Hi All,
I am trying to get process name from process handle. I am using NtQueryInformationProcess() but it does not give process name for 2K. as ProcessImageFileName class is not supported in DDK for 2K. How can I do it? Is there any other way?
Thanks & Regards,
Amit.
You can obtain this info from PEB, i.e. do things the way GetModuleFileName() does things under W2K. PEB keeps a pointer to RTL_USER_PROCESS_PARAMETERS structure that holds UNICODE_STRING with the name of the image file. PEB declaration can be found here:
http://msdn2.microsoft.com/en-us/library/aa813706.aspx
You can get to the PEB’s base address by NtQueryInformationProcess(), infoclass 0…
Anton Bassov