Hi
Any way to get the FULL path of a process from a given PEPROCESS
structure ?
I saw one code sample in this forum but it didn’t work …
Target systems: win2k, winxp and windows 2003
Thanks!
Hi
Any way to get the FULL path of a process from a given PEPROCESS
structure ?
I saw one code sample in this forum but it didn’t work …
Target systems: win2k, winxp and windows 2003
Thanks!
Hi Omer
The methods for doing this have been debated many times in the past so
it might be worth a trawl through the archives. This is a surprisingly
difficult thing to do and the only clean method for accomplishing this
in Kernel Mode appears to be a call to ZwQueryInformationProcess with
the class set to ProcessImageFileName. However, there is an important
caveat to this because I believe ProcessImageFileName is only supported
on XP or later.
As I recall, the last time this was discussed, the general consensus was
that it would be better to allow your user mode component to resolve the
pathname.
Regards
Mark
-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Omer B
Sent: 24 May 2005 08:57
To: Windows System Software Devs Interest List
Subject: [ntdev] Get process full path from PEPROCESS structure
Hi
Any way to get the FULL path of a process from a given PEPROCESS
structure ?
I saw one code sample in this forum but it didn’t work …
Target systems: win2k, winxp and windows 2003
Thanks!
Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256
You are currently subscribed to ntdev as: unknown lmsubst tag argument:
‘’
To unsubscribe send a blank email to xxxxx@lists.osr.com