Windows System Software -- Consulting, Training, Development -- Unique Expertise, Guaranteed Results

Before Posting...
Please check out the Community Guidelines in the Announcements and Administration Category.

Get process name with process id

ragothamanragothaman Member Posts: 8

I have got the process id of the process responsible for a IRP request.Now i have to get the full path or name of the exe corresponding to this process id. So based on this I will decide how to process the request.
i couldnt use ZwQueryInformationProcess or NtZwQueryInformationProcess
Please help me


  • Tim_RobertsTim_Roberts Member - All Emails Posts: 13,266

    i couldnt use ZwQueryInformationProcess or NtZwQueryInformationProcess

    Why not?

    Tim Roberts, [email protected]
    Providenza & Boekelheide, Inc.

  • Sergey_PisarevSergey_Pisarev Member - All Emails Posts: 198

    I would also like to know why you can't use ZwQueryInformationProcess.
    But anyway you can use PsSetCreateProcessNotifyRoutineEx and create your own database with PID to process image path mapping.

Sign In or Register to comment.

Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Upcoming OSR Seminars
OSR has suspended in-person seminars due to the Covid-19 outbreak. But, don't miss your training! Attend via the internet instead!
Kernel Debugging 30 Mar 2020 OSR Seminar Space
Developing Minifilters 20 Apr 2020 LIVE ONLINE
Writing WDF Drivers 11 May 2020 LIVE ONLINE
Internals & Software Drivers 28 Sept 2020 Dulles, VA