From e5ca4477a165370ed1582cdb9a70d55d6d56f17f Mon Sep 17 00:00:00 2001
From: Lomanic <lomanic@hotmail.fr>
Date: Thu, 20 Dec 2018 23:05:25 +0100
Subject: [PATCH] [process][windows] WIP #586 use win32 API in process.Exe but
 fallback on WMI

This method only lets a 32bit program get other 32bit processes exe path
and a 64bit program get other 64bit processes exe path, so we fallback to
the slow (but kind of reliable) WMI calls if we can't access to the other
process module.
---
 process/process_windows.go | 13 +++++++++++++
 1 file changed, 13 insertions(+)

diff --git a/process/process_windows.go b/process/process_windows.go
index ee661a9..19ddc57 100644
--- a/process/process_windows.go
+++ b/process/process_windows.go
@@ -177,6 +177,19 @@ func (p *Process) Exe() (string, error) {
 }
 
 func (p *Process) ExeWithContext(ctx context.Context) (string, error) {
+	if p.Pid != 0 { // 0 or null is the current process for CreateToolhelp32Snapshot
+		snap := w32.CreateToolhelp32Snapshot(w32.TH32CS_SNAPMODULE|w32.TH32CS_SNAPMODULE32, uint32(p.Pid))
+		if snap != 0 { // don't report errors here, fallback to WMI instead
+			defer w32.CloseHandle(snap)
+			var me32 w32.MODULEENTRY32
+			me32.Size = uint32(unsafe.Sizeof(me32))
+
+			if w32.Module32First(snap, &me32) {
+				szexepath := windows.UTF16ToString(me32.SzExePath[:])
+				return szexepath, nil
+			}
+		}
+	}
 	dst, err := GetWin32Proc(p.Pid)
 	if err != nil {
 		return "", fmt.Errorf("could not get ExecutablePath: %s", err)