EraseModuleNameFromPeb causing some processes are displayed abnormally

[LYingSiMon]

Problem occurred while trying to hide sbiedll.dll in EraseModuleNameFromPeb (sbiehide.dll works properly)

As you can see, the application screen turns white. My guess is that the program's Driect X is faulty, but there is no proof 😶

[LYingSiMon]

Unfortunately I had to comment out ErasemodulenFromPeb(),Now I can only use the following code to make up for it

NTSTATUS NTAPI LdrGetDllHandleProxy(
    IN PWORD                pwPath OPTIONAL,
    IN PVOID                Unused OPTIONAL,
    IN PUNICODE_STRING      ModuleFileName,
    OUT PHANDLE             pHModule)
{
    NTSTATUS Status = STATUS_SUCCESS;
    WCHAR Name[MAX_PATH] = { 0 };

    if (ModuleFileName && ModuleFileName->Buffer)
    {
        wcsncpy_s(
            Name,
            MAX_PATH - 1,
            ModuleFileName->Buffer,
            ModuleFileName->Length / sizeof(WCHAR));

        if (_wcsicmp(Name, L"sbiedll.dll") == 0 || _wcsicmp(Name, L"sbiehide.dll") == 0)
        {
            return STATUS_UNSUCCESSFUL;
        }
    }

    Status = LdrGetDllHandleSaved(pwPath, Unused, ModuleFileName, pHModule);

    return Status;
}

NTSTATUS NTAPI LdrLoadDllProxy(
    IN PWCHAR               PathToFile OPTIONAL,
    IN ULONG*                Flags OPTIONAL,
    IN PUNICODE_STRING      ModuleFileName,
    OUT PHANDLE             ModuleHandle)
{
    NTSTATUS Status = STATUS_SUCCESS;
    WCHAR Name[MAX_PATH] = { 0 };

    if (ModuleFileName && ModuleFileName->Buffer)
    {
        wcsncpy_s(
            Name,
            MAX_PATH - 1,
            ModuleFileName->Buffer,
            ModuleFileName->Length / sizeof(WCHAR));

        if (_wcsicmp(Name, L"sbiedll.dll") == 0 || _wcsicmp(Name, L"sbiehide.dll") == 0)
        {
            return STATUS_UNSUCCESSFUL;
        }
    }

    Status = LdrLoadDllSaved(PathToFile, Flags, ModuleFileName, ModuleHandle);

    return Status;
}

[VeroFess]

It will be fixed after the dev branch development is complete.