char* win_get_filename_from_handle(drakvuf_t drakvuf, drakvuf_trap_info_t* info, addr_t handle)
{
addr_t process = drakvuf_get_current_process(drakvuf, info->vcpu);
if (!process) return NULL;
addr_t obj = drakvuf_get_obj_by_handle(drakvuf, process, handle);
if (!obj) return NULL;
unicode_string_t* us = drakvuf_read_unicode(drakvuf, info, obj + drakvuf->offsets[OBJECT_HEADER_BODY] + drakvuf->offsets[FILEOBJECT_NAME]);
if (!us) return NULL;
char* filename = (char*)us->contents;
us->contents = NULL;
vmi_free_unicode_str(us);
return filename;
}
char *drakvuf_get_current_process_name(drakvuf_t drakvuf, uint64_t vcpu_id, x86_registers_t *regs) {
return drakvuf_get_process_name(drakvuf, drakvuf_get_current_process(drakvuf, vcpu_id, regs));
}
