Did you try PsGetCurrentProcessId()?
IRP_MJ_CREATE is called in the context of the original process. If you
want to associate the process ID with the file object, do that using one
of the standard methods - filter contexts, lookup table, MIME
attachments to e-mails to your personal account - whatever works for
you.
Tony
Tony Mason
Consulting Partner
OSR Open Systems Resources, Inc.
http://www.osr.com http:</http:>
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Ramaraj Pandian
Sent: Tuesday, June 28, 2005 3:09 PM
To: ntfsd redirect
Subject: RE: [ntfsd] ProcessID From FILEOBJECT
How can we examine. Is it like reading header and examine magic number,
the how do I associate process ID.
Thanks
Ramaraj
-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com]On Behalf Of Maxim S. Shatskih
Sent: Saturday, June 18, 2005 4:03 AM
To: Windows File Systems Devs Interest List
Subject: Re: [ntfsd] ProcessID From FILEOBJECT
No you cannot (unless you will filter the MJ_CREATE path and
examine the process identity from it).
Maxim Shatskih, Windows DDK MVP
StorageCraft Corporation
xxxxx@storagecraft.com
http://www.storagecraft.com
----- Original Message -----
From: Raghwendra mailto:xxxxx
To: Windows File Systems Devs Interest List
mailto:xxxxx
Sent: Thursday, June 16, 2005 4:53 PM
Subject: [ntfsd] ProcessID From FILEOBJECT
Hi All
Is there any way by which i can get process ID or
Process Name from a FILE_OBJECT.
Raghwendra
—
Questions? First check the IFS FAQ at
https://www.osronline.com/article.cfm?id=17
You are currently subscribed to ntfsd as: unknown
lmsubst tag argument: ‘’
To unsubscribe send a blank email to
xxxxx@lists.osr.com mailto:
*
Disclaimer:
The contents of this E-mail (including the contents of the enclosure(s)
or attachment(s) if any) are privileged and confidential material of MBT
and should not be disclosed to, used by or copied in any manner by
anyone other than the intended addressee(s). In case you are not the
desired addressee, you should delete this message and/or re-direct it to
the sender. The views expressed in this E-mail message (including the
enclosure(s) or attachment(s) if any) are those of the individual
sender, except where the sender expressly, and with authority, states
them to be the views of MBT.
This e-mail message including attachment/(s), if any, is believed to be
free of any virus. However, it is the responsibility of the recipient to
ensure that it is virus free and MBT is not responsible for any loss or
damage arising in any way from its use
—
Questions? First check the IFS FAQ at
https://www.osronline.com/article.cfm?id=17
You are currently subscribed to ntfsd as: unknown lmsubst tag
argument: ‘’
To unsubscribe send a blank email to %%email.unsub%%
—
Questions? First check the IFS FAQ at
https://www.osronline.com/article.cfm?id=17
You are currently subscribed to ntfsd as: unknown lmsubst tag argument:
‘’
To unsubscribe send a blank email to xxxxx@lists.osr.com</mailto:></mailto:xxxxx></mailto:xxxxx>