How to know user mode dll context..

Hi,

In Kernel mode,
PsGetCurrentProcess is the most efficient way to get a pointer to the
current process…
I would like to know how do I get to know the dll name in the kernel
mode, loaded by a particular process,
Can anybody throw more light on this…

Thanks,

Shiva P

Hi,

In Kernel mode,
PsGetCurrentProcess is the most efficient way to get a pointer to the
current process…
I would like to know how do I get to know the dll name in the kernel
mode, loaded by a particular process,
Can anybody throw more light on this…

Thanks,

Shiva P

Hi,

In Kernel mode,
PsGetCurrentProcess is the most efficient way to get a pointer to the
current process…
I would like to know how do I get to know the dll name in the kernel
mode, loaded by a particular process,
Can anybody throw more light on this…

Thanks,

Shiva P

Message What is the “DLL name”? Process loads tens of DLLs, which name do you want?

Maxim Shatskih, Windows DDK MVP
StorageCraft Corporation
xxxxx@storagecraft.com
http://www.storagecraft.com
----- Original Message -----
From: xxxxx@wipro.com
To: Windows System Software Devs Interest List
Sent: Wednesday, January 12, 2005 1:07 PM
Subject: RE:[ntdev] How to know user mode dll context…

Hi,

In Kernel mode,
PsGetCurrentProcess is the most efficient way to get a pointer to the current process…
I would like to know how do I get to know the dll name in the kernel mode, loaded by a particular process,
Can anybody throw more light on this…

Thanks,

Shiva P


Questions? First check the Kernel Driver FAQ at http://www.osronline.com/article.cfm?id=256

You are currently subscribed to ntdev as: unknown lmsubst tag argument: ‘’
To unsubscribe send a blank email to xxxxx@lists.osr.com

sorry for unclear question…

How can I get a list of all the dll file or any other reference to the
dll loaded by a process,
in kernel mode…

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Maxim S.
Shatskih
Sent: Wednesday, January 12, 2005 3:48 PM
To: Windows System Software Devs Interest List
Subject: Re: RE:[ntdev] How to know user mode dll context…

What is the “DLL name”? Process loads tens of DLLs, which name do
you want?

Maxim Shatskih, Windows DDK MVP
StorageCraft Corporation
xxxxx@storagecraft.com
http://www.storagecraft.com

----- Original Message -----
From: xxxxx@wipro.com
To: Windows System Software Devs Interest mailto:xxxxx
List
Sent: Wednesday, January 12, 2005 1:07 PM
Subject: RE:[ntdev] How to know user mode dll context…

Hi,

In Kernel mode,
PsGetCurrentProcess is the most efficient way to get a pointer to the
current process…
I would like to know how do I get to know the dll name in the kernel
mode, loaded by a particular process,
Can anybody throw more light on this…

Thanks,

Shiva P


Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256

You are currently subscribed to ntdev as: unknown lmsubst tag argument:
‘’
To unsubscribe send a blank email to xxxxx@lists.osr.com


Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256

You are currently subscribed to ntdev as: unknown lmsubst tag argument:
‘’
To unsubscribe send a blank email to xxxxx@lists.osr.com</mailto:xxxxx>

Message
There is no documented way to this in kernel mode. This is
if I understand your question, because the second post is as
unclear as the first.
----- Original Message -----
From: xxxxx@wipro.com
To: Windows System Software Devs Interest List
Sent: Wednesday, January 12, 2005 1:51 PM
Subject: RE: RE:[ntdev] How to know user mode dll context…

sorry for unclear question…

How can I get a list of all the dll file or any other reference to the dll loaded by a process,
in kernel mode…

-----Original Message-----
From: xxxxx@lists.osr.com [mailto:xxxxx@lists.osr.com] On Behalf Of Maxim S. Shatskih
Sent: Wednesday, January 12, 2005 3:48 PM
To: Windows System Software Devs Interest List
Subject: Re: RE:[ntdev] How to know user mode dll context…

What is the “DLL name”? Process loads tens of DLLs, which name do you want?

Maxim Shatskih, Windows DDK MVP
StorageCraft Corporation
xxxxx@storagecraft.com
http://www.storagecraft.com
----- Original Message -----
From: xxxxx@wipro.com
To: Windows System Software Devs Interest List
Sent: Wednesday, January 12, 2005 1:07 PM
Subject: RE:[ntdev] How to know user mode dll context…

Hi,

In Kernel mode,
PsGetCurrentProcess is the most efficient way to get a pointer to the current process…
I would like to know how do I get to know the dll name in the kernel mode, loaded by a particular process,
Can anybody throw more light on this…

Thanks,

Shiva P


Questions? First check the Kernel Driver FAQ at http://www.osronline.com/article.cfm?id=256

You are currently subscribed to ntdev as: unknown lmsubst tag argument: ‘’
To unsubscribe send a blank email to xxxxx@lists.osr.com

Questions? First check the Kernel Driver FAQ at http://www.osronline.com/article.cfm?id=256

You are currently subscribed to ntdev as: unknown lmsubst tag argument: ‘’
To unsubscribe send a blank email to xxxxx@lists.osr.com
Questions? First check the Kernel Driver FAQ at http://www.osronline.com/article.cfm?id=256

You are currently subscribed to ntdev as: unknown lmsubst tag argument: ‘’
To unsubscribe send a blank email to xxxxx@lists.osr.com

Message
ZwQueryInformationProcess(); with ProcessBasicInformation class
inside PROCESS_BASIC_INFORMATION you got PebBaseAddress
-> under PEB you got PebBaseAddress->ProcessModuleInfo->ModuleHeader
-> under ModuleHeader you got list of all modules that process loaded
its a “little” undocumented, you will need to search for the structures …
anyway you got sysinternals tools for this
http://www.sysinternals.com/ntw2k/freeware/listdlls.shtml

----- Original Message -----
From: xxxxx@wipro.com
To: Windows System Software Devs Interest List
Sent: Wednesday, January 12, 2005 1:51 PM
Subject: RE: RE:[ntdev] How to know user mode dll context…

sorry for unclear question…

How can I get a list of all the dll file or any other reference to the dll loaded by a process,
in kernel mode…

-----Original Message-----
From: xxxxx@lists.osr.com [mailto:xxxxx@lists.osr.com] On Behalf Of Maxim S. Shatskih
Sent: Wednesday, January 12, 2005 3:48 PM
To: Windows System Software Devs Interest List
Subject: Re: RE:[ntdev] How to know user mode dll context…

What is the “DLL name”? Process loads tens of DLLs, which name do you want?

Maxim Shatskih, Windows DDK MVP
StorageCraft Corporation
xxxxx@storagecraft.com
http://www.storagecraft.com
----- Original Message -----
From: xxxxx@wipro.com
To: Windows System Software Devs Interest List
Sent: Wednesday, January 12, 2005 1:07 PM
Subject: RE:[ntdev] How to know user mode dll context…

Hi,

In Kernel mode,
PsGetCurrentProcess is the most efficient way to get a pointer to the current process…
I would like to know how do I get to know the dll name in the kernel mode, loaded by a particular process,
Can anybody throw more light on this…

Thanks,

Shiva P


Questions? First check the Kernel Driver FAQ at http://www.osronline.com/article.cfm?id=256

You are currently subscribed to ntdev as: unknown lmsubst tag argument: ‘’
To unsubscribe send a blank email to xxxxx@lists.osr.com

Questions? First check the Kernel Driver FAQ at http://www.osronline.com/article.cfm?id=256

You are currently subscribed to ntdev as: unknown lmsubst tag argument: ‘’
To unsubscribe send a blank email to xxxxx@lists.osr.com
Questions? First check the Kernel Driver FAQ at http://www.osronline.com/article.cfm?id=256

You are currently subscribed to ntdev as: unknown lmsubst tag argument: ‘’
To unsubscribe send a blank email to xxxxx@lists.osr.com

Thanks all of you…This is exactly the info I was looking for…

Shiva P

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Maxim
Sent: Wednesday, January 12, 2005 6:12 PM
To: Windows System Software Devs Interest List
Subject: Re: RE:[ntdev] How to know user mode dll context…

ZwQueryInformationProcess(); with ProcessBasicInformation class
inside PROCESS_BASIC_INFORMATION you got PebBaseAddress
-> under PEB you got PebBaseAddress->ProcessModuleInfo->ModuleHeader
-> under ModuleHeader you got list of all modules that process loaded
its a “little” undocumented, you will need to search for the structures

anyway you got sysinternals tools for this
http://www.sysinternals.com/ntw2k/freeware/listdlls.shtml

----- Original Message -----
From: xxxxx@wipro.com
To: Windows System Software Devs Interest mailto:xxxxx
List
Sent: Wednesday, January 12, 2005 1:51 PM
Subject: RE: RE:[ntdev] How to know user mode dll context…

sorry for unclear question…

How can I get a list of all the dll file or any other reference to the
dll loaded by a process,
in kernel mode…

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Maxim S.
Shatskih
Sent: Wednesday, January 12, 2005 3:48 PM
To: Windows System Software Devs Interest List
Subject: Re: RE:[ntdev] How to know user mode dll context…

What is the “DLL name”? Process loads tens of DLLs, which name do
you want?

Maxim Shatskih, Windows DDK MVP
StorageCraft Corporation
xxxxx@storagecraft.com
http://www.storagecraft.com

----- Original Message -----
From: xxxxx@wipro.com
To: Windows System Software Devs Interest mailto:xxxxx
List
Sent: Wednesday, January 12, 2005 1:07 PM
Subject: RE:[ntdev] How to know user mode dll context…

Hi,

In Kernel mode,
PsGetCurrentProcess is the most efficient way to get a pointer to the
current process…
I would like to know how do I get to know the dll name in the kernel
mode, loaded by a particular process,
Can anybody throw more light on this…

Thanks,

Shiva P</mailto:xxxxx></mailto:xxxxx>

MessageYou can use PsSetLoadImageNotifyRoutine routine for this.

regards,
Binoj
wrote in message news:xxxxx@ntdev…
Hi,

In Kernel mode,
PsGetCurrentProcess is the most efficient way to get a pointer to the
current process…
I would like to know how do I get to know the dll name in the kernel mode,
loaded by a particular process,
Can anybody throw more light on this…

Thanks,

Shiva P