还原GetModuleFileNameExW

//thanks for powerful windbg~

BOOL FindModule(HANDLE hProcess, HMODULE hModule, PLDR_DATA_TABLE_ENTRY pLdrData)
{
	DWORD i;
	PLIST_ENTRY pListEntry;
	PPEB_LDR_DATA pPebLdr;
	PROCESS_BASIC_INFORMATION pbi;
	NTSTATUS Status;

	Status = NtQueryInformationProcess(hProcess, ProcessBasicInformation, &pbi, sizeof(PROCESS_BASIC_INFORMATION), NULL);

	if(!NT_SUCCESS(Status)) {
		SetLastError(RtlNtStatusToDosError(Status));
		return FALSE;
	}
	
	if(hModule == NULL) {
		if(!ReadProcessMemory(hProcess, &(pbi.PebBaseAddress->ImageBaseAddress), &hModule, sizeof(hModule), NULL))
			return FALSE;
	}

	if(!ReadProcessMemory(hProcess, &(pbi.PebBaseAddress->Ldr), &pPebLdr, sizeof(pPebLdr), NULL))
		return 0;

	if(pPebLdr) {

		if(!ReadProcessMemory(hProcess, &(pPebLdr->InMemoryOrderModuleList), &pListEntry, sizeof(pListEntry), NULL))
			return FALSE;

		i = 0;
		while(pListEntry != &(pPebLdr->InMemoryOrderModuleList)) {
			if(!ReadProcessMemory(hProcess, (PBYTE)pListEntry - sizeof(LIST_ENTRY), pLdrData, sizeof(LDR_DATA_TABLE_ENTRY), NULL))
				return FALSE;
			if(pLdrData->DllBase == hModule)
				return TRUE;
			pListEntry = pLdrData->InMemoryOrderLinks.Flink;
			if(++i <= 10000)
				continue;
		}
	}

	SetLastError(ERROR_INVALID_HANDLE);
	return FALSE;
}

//alias K32GetModuleFileNameExW on windows 7
DWORD GetModuleFileNameExW(HANDLE hProcess, HMODULE hModule, LPWSTR lpFileName, DWORD nSize)
{
	DWORD dwLength;
	LDR_DATA_TABLE_ENTRY LdrData;

	if(!FindModule(hProcess, hModule, &LdrData))
		return 0;

	nSize += nSize;
	dwLength = nSize;

	if(LdrData.FullDllName.Length + sizeof(WCHAR) < nSize)
		nSize = LdrData.FullDllName.Length + sizeof(WCHAR);

	if(!ReadProcessMemory(hProcess, LdrData.FullDllName.Buffer, lpFileName, nSize, NULL))
		return 0;

	if(nSize == LdrData.FullDllName.Length + sizeof(WCHAR))
		nSize -= sizeof(WCHAR);

	if(nSize < dwLength)
		lpFileName[nSize >> 1] = L'\0';
	else if(dwLength > 0)
		lpFileName[(dwLength >> 1) - 1] = L'\0';

	return (nSize >> 1);
}