added support for full DLL paths for MEM_MODULES

1 files changed, 17 insertions, 0 deletions

diff --git a/KMemDriver/Memory.c b/KMemDriver/Memory.c
index d829413..7a571ea 100644
--- a/KMemDriver/Memory.c
+++ b/KMemDriver/Memory.c
@@ -112,6 +112,16 @@ NTSTATUS GetModules(
 				);
 				RtlFreeAnsiString(&name);
 			}
+			tmpUnicodeStr.Buffer = (PWCH)ldrEntry32->FullDllName.Buffer;
+			tmpUnicodeStr.Length = ldrEntry32->FullDllName.Length;
+			tmpUnicodeStr.MaximumLength = ldrEntry32->FullDllName.MaximumLength;
+			if (NT_SUCCESS(RtlUnicodeStringToAnsiString(&name, &tmpUnicodeStr, TRUE))) {
+				RtlCopyMemory(pmod->FullDllPath, name.Buffer,
+					(name.Length > sizeof pmod->FullDllPath ?
+						sizeof pmod->FullDllPath : name.Length)
+				);
+				RtlFreeAnsiString(&name);
+			}
 			pmod->DllBase = (PVOID)ldrEntry32->DllBase;
 			pmod->SizeOfImage = ldrEntry32->SizeOfImage;
 			//KDBG("DLL32 #%02lu: base -> 0x%p, size -> 0x%06X, name -> '%s'\n", used,
@@ -160,6 +170,13 @@ NTSTATUS GetModules(
 				);
 				RtlFreeAnsiString(&name);
 			}
+			if (NT_SUCCESS(RtlUnicodeStringToAnsiString(&name, &ldrEntry->FullDllName, TRUE))) {
+				RtlCopyMemory(pmod->FullDllPath, name.Buffer,
+					(name.Length > sizeof pmod->FullDllPath ?
+						sizeof pmod->FullDllPath : name.Length)
+				);
+				RtlFreeAnsiString(&name);
+			}
 			pmod->DllBase = ldrEntry->DllBase;
 			pmod->SizeOfImage = ldrEntry->SizeOfImage;
 			//KDBG("DLL #%02lu: base -> 0x%p, size -> 0x%06X, name -> '%s'\n", used,