{
/* Set it */
if (InterlockedCompareExchangePointer(&Process->
- SeAuditProcessCreationInfo,
+ SeAuditProcessCreationInfo.ImageFileName,
AuditName,
NULL))
{
if (!NT_SUCCESS(Status)) return Status;
}
+ /* Get audit info again, now we have it for sure */
+ AuditName = Process->SeAuditProcessCreationInfo.ImageFileName;
+
/* Allocate the output string */
ImageName = ExAllocatePoolWithTag(NonPagedPool,
AuditName->Name.MaximumLength +
sizeof(UNICODE_STRING),
TAG_SEPA);
- if (ImageName)
- {
- /* Make a copy of it */
- RtlCopyMemory(ImageName,
- &AuditName->Name,
- AuditName->Name.MaximumLength + sizeof(UNICODE_STRING));
+ if (!ImageName) return STATUS_NO_MEMORY;
- /* Fix up the buffer */
- ImageName->Buffer = (PWSTR)(ImageName + 1);
+ /* Make a copy of it */
+ RtlCopyMemory(ImageName,
+ &AuditName->Name,
+ AuditName->Name.MaximumLength + sizeof(UNICODE_STRING));
- /* Return it */
- *ProcessImageName = ImageName;
- }
- else
- {
- /* Otherwise, fail */
- Status = STATUS_NO_MEMORY;
- }
+ /* Fix up the buffer */
+ ImageName->Buffer = (PWSTR)(ImageName + 1);
+
+ /* Return it */
+ *ProcessImageName = ImageName;
/* Return status */
return Status;