Ensure retrocompatibility with Windows XP->Windows 7

Replaced PathCch* function with Path* functions

EDRSandblast/UserlandBypass/UserlandHooks.c

@@ -3,7 +3,7 @@
 */
 
 #include <Windows.h>
-#include <PathCch.h>
+#include <shlwapi.h>
 #include <stdio.h>
 
 #include "../EDRSandblast.h"
@@ -226,10 +226,10 @@ VOID unhook(HOOK* hook, UNHOOK_METHOD unhook_method) {
 
     case UNHOOK_WITH_DUPLICATE_NTPROTECTVIRTUALMEMORY:
         GetSystemDirectoryW(ntdllFilePath, _countof(ntdllFilePath));
-        PathCchCombine(ntdllFilePath, _countof(ntdllFilePath), ntdllFilePath, L"ntdll.dll");
+        PathCombineW(ntdllFilePath, ntdllFilePath, L"ntdll.dll");
 
         GetTempPathW(MAX_PATH, ntdlolFilePath);
-        PathCchCombine(ntdlolFilePath, _countof(ntdlolFilePath), ntdlolFilePath, ntdlolFileName);
+        PathCombineW(ntdlolFilePath, ntdlolFilePath, ntdlolFileName);
 
         CopyFileW(ntdllFilePath, ntdlolFilePath, FALSE);
         secondNtdll = LoadLibraryW(ntdlolFilePath);

EDRSandblast_CLI/EDRSandblast.c

@@ -3,7 +3,6 @@
 #include <stdlib.h>
 #include <Tchar.h>
 #include <psapi.h>
-#include <PathCch.h>
 #include <shlwapi.h>
 #include <time.h>
 
@@ -349,8 +348,8 @@ Other options:\n\
         _putts_or_not(TEXT("[===== KERNEL MODE =====]\n"));
 
         if (_tcslen(driverPath) == 0) {
-            PathCchAppend(driverPath, _countof(driverPath), currentFolderPath);
+            PathAppend(driverPath, currentFolderPath);
-            PathCchAppend(driverPath, _countof(driverPath), driverDefaultName);
+            PathAppend(driverPath, driverDefaultName);
         }
         if (!FileExists(driverPath)) {
             _tprintf_or_not(TEXT("[!] Required driver file not present at %s\nExiting...\n"), driverPath);
@@ -359,8 +358,8 @@ Other options:\n\
 
         if (_tcslen(ntoskrnlOffsetCSVPath) == 0) {
             TCHAR offsetCSVName[] = TEXT("NtoskrnlOffsets.csv");
-            PathCchAppend(ntoskrnlOffsetCSVPath, _countof(ntoskrnlOffsetCSVPath), currentFolderPath);
+            PathAppend(ntoskrnlOffsetCSVPath, currentFolderPath);
-            PathCchAppend(ntoskrnlOffsetCSVPath, _countof(ntoskrnlOffsetCSVPath), offsetCSVName);
+            PathAppend(ntoskrnlOffsetCSVPath, offsetCSVName);
         }
 
         _putts_or_not(TEXT("[+] Setting up prerequisites for the kernel read/write primitives..."));
@@ -494,11 +493,7 @@ Other options:\n\
                 // Determine dump path based on specified process name.
                 if (_tcslen(outputPath) == 0) {
                     TCHAR* processNameFilename = _tcsdup(processName);
-                    hrStatus = PathCchRemoveExtension(processNameFilename, _tcslen(processNameFilename) + 1);
+                    PathRemoveExtension(processNameFilename);
-                    if (FAILED(hrStatus)) {
-                        free(processNameFilename);
-                        processNameFilename = _tcsdup(TEXT("dmp.txt"));
-                    }
                     _tcscat_s(outputPath, _countof(outputPath), currentFolderPath);
                     _tcscat_s(outputPath, _countof(outputPath), TEXT("\\"));
                     _tcscat_s(outputPath, _countof(outputPath), processNameFilename);

EDRSandblast_LsassDump/EDRSandblast_LsassDump.c

@@ -6,7 +6,6 @@
 #pragma comment(lib, "Winhttp.lib")
 #pragma comment(lib, "EDRSandblast_Core.lib")
 #pragma comment(lib, "EDRSandblast_StaticLibrary.lib")
-#pragma comment(lib, "Pathcch.lib")
 #pragma comment(lib, "Shlwapi.lib")
 
 

EDRSandblast_StaticLibrary/EDRSandblast_API.c

@@ -1,5 +1,5 @@
 #include <Windows.h>
-#include <PathCch.h>
+#include <shlwapi.h>
 
 #include "../EDRSandblast/EDRSandblast.h"
 #include "../EDRSandblast/Includes/CredGuard.h"
@@ -554,7 +554,7 @@ EDRSB_STATUS Usermode_GetSafeNtFunc(_Inout_ EDRSB_CONTEXT* ctx, _In_ LPCSTR func
     switch (technique) {
     case EDRSB_UMTECH_Copy_ntdll_and_load:
         GetTempPathW(MAX_PATH, tempDLLFilePath);
-        PathCchCombine(tempDLLFilePath, _countof(tempDLLFilePath), tempDLLFilePath, L"ntdlol.txt");//TODO : make it configurable
+        PathCombineW(tempDLLFilePath, tempDLLFilePath, L"ntdlol.txt");//TODO : make it configurable
         return _Usermode_GetSafeNtFunction_with_ntdll_copy(ctx, tempDLLFilePath, functionName, function);
     case EDRSB_UMTECH_Allocate_trampoline:
         return _GetSafeNtFunctionUsingTrampoline(FALSE, functionName, function);
@@ -723,7 +723,7 @@ EDRSB_STATUS _Usermode_GetSafeNtFunction_with_ntdll_copy(_Inout_ EDRSB_CONTEXT*
         WCHAR ntdllFilePath[MAX_PATH] = { 0 };
 
         GetSystemDirectoryW(ntdllFilePath, _countof(ntdllFilePath));
-        PathCchCombine(ntdllFilePath, _countof(ntdllFilePath), ntdllFilePath, L"ntdll.dll");
+        PathCombineW(ntdllFilePath, ntdllFilePath, L"ntdll.dll");
 
         CopyFileW(ntdllFilePath, tempDLLFilePath, FALSE);
         secondNtdll = LoadLibraryW(tempDLLFilePath);