hasherezade
commented
4 years ago Thank you for reporting, I will take a look as soon as I get some free time.
Closed Jack-McDowell closed 4 years ago
hasherezade
commented
4 years ago Thank you for reporting, I will take a look as soon as I get some free time.
hasherezade
commented
4 years ago ok, so I checked it and unfortunately I cannot use PathCchCanonicalize since it is a relatively new API (introduced with Windows 8) and PE-sieve is supposed to support the old versions of Windows as well. But I will solve this problem by a manual re-implementation of this function.
Jack-McDowell
commented
4 years ago My bad, didn't see that it was unsupported. PathCanonicalizeA/W should work for you then
hasherezade
commented
4 years ago hasherezade
commented
4 years ago I think it should work fine in the latest release, but please check and let me know: https://github.com/hasherezade/pe-sieve/releases/tag/v0.2.5
Jack-McDowell
commented
4 years ago I've been busy recently, but I should be able to test and get back to you next week. Thanks for fixing this!
hasherezade
commented
4 years ago ok, thank you! I will be waiting for your feedback.
Jack-McDowell
commented
4 years ago It works now! Thanks!
This issue was identified when a process load an image at "C:\Program Files (x86)\Razer\Synapse3\Service\..\UserProcess\Razer Synapse Service Process.exe"
PE Sieve identified that this did not match the mapped image, "C:\Program Files (x86)\Razer\Synapse3\UserProcess\Razer Synapse Service Process.exe"
Consider using PathCchCanonicalize before comparing the mapped image path to the image intended to be mapped to avoid this issue.