Process Names bigger than 16 get cut off
LWSS opened this issue · comments
Guess the longer name is somewhere else
Indeed it seems to be the case. I can not do any reverse engineering myself, but look around the windows kernel structures for more information. I am open to pull requests implementing an improved method of getting the names of processes.
i got around this with module names instead of process names (A module name is going to have the full name so do memcmp with your 16 bytes of the process name in a look for the modules
as you can see on the left you have names cut off at 16, and on the right names surpassing 16 in length. (newest version of flush(my tool) has it working on both sides this is an old SS)
sorry bad english, from china with virus
cool thanks for sharing
i got around this with module names instead of process names (A module name is going to have the full name so do memcmp with your 16 bytes of the process name in a look for the modules
as you can see on the left you have names cut off at 16, and on the right names surpassing 16 in length. (newest version of flush(my tool) has it working on both sides this is an old SS)
sorry bad english, from china with virus
Nice tool and a great solution! A way without memcmp would be to find the module with the same base address as the process.
smart!
link <--- gunna fix this.
you should add me on discord i like this project alot and use it for many many things!
_xeroxz#7212