Hello
How do I get the process ID in PreCreate?
I have tried to use GetProcessId but I can not include the windows.h file.
Are there some other function I can call to get the process ID?
Thanks
Mattias Bergkvist
You cannot use any win32 calls (which is what windows.h defines). For your
problem you need PsGetCurrentProcessId.
If you are asking this level of question, you should not be messing in file
systems until you have stopped and taken a class or two on Windows kernel
programming. You have jumped into the hardest area of the kernel with no
experience this a recipe for disaster.
–
Don Burn (MVP, Windows DDK)
Windows 2k/XP/2k3 Filesystem and Driver Consulting
Website: http://www.windrvr.com
Blog: http://msmvps.com/blogs/WinDrvr
Remove StopSpam to reply
wrote in message news:xxxxx@ntfsd…
> Hello
>
> How do I get the process ID in PreCreate?
>
> I have tried to use GetProcessId but I can not include the windows.h file.
> Are there some other function I can call to get the process ID?
>
> Thanks
> Mattias Bergkvist
>
Yes I have understand that this is hard and complex world and I probably need a curse in kernel programming. But know I have learned one more thing, thanks.
Mattias Bergkvist
> a curse in kernel programming
I would say “a curse OF…”
-------------- Original message --------------
From: xxxxx@netcleantech.com
Yes I have understand that this is hard and complex world and I probably need a
curse in kernel programming. But know I have learned one more thing, thanks.Mattias Bergkvist
NTFSD is sponsored by OSR
For our schedule debugging and file system seminars
(including our new fs mini-filter seminar) visit:
http://www.osr.com/seminarsYou are currently subscribed to ntfsd as: xxxxx@comcast.net
To unsubscribe send a blank email to xxxxx@lists.osr.com
Hi Mattias,
First of all, decide whether you want the current process ID or the ID of the process which has requested the operation?
For getting the current process ID, use PsGetCurrentProcessId.
For getting the ID of the requestor process, use IoGetRequestorProcessId/ FltGetRequestorProcessId.
Regards,
Ayush Gupta
-----Original Message-----
From: xxxxx@lists.osr.com [mailto:xxxxx@lists.osr.com] On Behalf Of xxxxx@netcleantech.com
Sent: Tuesday, May 27, 2008 4:57 PM
To: Windows File Systems Devs Interest List
Subject: [ntfsd] How do I get the process ID in PreCreate?
Hello
How do I get the process ID in PreCreate?
I have tried to use GetProcessId but I can not include the windows.h file.
Are there some other function I can call to get the process ID?
Thanks
Mattias Bergkvist
NTFSD is sponsored by OSR
For our schedule debugging and file system seminars
(including our new fs mini-filter seminar) visit:
http://www.osr.com/seminars
You are currently subscribed to ntfsd as: xxxxx@yahoo.co.in
To unsubscribe send a blank email to xxxxx@lists.osr.com
Ayush,
They are the same in CREATE that is a guarantee that create is done in
the context of the requesting process. There are some AV products that mess
this up, but then neither call does the correct thing.
–
Don Burn (MVP, Windows DDK)
Windows 2k/XP/2k3 Filesystem and Driver Consulting
Website: http://www.windrvr.com
Blog: http://msmvps.com/blogs/WinDrvr
Remove StopSpam to reply
“Ayush Gupta” wrote in message news:xxxxx@ntfsd…
Hi Mattias,
First of all, decide whether you want the current process ID or the ID of
the process which has requested the operation?
For getting the current process ID, use PsGetCurrentProcessId.
For getting the ID of the requestor process, use IoGetRequestorProcessId/
FltGetRequestorProcessId.
Regards,
Ayush Gupta
-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of
xxxxx@netcleantech.com
Sent: Tuesday, May 27, 2008 4:57 PM
To: Windows File Systems Devs Interest List
Subject: [ntfsd] How do I get the process ID in PreCreate?
Hello
How do I get the process ID in PreCreate?
I have tried to use GetProcessId but I can not include the windows.h file.
Are there some other function I can call to get the process ID?
Thanks
Mattias Bergkvist
—
NTFSD is sponsored by OSR
For our schedule debugging and file system seminars
(including our new fs mini-filter seminar) visit:
http://www.osr.com/seminars
You are currently subscribed to ntfsd as: xxxxx@yahoo.co.in
To unsubscribe send a blank email to xxxxx@lists.osr.com
Hi Don!
Thanks for adding the “Create specific” thing. Actually I should have
mentioned that.
But can you please explain the point regarding the AV thing?
How do the AVs mess this up?
Regards,
Ayush
-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Don Burn
Sent: Tuesday, May 27, 2008 7:22 PM
To: Windows File Systems Devs Interest List
Subject: Re:[ntfsd] How do I get the process ID in PreCreate?
Ayush,
They are the same in CREATE that is a guarantee that create is done in
the context of the requesting process. There are some AV products that mess
this up, but then neither call does the correct thing.
–
Don Burn (MVP, Windows DDK)
Windows 2k/XP/2k3 Filesystem and Driver Consulting
Website: http://www.windrvr.com
Blog: http://msmvps.com/blogs/WinDrvr
Remove StopSpam to reply
“Ayush Gupta” wrote in message news:xxxxx@ntfsd…
Hi Mattias,
First of all, decide whether you want the current process ID or the ID of
the process which has requested the operation?
For getting the current process ID, use PsGetCurrentProcessId.
For getting the ID of the requestor process, use IoGetRequestorProcessId/
FltGetRequestorProcessId.
Regards,
Ayush Gupta
-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of
xxxxx@netcleantech.com
Sent: Tuesday, May 27, 2008 4:57 PM
To: Windows File Systems Devs Interest List
Subject: [ntfsd] How do I get the process ID in PreCreate?
Hello
How do I get the process ID in PreCreate?
I have tried to use GetProcessId but I can not include the windows.h file.
Are there some other function I can call to get the process ID?
Thanks
Mattias Bergkvist
—
NTFSD is sponsored by OSR
For our schedule debugging and file system seminars
(including our new fs mini-filter seminar) visit:
http://www.osr.com/seminars
You are currently subscribed to ntfsd as: xxxxx@yahoo.co.in
To unsubscribe send a blank email to xxxxx@lists.osr.com
—
NTFSD is sponsored by OSR
For our schedule debugging and file system seminars
(including our new fs mini-filter seminar) visit:
http://www.osr.com/seminars
You are currently subscribed to ntfsd as: xxxxx@yahoo.co.in
To unsubscribe send a blank email to xxxxx@lists.osr.com
There are AV’s that catch the create and then issue a different one
sometimes on a worker thread. I did not believe it till I saw it with a
file system I had worked on that some idiot put a well know virus scanner
over for protection. This may have changed since this was several years
ago.
–
Don Burn (MVP, Windows DDK)
Windows 2k/XP/2k3 Filesystem and Driver Consulting
Website: http://www.windrvr.com
Blog: http://msmvps.com/blogs/WinDrvr
Remove StopSpam to reply
“Ayush Gupta” wrote in message news:xxxxx@ntfsd…
> Hi Don!
>
> Thanks for adding the “Create specific” thing. Actually I should have
> mentioned that.
> But can you please explain the point regarding the AV thing?
> How do the AVs mess this up?
>
> Regards,
> Ayush
>
> -----Original Message-----
> From: xxxxx@lists.osr.com
> [mailto:xxxxx@lists.osr.com] On Behalf Of Don Burn
> Sent: Tuesday, May 27, 2008 7:22 PM
> To: Windows File Systems Devs Interest List
> Subject: Re:[ntfsd] How do I get the process ID in PreCreate?
>
> Ayush,
>
> They are the same in CREATE that is a guarantee that create is done in
> the context of the requesting process. There are some AV products that
> mess
>
> this up, but then neither call does the correct thing.
>
>
> –
> Don Burn (MVP, Windows DDK)
> Windows 2k/XP/2k3 Filesystem and Driver Consulting
> Website: http://www.windrvr.com
> Blog: http://msmvps.com/blogs/WinDrvr
> Remove StopSpam to reply
>
>
>
>
> “Ayush Gupta” wrote in message news:xxxxx@ntfsd…
> Hi Mattias,
>
> First of all, decide whether you want the current process ID or the ID of
> the process which has requested the operation?
>
> For getting the current process ID, use PsGetCurrentProcessId.
> For getting the ID of the requestor process, use IoGetRequestorProcessId/
> FltGetRequestorProcessId.
>
> Regards,
> Ayush Gupta
>
> -----Original Message-----
> From: xxxxx@lists.osr.com
> [mailto:xxxxx@lists.osr.com] On Behalf Of
> xxxxx@netcleantech.com
> Sent: Tuesday, May 27, 2008 4:57 PM
> To: Windows File Systems Devs Interest List
> Subject: [ntfsd] How do I get the process ID in PreCreate?
>
> Hello
>
> How do I get the process ID in PreCreate?
>
> I have tried to use GetProcessId but I can not include the windows.h file.
> Are there some other function I can call to get the process ID?
>
> Thanks
> Mattias Bergkvist
>
> —
> NTFSD is sponsored by OSR
>
> For our schedule debugging and file system seminars
> (including our new fs mini-filter seminar) visit:
> http://www.osr.com/seminars
>
> You are currently subscribed to ntfsd as: xxxxx@yahoo.co.in
> To unsubscribe send a blank email to xxxxx@lists.osr.com
>
>
>
>
> —
> NTFSD is sponsored by OSR
>
> For our schedule debugging and file system seminars
> (including our new fs mini-filter seminar) visit:
> http://www.osr.com/seminars
>
> You are currently subscribed to ntfsd as: xxxxx@yahoo.co.in
> To unsubscribe send a blank email to xxxxx@lists.osr.com
>
>
Hi Don,
What benefit does the AV get by doing this?
If I am correct, the AV will have to do the stuff of impersonating the user
and other stuff.
But for what? What will it achieve?
Regards,
Ayush
-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Don Burn
Sent: Tuesday, May 27, 2008 8:01 PM
To: Windows File Systems Devs Interest List
Subject: Re:[ntfsd] How do I get the process ID in PreCreate?
There are AV’s that catch the create and then issue a different one
sometimes on a worker thread. I did not believe it till I saw it with a
file system I had worked on that some idiot put a well know virus scanner
over for protection. This may have changed since this was several years
ago.
–
Don Burn (MVP, Windows DDK)
Windows 2k/XP/2k3 Filesystem and Driver Consulting
Website: http://www.windrvr.com
Blog: http://msmvps.com/blogs/WinDrvr
Remove StopSpam to reply
“Ayush Gupta” wrote in message news:xxxxx@ntfsd…
> Hi Don!
>
> Thanks for adding the “Create specific” thing. Actually I should have
> mentioned that.
> But can you please explain the point regarding the AV thing?
> How do the AVs mess this up?
>
> Regards,
> Ayush
>
> -----Original Message-----
> From: xxxxx@lists.osr.com
> [mailto:xxxxx@lists.osr.com] On Behalf Of Don Burn
> Sent: Tuesday, May 27, 2008 7:22 PM
> To: Windows File Systems Devs Interest List
> Subject: Re:[ntfsd] How do I get the process ID in PreCreate?
>
> Ayush,
>
> They are the same in CREATE that is a guarantee that create is done in
> the context of the requesting process. There are some AV products that
> mess
>
> this up, but then neither call does the correct thing.
>
>
> –
> Don Burn (MVP, Windows DDK)
> Windows 2k/XP/2k3 Filesystem and Driver Consulting
> Website: http://www.windrvr.com
> Blog: http://msmvps.com/blogs/WinDrvr
> Remove StopSpam to reply
>
>
>
>
> “Ayush Gupta” wrote in message news:xxxxx@ntfsd…
> Hi Mattias,
>
> First of all, decide whether you want the current process ID or the ID of
> the process which has requested the operation?
>
> For getting the current process ID, use PsGetCurrentProcessId.
> For getting the ID of the requestor process, use IoGetRequestorProcessId/
> FltGetRequestorProcessId.
>
> Regards,
> Ayush Gupta
>
> -----Original Message-----
> From: xxxxx@lists.osr.com
> [mailto:xxxxx@lists.osr.com] On Behalf Of
> xxxxx@netcleantech.com
> Sent: Tuesday, May 27, 2008 4:57 PM
> To: Windows File Systems Devs Interest List
> Subject: [ntfsd] How do I get the process ID in PreCreate?
>
> Hello
>
> How do I get the process ID in PreCreate?
>
> I have tried to use GetProcessId but I can not include the windows.h file.
> Are there some other function I can call to get the process ID?
>
> Thanks
> Mattias Bergkvist
>
> —
> NTFSD is sponsored by OSR
>
> For our schedule debugging and file system seminars
> (including our new fs mini-filter seminar) visit:
> http://www.osr.com/seminars
>
> You are currently subscribed to ntfsd as: xxxxx@yahoo.co.in
> To unsubscribe send a blank email to xxxxx@lists.osr.com
>
>
>
>
> —
> NTFSD is sponsored by OSR
>
> For our schedule debugging and file system seminars
> (including our new fs mini-filter seminar) visit:
> http://www.osr.com/seminars
>
> You are currently subscribed to ntfsd as: xxxxx@yahoo.co.in
> To unsubscribe send a blank email to xxxxx@lists.osr.com
>
>
—
NTFSD is sponsored by OSR
For our schedule debugging and file system seminars
(including our new fs mini-filter seminar) visit:
http://www.osr.com/seminars
You are currently subscribed to ntfsd as: xxxxx@yahoo.co.in
To unsubscribe send a blank email to xxxxx@lists.osr.com
I honestly have no idea, I would call it a bug,
–
Don Burn (MVP, Windows DDK)
Windows 2k/XP/2k3 Filesystem and Driver Consulting
Website: http://www.windrvr.com
Blog: http://msmvps.com/blogs/WinDrvr
Remove StopSpam to reply
“Ayush Gupta” wrote in message news:xxxxx@ntfsd…
> Hi Don,
>
> What benefit does the AV get by doing this?
> If I am correct, the AV will have to do the stuff of impersonating the
> user
> and other stuff.
> But for what? What will it achieve?
>
> Regards,
> Ayush
>
> -----Original Message-----
> From: xxxxx@lists.osr.com
> [mailto:xxxxx@lists.osr.com] On Behalf Of Don Burn
> Sent: Tuesday, May 27, 2008 8:01 PM
> To: Windows File Systems Devs Interest List
> Subject: Re:[ntfsd] How do I get the process ID in PreCreate?
>
> There are AV’s that catch the create and then issue a different one
> sometimes on a worker thread. I did not believe it till I saw it with a
> file system I had worked on that some idiot put a well know virus scanner
> over for protection. This may have changed since this was several years
> ago.
>
>
> –
> Don Burn (MVP, Windows DDK)
> Windows 2k/XP/2k3 Filesystem and Driver Consulting
> Website: http://www.windrvr.com
> Blog: http://msmvps.com/blogs/WinDrvr
> Remove StopSpam to reply
>
>
>
> “Ayush Gupta” wrote in message news:xxxxx@ntfsd…
>> Hi Don!
>>
>> Thanks for adding the “Create specific” thing. Actually I should have
>> mentioned that.
>> But can you please explain the point regarding the AV thing?
>> How do the AVs mess this up?
>>
>> Regards,
>> Ayush
>>
>> -----Original Message-----
>> From: xxxxx@lists.osr.com
>> [mailto:xxxxx@lists.osr.com] On Behalf Of Don Burn
>> Sent: Tuesday, May 27, 2008 7:22 PM
>> To: Windows File Systems Devs Interest List
>> Subject: Re:[ntfsd] How do I get the process ID in PreCreate?
>>
>> Ayush,
>>
>> They are the same in CREATE that is a guarantee that create is done in
>> the context of the requesting process. There are some AV products that
>> mess
>>
>> this up, but then neither call does the correct thing.
>>
>>
>> –
>> Don Burn (MVP, Windows DDK)
>> Windows 2k/XP/2k3 Filesystem and Driver Consulting
>> Website: http://www.windrvr.com
>> Blog: http://msmvps.com/blogs/WinDrvr
>> Remove StopSpam to reply
>>
>>
>>
>>
>> “Ayush Gupta” wrote in message news:xxxxx@ntfsd…
>> Hi Mattias,
>>
>> First of all, decide whether you want the current process ID or the ID of
>> the process which has requested the operation?
>>
>> For getting the current process ID, use PsGetCurrentProcessId.
>> For getting the ID of the requestor process, use IoGetRequestorProcessId/
>> FltGetRequestorProcessId.
>>
>> Regards,
>> Ayush Gupta
>>
>> -----Original Message-----
>> From: xxxxx@lists.osr.com
>> [mailto:xxxxx@lists.osr.com] On Behalf Of
>> xxxxx@netcleantech.com
>> Sent: Tuesday, May 27, 2008 4:57 PM
>> To: Windows File Systems Devs Interest List
>> Subject: [ntfsd] How do I get the process ID in PreCreate?
>>
>> Hello
>>
>> How do I get the process ID in PreCreate?
>>
>> I have tried to use GetProcessId but I can not include the windows.h
>> file.
>> Are there some other function I can call to get the process ID?
>>
>> Thanks
>> Mattias Bergkvist
>>
>> —
>> NTFSD is sponsored by OSR
>>
>> For our schedule debugging and file system seminars
>> (including our new fs mini-filter seminar) visit:
>> http://www.osr.com/seminars
>>
>> You are currently subscribed to ntfsd as: xxxxx@yahoo.co.in
>> To unsubscribe send a blank email to xxxxx@lists.osr.com
>>
>>
>>
>>
>> —
>> NTFSD is sponsored by OSR
>>
>> For our schedule debugging and file system seminars
>> (including our new fs mini-filter seminar) visit:
>> http://www.osr.com/seminars
>>
>> You are currently subscribed to ntfsd as: xxxxx@yahoo.co.in
>> To unsubscribe send a blank email to xxxxx@lists.osr.com
>>
>>
>
>
>
> —
> NTFSD is sponsored by OSR
>
> For our schedule debugging and file system seminars
> (including our new fs mini-filter seminar) visit:
> http://www.osr.com/seminars
>
> You are currently subscribed to ntfsd as: xxxxx@yahoo.co.in
> To unsubscribe send a blank email to xxxxx@lists.osr.com
>
>