Driver: Remove SvcHost checking

src/driver/fortcout.c

@@ -365,18 +365,6 @@ inline static void fort_callout_ale_classify_action(PCFORT_CALLOUT_ARG ca,
     }
 }
 
-inline static BOOL fort_callout_ale_fill_path_tag(
-        PCFORT_CALLOUT_ARG ca, PFORT_CALLOUT_ALE_EXTRA cx, BOOL isSvcHost)
-{
-    if (!isSvcHost)
-        return FALSE;
-
-    // TODO
-    // PCWSTR tag = (PCWSTR) ca->inMetaValues->subProcessTag;
-
-    return FALSE;
-}
-
 inline static void fort_callout_ale_fill_path(PCFORT_CALLOUT_ARG ca, PFORT_CALLOUT_ALE_EXTRA cx)
 {
     PFORT_APP_PATH real_path = &cx->real_path;
@@ -386,13 +374,9 @@ inline static void fort_callout_ale_fill_path(PCFORT_CALLOUT_ARG ca, PFORT_CALLO
     real_path->buffer = (PCWSTR) ca->inMetaValues->processPath->data;
 
     PFORT_APP_PATH path = &cx->path;
-    BOOL isSvcHost = FALSE;
     BOOL inherited = FALSE;
 
-    if (fort_pstree_get_proc_name(
+    if (fort_pstree_get_proc_name(&fort_device()->ps_tree, cx->process_id, path, &inherited)) {
-                &fort_device()->ps_tree, cx->process_id, path, &isSvcHost, &inherited)
-            || fort_callout_ale_fill_path_tag(ca, cx, isSvcHost)) {
-
         if (!inherited) {
             *real_path = *path;
         }

src/driver/fortps.c

@@ -784,20 +784,19 @@ FORT_API void fort_pstree_enum_processes(PFORT_PSTREE ps_tree)
     fort_mem_free(buffer, FORT_PSTREE_POOL_TAG);
 }
 
-static BOOL fort_pstree_get_proc_name_locked(PFORT_PSTREE ps_tree, DWORD processId,
+static BOOL fort_pstree_get_proc_name_locked(
-        PFORT_APP_PATH path, BOOL *isSvcHost, BOOL *inherited)
+        PFORT_PSTREE ps_tree, DWORD processId, PFORT_APP_PATH path, BOOL *inherited)
 {
     PFORT_PSNODE proc = fort_pstree_find_proc(ps_tree, processId);
     if (proc == NULL)
         return FALSE;
 
-    const UINT16 procFlags = proc->flags;
-    *isSvcHost = (procFlags & FORT_PSNODE_IS_SVCHOST) != 0;
-
     PFORT_PSNAME ps_name = proc->ps_name;
     if (ps_name == NULL)
         return FALSE;
 
+    const UINT16 procFlags = proc->flags;
+
     if ((procFlags & (FORT_PSNODE_NAME_INHERIT | FORT_PSNODE_NAME_CUSTOM))
             == FORT_PSNODE_NAME_INHERIT)
         return FALSE;
@@ -810,15 +809,15 @@ static BOOL fort_pstree_get_proc_name_locked(PFORT_PSTREE ps_tree, DWORD process
     return TRUE;
 }
 
-FORT_API BOOL fort_pstree_get_proc_name(PFORT_PSTREE ps_tree, DWORD processId, PFORT_APP_PATH path,
+FORT_API BOOL fort_pstree_get_proc_name(
-        BOOL *isSvcHost, BOOL *inherited)
+        PFORT_PSTREE ps_tree, DWORD processId, PFORT_APP_PATH path, BOOL *inherited)
 {
     BOOL res;
 
     KLOCK_QUEUE_HANDLE lock_queue;
     KeAcquireInStackQueuedSpinLock(&ps_tree->lock, &lock_queue);
     {
-        res = fort_pstree_get_proc_name_locked(ps_tree, processId, path, isSvcHost, inherited);
+        res = fort_pstree_get_proc_name_locked(ps_tree, processId, path, inherited);
     }
     KeReleaseInStackQueuedSpinLock(&lock_queue);
 

src/driver/fortps.h

@@ -34,8 +34,8 @@ FORT_API void fort_pstree_close(PFORT_PSTREE ps_tree);
 
 FORT_API void fort_pstree_enum_processes(PFORT_PSTREE ps_tree);
 
-FORT_API BOOL fort_pstree_get_proc_name(PFORT_PSTREE ps_tree, DWORD processId, PFORT_APP_PATH path,
+FORT_API BOOL fort_pstree_get_proc_name(
-        BOOL *isSvcHost, BOOL *inherited);
+        PFORT_PSTREE ps_tree, DWORD processId, PFORT_APP_PATH path, BOOL *inherited);
 
 FORT_API void fort_pstree_update_services(
         PFORT_PSTREE ps_tree, const PFORT_SERVICE_INFO_LIST services, ULONG data_len);