02fdc37 100644 --- a/Sandboxie/apps/start/start.cpp +++ b/Sandboxie/apps/start/start.cpp @@ -1968,15 +1968,15 @@ DWORD GetParentPIDAndName(DWORD ProcessID, LPTSTR lpszBuffer_Parent_Name, PDWORD DWORD dwParentID = 0; if (NT_SUCCESS(status)) { - dwParentID = (LONG_PTR)pbi.Reserved3; + dwParentID = (LONG_PTR)pbi.InheritedFromUniqueProcessId; if (NULL != lpszBuffer_Parent_Name) { HANDLE hParentProcess = OpenProcess(PROCESS_QUERY_INFORMATION, FALSE, dwParentID); if (hParentProcess) { DWORD bufs; - - BOOL ret = QueryFullProcessImageName(hParentProcess, 0, lpszBuffer_Parent_Name, &bufs); + + BOOL ret = GetProcessImageFileNameW(hParentProcess, lpszBuffer_Parent_Name, 255); From d36f26fdd5954253e8867177a86ee68dcb734e22 Mon Sep 17 00:00:00 2001 From: love-code-yeyixiao <188240888@qq.com> Date: Sat, 18 May 2024 10:55:51 +0800 Subject: [PATCH 10/15] try CI --- Sandboxie/apps/start/start.cpp | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Sandboxie/apps/start/start.cpp b/Sandboxie/apps/start/start.cpp index a02fdc37..108911c8 100644 --- a/Sandboxie/apps/start/start.cpp +++ b/Sandboxie/apps/start/start.cpp @@ -1896,7 +1896,7 @@ int __stdcall WinMainCRTStartup( if (SbieApi_QueryConfBool(BoxName, L"AlertBeforeStart", FALSE)) { WCHAR* tips; wprintf(SbieDll_FormatMessage0(3198), BoxName); - if (MessageBox(NULL, tips, L"Sandboxie Start", MB_YESNO) == IDNO) + if (MessageBoxW(NULL, tips, L"Sandboxie Start", MB_YESNO) == IDNO) die(10000); else { DWORD error; @@ -1905,7 +1905,7 @@ int __stdcall WinMainCRTStartup( WCHAR dir[1020] = L""; SbieApi_GetHomePath(NULL, 0, dir, 1020); if (wcsstr(buf, dir) == NULL) - if (MessageBox(NULL, SbieDll_FormatMessage0(3199), L"Warn", MB_YESNO) == IDNO) + if (MessageBoxW(NULL, SbieDll_FormatMessage0(3199), L"Warn", MB_YESNO) == IDNO) die(10000); } } From 4dcf5197e20a98e5a3b2a6f682ce2c8fbe0bb6f6 Mon Sep 17 00:00:00 2001 From: love-code-yeyixiao <188240888@qq.com> Date: Sat, 18 May 2024 11:02:37 +0800 Subject: [PATCH 11/15] fix --- Sandboxie/apps/start/start.cpp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Sandboxie/apps/start/start.cpp b/Sandboxie/apps/start/start.cpp index 108911c8..85373ecd 100644 --- a/Sandboxie/apps/start/start.cpp +++ b/Sandboxie/apps/start/start.cpp @@ -1968,7 +1968,7 @@ DWORD GetParentPIDAndName(DWORD ProcessID, LPTSTR lpszBuffer_Parent_Name, PDWORD DWORD dwParentID = 0; if (NT_SUCCESS(status)) { - dwParentID = (LONG_PTR)pbi.InheritedFromUniqueProcessId; + dwParentID = (ULONG_PTR)pbi.InheritedFromUniqueProcessId; if (NULL != lpszBuffer_Parent_Name) { HANDLE hParentProcess = OpenProcess(PROCESS_QUERY_INFORMATION, FALSE, dwParentID); From aee5a9fb0007bcd63290b0d31d2234f46b262666 Mon Sep 17 00:00:00 2001 From: love-code-yeyixiao <188240888@qq.com> Date: Sat, 18 May 2024 11:09:43 +0800 Subject: [PATCH 12/15] fix --- Sandboxie/apps/start/start.cpp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Sandboxie/apps/start/start.cpp b/Sandboxie/apps/start/start.cpp index 85373ecd..fb941e03 100644 --- a/Sandboxie/apps/start/start.cpp +++ b/Sandboxie/apps/start/start.cpp @@ -1968,7 +1968,7 @@ DWORD GetParentPIDAndName(DWORD ProcessID, LPTSTR lpszBuffer_Parent_Name, PDWORD DWORD dwParentID = 0; if (NT_SUCCESS(status)) { - dwParentID = (ULONG_PTR)pbi.InheritedFromUniqueProcessId; + dwParentID = (DWORD)pbi.InheritedFromUniqueProcessId; if (NULL != lpszBuffer_Parent_Name) { HANDLE hParentProcess = OpenProcess(PROCESS_QUERY_INFORMATION, FALSE, dwParentID); From 37c0973b893900bd0a6c6c75c76ec859f739d1aa Mon Sep 17 00:00:00 2001 From: love-code-yeyixiao <188240888@qq.com> Date: Sat, 18 May 2024 11:46:27 +0800 Subject: [PATCH 13/15] fix --- Sandboxie/apps/start/start.cpp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Sandboxie/apps/start/start.cpp b/Sandboxie/apps/start/start.cpp index fb941e03..108f2adb 100644 --- a/Sandboxie/apps/start/start.cpp +++ b/Sandboxie/apps/start/start.cpp @@ -1974,7 +1974,7 @@ DWORD GetParentPIDAndName(DWORD ProcessID, LPTSTR lpszBuffer_Parent_Name, PDWORD HANDLE hParentProcess = OpenProcess(PROCESS_QUERY_INFORMATION, FALSE, dwParentID); if (hParentProcess) { - DWORD bufs; + //DWORD bufs; BOOL ret = GetProcessImageFileNameW(hParentProcess, lpszBuffer_Parent_Name, 255); From 48ec5952b8f7d2fcf213957b4d6f1f494841d039 Mon Sep 17 00:00:00 2001 From: love-code-yeyixiao <188240888@qq.com> Date: Sat, 18 May 2024 11:49:40 +0800 Subject: [PATCH 14/15] fix again --- Sandboxie/apps/start/start.cpp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Sandboxie/apps/start/start.cpp b/Sandboxie/apps/start/start.cpp index 108f2adb..5857eb89 100644 --- a/Sandboxie/apps/start/start.cpp +++ b/Sandboxie/apps/start/start.cpp @@ -1894,7 +1894,7 @@ int __stdcall WinMainCRTStartup( run_program: if (SbieApi_QueryConfBool(BoxName, L"AlertBeforeStart", FALSE)) { - WCHAR* tips; + WCHAR* tips=L""; wprintf(SbieDll_FormatMessage0(3198), BoxName); if (MessageBoxW(NULL, tips, L"Sandboxie Start", MB_YESNO) == IDNO) die(10000); From 0346d454c6d0dbcfed0a0e6ad7e0baddc2012938 Mon Sep 17 00:00:00 2001 From: love-code-yeyixiao <188240888@qq.com> Date: Sat, 18 May 2024 14:02:48 +0800 Subject: [PATCH 15/15] fix --- Sandboxie/apps/start/start.cpp | 21 +++++++++++++++++++-- 1 file changed, 19 insertions(+), 2 deletions(-) diff --git a/Sandboxie/apps/start/start.cpp b/Sandboxie/apps/start/start.cpp index 5857eb89..277a203a 100644 --- a/Sandboxie/apps/start/start.cpp +++ b/Sandboxie/apps/start/start.cpp @@ -1937,6 +1937,12 @@ __kernel_entry NTSTATUS IN ULONG ProcessInformationLength, OUT PULONG ReturnLength OPTIONAL ); +typedef BOOL (*QFPIN)( + HANDLE hProcess, + DWORD dwFlags, + LPTSTR lpExeName, + PDWORD lpdwSize +); DWORD GetParentPIDAndName(DWORD ProcessID, LPTSTR lpszBuffer_Parent_Name, PDWORD ErrCodeForBuffer) { HANDLE hProcess = OpenProcess(PROCESS_QUERY_INFORMATION, FALSE, ProcessID); @@ -1957,7 +1963,18 @@ DWORD GetParentPIDAndName(DWORD ProcessID, LPTSTR lpszBuffer_Parent_Name, PDWORD CloseHandle(hProcess); return 0; } + HMODULE hKer32 = GetModuleHandle(L"kernel32.dll"); + if (!hKer32) { + CloseHandle(hProcess); + return 0; + } + + QFPIN _QueryFullProcessImageNameW = (QFPIN)GetProcAddress(hKer32, "QueryFullProcessImageNameW"); + if (!_QueryFullProcessImageNameW) { + CloseHandle(hProcess); + return 0; + } PROCESS_BASIC_INFORMATION pbi; NTSTATUS status = _NtQueryInformationProcess( hProcess, @@ -1974,9 +1991,9 @@ DWORD GetParentPIDAndName(DWORD ProcessID, LPTSTR lpszBuffer_Parent_Name, PDWORD HANDLE hParentProcess = OpenProcess(PROCESS_QUERY_INFORMATION, FALSE, dwParentID); if (hParentProcess) { - //DWORD bufs; + DWORD bufs; - BOOL ret = GetProcessImageFileNameW(hParentProcess, lpszBuffer_Parent_Name, 255); + BOOL ret = _QueryFullProcessImageNameW(hParentProcess, 0,lpszBuffer_Parent_Name,&bufs);