Hi,
Is there a way to determine the kernel process executable name (NTOSKRNL.EXE/NTKRNLPA.EXE/etc…) in kernel mode (non-KMDF pls)?
Sorry if the question is already answered before, but I searched & couldn’t find it…
Regards,
Mridul.
Why do you want this?
–
Don Burn (MVP, Windows DDK)
Windows 2k/XP/2k3 Filesystem and Driver Consulting
Website: http://www.windrvr.com
Blog: http://msmvps.com/blogs/WinDrvr
Remove StopSpam to reply
wrote in message news:xxxxx@ntdev…
> Hi,
>
> Is there a way to determine the kernel process executable name
> (NTOSKRNL.EXE/NTKRNLPA.EXE/etc…) in kernel mode (non-KMDF pls)?
>
> Sorry if the question is already answered before, but I searched &
> couldn’t find it…
>
> Regards,
> Mridul.
>
You can call ZwQuerySystemInformation with information class
SystemModuleInformation. In the output, the first module information
structure is for ntoskrnl/ntkrnlpa etc.
Chandra
On Thu, Sep 25, 2008 at 2:11 PM, Don Burn wrote:
> Why do you want this?
>
>
> –
> Don Burn (MVP, Windows DDK)
> Windows 2k/XP/2k3 Filesystem and Driver Consulting
> Website: http://www.windrvr.com
> Blog: http://msmvps.com/blogs/WinDrvr
> Remove StopSpam to reply
>
>
> wrote in message news:xxxxx@ntdev…
> > Hi,
> >
> > Is there a way to determine the kernel process executable name
> > (NTOSKRNL.EXE/NTKRNLPA.EXE/etc…) in kernel mode (non-KMDF pls)?
> >
> > Sorry if the question is already answered before, but I searched &
> > couldn’t find it…
> >
> > Regards,
> > Mridul.
> >
>
>
>
> —
> NTDEV is sponsored by OSR
>
> For our schedule of WDF, WDM, debugging and other seminars visit:
> http://www.osr.com/seminars
>
> To unsubscribe, visit the List Server section of OSR Online at
> http://www.osronline.com/page.cfm?name=ListServer
>
There is a documented API (AuxKlib) to do this.
Please use it instead of calling ZwQuerySystemInformation directly. There is a static .lib that you can link to for downlevel platform support.
- S
From: chandra97 97
Sent: Thursday, September 25, 2008 15:05
To: Windows System Software Devs Interest List
Subject: Re: [ntdev] Kernel process executable name
You can call ZwQuerySystemInformation with information class SystemModuleInformation. In the output, the first module information structure is for ntoskrnl/ntkrnlpa etc.
Chandra
On Thu, Sep 25, 2008 at 2:11 PM, Don Burn > wrote:
Why do you want this?
–
Don Burn (MVP, Windows DDK)
Windows 2k/XP/2k3 Filesystem and Driver Consulting
Website: http://www.windrvr.com
Blog: http://msmvps.com/blogs/WinDrvr
Remove StopSpam to reply
> wrote in message news:xxxxx@ntdev…
> Hi,
>
> Is there a way to determine the kernel process executable name
> (NTOSKRNL.EXE/NTKRNLPA.EXE/etc…) in kernel mode (non-KMDF pls)?
>
> Sorry if the question is already answered before, but I searched &
> couldn’t find it…
>
> Regards,
> Mridul.
>
—
NTDEV is sponsored by OSR
For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars
To unsubscribe, visit the List Server section of OSR Online at http://www.osronline.com/page.cfm?name=ListServer
— NTDEV is sponsored by OSR For our schedule of WDF, WDM, debugging and other seminars visit: http://www.osr.com/seminars To unsubscribe, visit the List Server section of OSR Online at http://www.osronline.com/page.cfm?name=ListServer
But the real question is what does he think he is going to do with it? I
have seen too many lame brained schemes to look at the kernel name to figure
out something that there is a better way to do. I have watched systems
rollover and die with commercial drivers, because I put /kernel=special.dbg
on boot.ini line. The name is for the most part worthless.
–
Don Burn (MVP, Windows DDK)
Windows 2k/XP/2k3 Filesystem and Driver Consulting
Website: http://www.windrvr.com
Blog: http://msmvps.com/blogs/WinDrvr
Remove StopSpam to reply
“chandra97 97” wrote in message news:xxxxx@ntdev…
> You can call ZwQuerySystemInformation with information class
> SystemModuleInformation. In the output, the first module information
> structure is for ntoskrnl/ntkrnlpa etc.
>
> Chandra
>
> On Thu, Sep 25, 2008 at 2:11 PM, Don Burn wrote:
>
>> Why do you want this?
>>
>>
>> –
>> Don Burn (MVP, Windows DDK)
>> Windows 2k/XP/2k3 Filesystem and Driver Consulting
>> Website: http://www.windrvr.com
>> Blog: http://msmvps.com/blogs/WinDrvr
>> Remove StopSpam to reply
>>
>>
>> wrote in message news:xxxxx@ntdev…
>> > Hi,
>> >
>> > Is there a way to determine the kernel process executable name
>> > (NTOSKRNL.EXE/NTKRNLPA.EXE/etc…) in kernel mode (non-KMDF pls)?
>> >
>> > Sorry if the question is already answered before, but I searched &
>> > couldn’t find it…
>> >
>> > Regards,
>> > Mridul.
>> >
>>
>>
>>
>> —
>> NTDEV is sponsored by OSR
>>
>> For our schedule of WDF, WDM, debugging and other seminars visit:
>> http://www.osr.com/seminars
>>
>> To unsubscribe, visit the List Server section of OSR Online at
>> http://www.osronline.com/page.cfm?name=ListServer
>>
>
We’ve had an issue with our driver not working with a third-party vendor’s custom kernel, and I was wondering if it’s possible to identify the kernel for diagnosis & potential resolution.
Thanks for the quick answers.
Mridul.
Assuming that you aren’t interested in supporting it, have you considered telling your client that they can’t do this? It seems
like a pretty reasonable restriction to me, given that it’s the kernel and that their configuration just can’t be all that common.
Even for something as specific an unusual as this, the name just isn’t enough to base any decisions on, in my opinion, but whatever
the case, if you’re using it for diagnostics, how about capturing a dump file? Everything you need is in there, and from this
information you could at least dump the image header to get further information like the checksum.
Good luck,
mm
xxxxx@mediafour.com wrote:
We’ve had an issue with our driver not working with a third-party vendor’s custom kernel, and I was wondering if it’s possible to identify the kernel for diagnosis & potential resolution.
Thanks for the quick answers.
Mridul.
What custom kernel, sorry there was a HAL kit for a while, but Microsoft
does not license the kernel for customization! I had enough customers some
with very deep pockets that asked.
–
Don Burn (MVP, Windows DDK)
Windows 2k/XP/2k3 Filesystem and Driver Consulting
Website: http://www.windrvr.com
Blog: http://msmvps.com/blogs/WinDrvr
Remove StopSpam to reply
wrote in message news:xxxxx@ntdev…
> We’ve had an issue with our driver not working with a third-party vendor’s
> custom kernel, and I was wondering if it’s possible to identify the kernel
> for diagnosis & potential resolution.
>
> Thanks for the quick answers.
> Mridul.
>
>
>
> What custom kernel, sorry there was a HAL kit for a while, but Microsoft does not license
the kernel for customization!
Well, the term “kernel” may imply a bit more that ntoskrnl.exe. Probably, the poster speaks about the scenario when OEM provides his own implementation of some driver that would come from MSFT on RTM system…
Anton Bassov
No, he means ntoskrnl or one of his variants; read his original question.
mm
xxxxx@hotmail.com wrote:
> What custom kernel, sorry there was a HAL kit for a while, but Microsoft does not license
> the kernel for customization!Well, the term “kernel” may imply a bit more that ntoskrnl.exe. Probably, the poster speaks about the scenario when OEM provides his own implementation of some driver that would come from MSFT on RTM system…
Anton Bassov
> read his original question.
Well, his original question does not seem to make sense in itself under most of the major OSes of the day, including Windows - he speaks about the kernel process. This is why I suspect that he may be just using improper terminology, especially taking into consideration that the name of the main kernel module (i.e. ntoskrnl.exe) is known in advance and does not need to be “discovered”. However, if he speaks about some custom implementation of ntoskrnl.exe… well, then this is already another OS…
Anton Bassov
So maybe it’d be better to stop guessing and let OP to explain this,
right? BTW, I understood it the same way as Martin.
Best regards,
Michal Vodicka
UPEK, Inc.
[xxxxx@upek.com, http://www.upek.com]
-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of
xxxxx@hotmail.com
Sent: Friday, September 26, 2008 5:39 AM
To: Windows System Software Devs Interest List
Subject: RE:[ntdev] Kernel process executable name> read his original question.
Well, his original question does not seem to make sense in
itself under most of the major OSes of the day, including
Windows - he speaks about the kernel process. This is why I
suspect that he may be just using improper terminology,
especially taking into consideration that the name of the
main kernel module (i.e. ntoskrnl.exe) is known in advance
and does not need to be “discovered”. However, if he speaks
about some custom implementation of ntoskrnl.exe… well,
then this is already another OS…Anton Bassov
NTDEV is sponsored by OSR
For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminarsTo unsubscribe, visit the List Server section of OSR Online
at http://www.osronline.com/page.cfm?name=ListServer