Get process full path from PEPROCESS structure

Hi

Any way to get the FULL path of a process from a given PEPROCESS
structure ?

I saw one code sample in this forum but it didn’t work …

Target systems: win2k, winxp and windows 2003

Thanks!

Hi Omer
The methods for doing this have been debated many times in the past so
it might be worth a trawl through the archives. This is a surprisingly
difficult thing to do and the only clean method for accomplishing this
in Kernel Mode appears to be a call to ZwQueryInformationProcess with
the class set to ProcessImageFileName. However, there is an important
caveat to this because I believe ProcessImageFileName is only supported
on XP or later.

As I recall, the last time this was discussed, the general consensus was
that it would be better to allow your user mode component to resolve the
pathname.

Regards

Mark

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Omer B
Sent: 24 May 2005 08:57
To: Windows System Software Devs Interest List
Subject: [ntdev] Get process full path from PEPROCESS structure

Hi

Any way to get the FULL path of a process from a given PEPROCESS
structure ?

I saw one code sample in this forum but it didn’t work …

Target systems: win2k, winxp and windows 2003

Thanks!


Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256

You are currently subscribed to ntdev as: unknown lmsubst tag argument:
‘’
To unsubscribe send a blank email to xxxxx@lists.osr.com