GetProcessImageFileName

NTDEV
1

Hi,

I am using the PSAPI function GetProcessImageFileName to get a process’s full path name. It returns a file path in NT name format, so I have to convert it to DOS format for my purpose. From getting the drive letter from this NT File name, I am using QueryDosDevice PSAPI function, with Drive letters from “A:” to “Z:”. I.e. if the string returned by the QueryDosDevice is matching with the NT name returned by GetProcessImageFileName ,I am using that Drive letter as the Dos Device name.

This was working fine until the volume was not a Dynamic disk volume. For Dynamic volumes, the string returned by QueryDosDevice is not the actual NT Device name, but another symbolic link to the NT Device. Hence the comparison will fail. I thought to resolve the problem by Querying the first return of QueryDosDevice again.

I.e. - step1 : QueryDosDevice(“C:”, target1)

Step 2: Compare(target1,NTName)

Step 3: If Step2 failed, QueryDosDevice(Target1, Target2);

But Step3 always returns an error “The specified path is invalid.” (GetLastError 161) .

Interestingly, the kernel mode function ZwQuerySymbolicLinkObject is working well using this method!!!

Can you suggest some way to resolve this problem? Any alternate method to find Drive letter from NT path name (In user mode)??

OS: Windows XP

regards

Praveen

Do you Yahoo!?
Yahoo! Small Business $15K Web Design Giveaway - Enter today

2

Hi,

I am using the PSAPI function GetProcessImageFileName to get a process’s full path name. It returns a file path in NT name format, so I have to convert it to DOS format for my purpose. From getting the drive letter from this NT File name, I am using QueryDosDevice PSAPI function, with Drive letters from “A:” to “Z:”. I.e. if the string returned by the QueryDosDevice is matching with the NT name returned by GetProcessImageFileName ,I am using that Drive letter as the Dos Device name.

This was working fine until the volume was not a Dynamic disk volume. For Dynamic volumes, the string returned by QueryDosDevice is not the actual NT Device name, but another symbolic link to the NT Device. Hence the comparison will fail. I thought to resolve the problem by Querying the first return of QueryDosDevice again.

I.e. - step1 : QueryDosDevice(“C:”, target1)

Step 2: Compare(target1,NTName)

Step 3: If Step2 failed, QueryDosDevice(Target1, Target2);

But Step3 always returns an error “The specified path is invalid.” (GetLastError 161) .

Interestingly, the kernel mode function ZwQuerySymbolicLinkObject is working well using this method!!!

Can you suggest some way to resolve this problem? Any alternate method to find Drive letter from NT path name (In user mode)??

OS: Windows XP

regards

Praveen

Do you Yahoo!?
Yahoo! Small Business $15K Web Design Giveaway - Enter today

3

Call ZwQuerySymbolicLinkObject from user-mode NTDLL.DLL

Maxim Shatskih, Windows DDK MVP
StorageCraft Corporation
xxxxx@storagecraft.com
http://www.storagecraft.com

----- Original Message -----
From: prvn ns
To: Windows System Software Devs Interest List
Sent: Monday, April 05, 2004 3:40 PM
Subject: [ntdev] GetProcessImageFileName

Hi,

I am using the PSAPI function GetProcessImageFileName to get a process’s full path name. It returns a file path in NT name format, so I have to convert it to DOS format for my purpose. From getting the drive letter from this NT File name, I am using QueryDosDevice PSAPI function, with Drive letters from “A:” to “Z:”. I.e. if the string returned by the QueryDosDevice is matching with the NT name returned by GetProcessImageFileName ,I am using that Drive letter as the Dos Device name.

This was working fine until the volume was not a Dynamic disk volume. For Dynamic volumes, the string returned by QueryDosDevice is not the actual NT Device name, but another symbolic link to the NT Device. Hence the comparison will fail. I thought to resolve the problem by Querying the first return of QueryDosDevice again.

I.e. - step1 : QueryDosDevice(“C:”, target1)

Step 2: Compare(target1,NTName)

Step 3: If Step2 failed, QueryDosDevice(Target1, Target2);

But Step3 always returns an error “The specified path is invalid.” (GetLastError 161) .

Interestingly, the kernel mode function ZwQuerySymbolicLinkObject is working well using this method!!!

Can you suggest some way to resolve this problem? Any alternate method to find Drive letter from NT path name (In user mode)??

OS: Windows XP

regards

Praveen

Do you Yahoo!?
Yahoo! Small Business $15K Web Design Giveaway - Enter today — Questions? First check the Kernel Driver FAQ at http://www.osronline.com/article.cfm?id=256 You are currently subscribed to ntdev as: xxxxx@storagecraft.com To unsubscribe send a blank email to xxxxx@lists.osr.com