From e34f5ac528066696505c75e0ccd08f71fbb22b86 Mon Sep 17 00:00:00 2001 From: Pete Batard Date: Tue, 18 Jul 2017 17:01:40 +0100 Subject: [PATCH] [process] fix executable paths on Windows 7 or earlier --- src/process.c | 30 +++++++++++++++++++++++++++--- src/rufus.rc | 10 +++++----- 2 files changed, 32 insertions(+), 8 deletions(-) diff --git a/src/process.c b/src/process.c index 066e8efb..32795d32 100644 --- a/src/process.c +++ b/src/process.c @@ -48,6 +48,9 @@ PF_TYPE_DECL(NTAPI, NTSTATUS, NtOpenProcessToken, (HANDLE, ACCESS_MASK, PHANDLE) PF_TYPE_DECL(NTAPI, NTSTATUS, NtAdjustPrivilegesToken, (HANDLE, BOOLEAN, PTOKEN_PRIVILEGES, ULONG, PTOKEN_PRIVILEGES, PULONG)); PF_TYPE_DECL(NTAPI, NTSTATUS, NtClose, (HANDLE)); +// This one is only available on Vista or later... +PF_TYPE_DECL(WINAPI, BOOL, QueryFullProcessImageNameW, (HANDLE, DWORD, LPWSTR, PDWORD)); + static PVOID PhHeapHandle = NULL; extern StrArray BlockingProcess; @@ -330,10 +333,12 @@ BYTE SearchProcess(char* HandleName, BOOL bPartialMatch, BOOL bIgnoreSelf, BOOL WCHAR *wHandleName = NULL; HANDLE dupHandle = NULL; HANDLE processHandle = NULL; - BOOLEAN bFound = FALSE, verbose = !bQuiet; + BOOLEAN bFound = FALSE, bGotExePath, verbose = !bQuiet; ULONG access_rights = 0; BYTE access_mask = 0; + DWORD size; char exe_path[MAX_PATH] = { 0 }; + wchar_t wexe_path[MAX_PATH]; int cur_pid; PF_INIT_OR_SET_STATUS(NtQueryObject, Ntdll); @@ -491,9 +496,28 @@ BYTE SearchProcess(char* HandleName, BOOL bPartialMatch, BOOL bIgnoreSelf, BOOL if (exe_path[0] == 0) vuprintf("WARNING: The following process(es) or service(s) are accessing %s:", HandleName); - if (!GetModuleFileNameExU(processHandle, 0, exe_path, MAX_PATH - 1)) + // First, we try to get the executable path using GetModuleFileNameEx + bGotExePath = (GetModuleFileNameExU(processHandle, 0, exe_path, MAX_PATH - 1) != 0); + + // The above may not work on Windows 7, so try QueryFullProcessImageName (Vista or later) + if (!bGotExePath) { + size = MAX_PATH; + PF_INIT(QueryFullProcessImageNameW, kernel32); + if ( (pfQueryFullProcessImageNameW != NULL) && + (bGotExePath = pfQueryFullProcessImageNameW(processHandle, 0, wexe_path, &size)) ) + wchar_to_utf8_no_alloc(wexe_path, exe_path, sizeof(exe_path)); + } + + // Still nothing? Try GetProcessImageFileName (but don't bother about Unicode) + // Note that GetProcessImageFileName uses '\Device\Harddisk#\Partition#' instead drive letters + if (!bGotExePath) + bGotExePath = (GetProcessImageFileNameA(processHandle, exe_path, MAX_PATH) != 0); + + // Complete failure => Just craft a default process name that includes the PID + if (!bGotExePath) { safe_sprintf(exe_path, MAX_PATH, "Unknown_Process_%" PRIu64, - (ULONGLONG) handleInfo->UniqueProcessId); + (ULONGLONG)handleInfo->UniqueProcessId); + } } out: diff --git a/src/rufus.rc b/src/rufus.rc index bbc6eeeb..f0a85c20 100644 --- a/src/rufus.rc +++ b/src/rufus.rc @@ -33,7 +33,7 @@ LANGUAGE LANG_NEUTRAL, SUBLANG_NEUTRAL IDD_DIALOG DIALOGEX 12, 12, 242, 376 STYLE DS_SETFONT | DS_MODALFRAME | DS_CENTER | WS_MINIMIZEBOX | WS_POPUP | WS_CAPTION | WS_SYSMENU EXSTYLE WS_EX_ACCEPTFILES -CAPTION "Rufus 2.16.1141" +CAPTION "Rufus 2.16.1142" FONT 8, "Segoe UI Symbol", 400, 0, 0x0 BEGIN LTEXT "Device",IDS_DEVICE_TXT,9,6,200,8 @@ -366,8 +366,8 @@ END // VS_VERSION_INFO VERSIONINFO - FILEVERSION 2,16,1141,0 - PRODUCTVERSION 2,16,1141,0 + FILEVERSION 2,16,1142,0 + PRODUCTVERSION 2,16,1142,0 FILEFLAGSMASK 0x3fL #ifdef _DEBUG FILEFLAGS 0x1L @@ -384,13 +384,13 @@ BEGIN BEGIN VALUE "CompanyName", "Akeo Consulting (http://akeo.ie)" VALUE "FileDescription", "Rufus" - VALUE "FileVersion", "2.16.1141" + VALUE "FileVersion", "2.16.1142" VALUE "InternalName", "Rufus" VALUE "LegalCopyright", "© 2011-2017 Pete Batard (GPL v3)" VALUE "LegalTrademarks", "http://www.gnu.org/copyleft/gpl.html" VALUE "OriginalFilename", "rufus.exe" VALUE "ProductName", "Rufus" - VALUE "ProductVersion", "2.16.1141" + VALUE "ProductVersion", "2.16.1142" END END BLOCK "VarFileInfo"