Empty process name in libinjector

[skvl]

With recent master (fc757e9) I catch messages like:

inject Time=1234567890.123456,Method=CreateProc,Status=Success,PID=1268,ProcessName="",Arguments="/c \"C:\\Users\\User\\Desktop\\test.bat\"",InjectedPid=3752,InjectedTid=3500

, where ProcessName is empty. Expected is C:\Windows\system32\cmd.exe.

I believe that error is in patch https://github.com/tklengyel/drakvuf/pull/1257/files#diff-971d14c827cf7d9299711f18d01217ccc7c16b3dd6ea7c0b2badcc353bf53dbcL1985

@jgru I you sure about the patch? Why you've removed process_name setup?

[jgru]

Hi @skvl, I submitted this patch after reviewing issues identified by Coverity. process_name was identified to be assigned to an unused value. I changed process_name, because it looked like to me, that it is just a placeholder to advance the pointer, since it will always be overridden a few lines below like the following code snippet shows.

drakvuf/src/libinjector/win_injector.c

Lines 2004 to 2007 in 383b001

	if (injector->expanded_target && injector->expanded_target->contents)
	process_name = (char*)injector->expanded_target->contents;
	else
	process_name = "";

None of those predicates is dependent on the assignment changed by me, therefore process_name should be overrriden in either case. So this was my reasoning behind this change, I hope, that it is not faulty.

Best regards,
Jan