Windows System Software -- Consulting, Training, Development -- Unique Expertise, Guaranteed Results

Home NTDEV

Before Posting...

Please check out the Community Guidelines in the Announcements and Administration Category.

More Info on Driver Writing and Debugging


The free OSR Learning Library has more than 50 articles on a wide variety of topics about writing and debugging device drivers and Minifilters. From introductory level to advanced. All the articles have been recently reviewed and updated, and are written using the clear and definitive style you've come to expect from OSR over the years.


Check out The OSR Learning Library at: https://www.osr.com/osr-learning-library/


getting current process name

OSR_Community_UserOSR_Community_User Member Posts: 110,217
Hi

I'm trying to get the name (e.g. "filename.exe") of the current process
from within a device driver. I've looked in MSDN and the DDK docs but only
managed to
find references to PsGetCurrentProcessId, which returns only a PID, and some
examples
which enumerate currently active process names, but are intended for
user-mode code.

One function mentioned in the DDK, PsGetCurrentProcess, returns a PEPROCESS.
Does
anyone know any more about this? Can I use it further to obtain more
information about
the process?

many thanks
Duncan

--
Duncan Sellars - Systems Programmer
mail: [email protected]
"We want a few mad people now. See where the sane ones have landed us!" -
George B. Shaw

Comments

  • Thomas_F._DivineThomas_F._Divine Member Posts: 537
    The "FileMon" sample from <http://www.sysinternals.com&gt; provides some
    insight into this.

    Good luck,

    Thomas F. Divine

    PCAUSA - Toolkits & Resources For Network Software Developers
    NDIS Protocol - TDI Client - Windows 95 Redirector
    <http://www.pcausa.com&gt;

    ----- Original Message -----
    From: Duncan Sellars <[email protected]>
    To: NT Developers Interest List <[email protected]>
    Sent: Wednesday, May 31, 2000 8:40 AM
    Subject: [ntdev] getting current process name


    > Hi
    >
    > I'm trying to get the name (e.g. "filename.exe") of the current process
    > from within a device driver. I've looked in MSDN and the DDK docs but only
    > managed to
    > find references to PsGetCurrentProcessId, which returns only a PID, and
    some
    > examples
    > which enumerate currently active process names, but are intended for
    > user-mode code.
    >
    > One function mentioned in the DDK, PsGetCurrentProcess, returns a
    PEPROCESS.
    > Does
    > anyone know any more about this? Can I use it further to obtain more
    > information about
    > the process?
    >
    > many thanks
    > Duncan
    >
    > --
    > Duncan Sellars - Systems Programmer
    > mail: [email protected]
    > "We want a few mad people now. See where the sane ones have landed us!" -
    > George B. Shaw
    >
    >
    > ---
    > You are currently subscribed to ntdev as: [email protected]
    > To unsubscribe send a blank email to $subst('Email.Unsub')
    >
Sign In or Register to comment.

Howdy, Stranger!

It looks like you're new here. Sign in or register to get started.

Upcoming OSR Seminars
OSR has suspended in-person seminars due to the Covid-19 outbreak. But, don't miss your training! Attend via the internet instead!
Kernel Debugging 30 January 2023 Live, Online
Developing Minifilters 20 March 2023 Live, Online
Writing WDF Drivers TBD 2023 Live, Online
Internals & Software Drivers 17 April 2023 Live, Online