Thanks for the reply!
You mean that it’s possible to hook GetCommandLine() API in malware program to make firewall think it’s looking at something else? How does the firewall know which packet belongs to which process?
If such thing can be done, why the only published method to bypass personal firewalls was to inject malware code into the other “privilleged” process?