Uninformed: Informative Information for the Uninformed

Vol 1» 2005.May

The Solution

The solution to this problem would be for ATI to come up with an alternate means by which the process' image path name can be obtained. Possibilities for alternate methods include referencing the PEB to obtain the address of the process parameters (by using the ProcessParameters attribute of the PEB). This approach is suboptimal because it requires that ATI attempt to reference fields in a structure that is intended to be opaque and also readily changes between versions of Windows. Another alternate approach, which is perhaps the most feasible, would be to make use of the ProcessImageFileName PROCESSINFOCLASS. This information class can be queried using the NtQueryInformationProcess system call to populate a UNICODE_STRING that contains the full path to the image that is associated with the handle that is supplied to NtQueryInformationProcess. The nice thing about this is that it actually indirectly uses the alternate method from the first proposal, but it does so internally rather than forcing an external vendor to access fields of the PEB.

Regardless of the actual solution, it seems obvious that assuming that a region of memory will be mapped at a fixed address in every process is something that ATI should not do. There are indeed cases where Windows itself requires certain things to be mapped at the same address between one execution of a process to the next, but it is the opinion of the author that ATI should not assume things that Windows itself does not also assume.