PsGetProcessImageFileName

Question

PsGetProcessImageFileName

itsRythem opened this issue 7 months ago · 4 comments

The EFI cheat uses PsGetProcessImageFileName to get "image file names" and checks if the process is running i think? However i want to expand this for other games, but i cannot seem to find where these values are obtained. In the apex cheat, it checks for "0x7265726f6c707865" where did you obtain this? Dumping the value of all processes with the win api function GetProcessImageName returns the games path. Please help, thank you.

itsRythem commented 7 months ago

ty

👎1

Answer 1 · 2024-05-12T02:17:14.000Z

this would be an easy way:

const char* image_name = "r5apex.exe";
LOG("name_hash:    %p\n", *(QWORD*)(image_name));

Answer 2 · 2024-05-12T02:45:48.000Z

that appears to give a different result as the value that is returned for apex is 0x7265726f6c707865
while what you provided gives 7290897223831860594

Answer 3 · 2024-05-12T04:00:31.000Z

Try a little harder, please

const char* image_name = "r5apex.exe";
LOG("name_hash:    %llx\n", *(QWORD*)(image_name));

correction: %llx

apex is: 0x652e786570613572