I have got the process id of the process responsible for a IRP request.Now i have to get the full path or name of the exe corresponding to this process id. So based on this I will decide how to process the request.
i couldnt use ZwQueryInformationProcess or NtZwQueryInformationProcess
Please help me
i couldnt use ZwQueryInformationProcess or NtZwQueryInformationProcess
Why not?
I would also like to know why you can’t use ZwQueryInformationProcess.
But anyway you can use PsSetCreateProcessNotifyRoutineEx and create your own database with PID to process image path mapping.
1 Like