How to get the process name in NDIS IM driver (2K) ?
It isn’t likely that you can fetch process information using system
facilities from within a NDIS IM driver. Packet reception is certainly in
arbitrary thread context - unrelated to the actual process that will
eventually consume it. Send packets are also most often seen in arbitrary
thread process; rarely this context may be the context of the process that
originated the packet being sent.
Process information is available at the transport data interface (TDI)
level (an API immediately above the kernel-mode TCP/IP driver). At the point
that TDI objects (address objects and connection objects) are created. If
you had a pair of drivers working together (a TDI filter and a NDIS IM
driver) then together these may give the desired results. The NDIS IM
driver could parse the packet and then query process information gleaned by
the TDI driver
Lots of work.
Hope this helps.
Thomas F. Divine
“Abhijit Kulkarni” wrote in message news:xxxxx@ntdev…
>
> How to get the process name in NDIS IM driver (2K) ?
>
>
Yes, having 2 control points – actually a TDI-layer information-collection
point and an NDIS packet-control point – sounds like the only workable
solution.
“Thomas F. Divine” wrote:
If
you had a pair of drivers working together (a TDI filter and a NDIS IM
driver) then together these may give the desired results. The NDIS IM
driver could parse the packet and then query process information gleaned by
the TDI driverLots of work.
–
If replying by e-mail, please remove “nospam.” from the address.
James Antognini
Windows DDK MVP