Parent process path

OSR_Community_User · April 23, 2003, 5:57pm

I am trying to get parent process name (complete path). I use ZwOpenProcess,
ZwQueryInformationProcess, then use InheritedFromUniqueProcessId to open and
query parent process. I get different process id for child and parent, but
it always gives me the same process name if I look thro’ PEB. Is there
anything I am missing?

Thanks
Ramaraj

OSR_Community_User · April 23, 2003, 7:50pm

You cannot reliably get the complete path of any process in kernel-mode
using any documented or undocumented API, period. Ask user-mode for this
(GetModuleFileName I think).

Nicholas Ryan

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Ramaraj Pandian
Sent: Wednesday, April 23, 2003 2:59 PM
To: File Systems Developers
Subject: [ntfsd] Parent process path

I am trying to get parent process name (complete path). I use
ZwOpenProcess, ZwQueryInformationProcess, then use
InheritedFromUniqueProcessId to open and query parent
process. I get different process id for child and parent, but
it always gives me the same process name if I look thro’ PEB.
Is there anything I am missing?

Thanks
Ramaraj

You are currently subscribed to ntfsd as: xxxxx@nryan.com
To unsubscribe send a blank email to xxxxx@lists.osr.com