Is there a way to emulate PsGetProcessId() in Windows 2000 (even
undocumented)? Officially it is only supported in XP and above. Thanks.
yes, use ZwQueryInformationProcess/ProcessBasicInformation
Petr
HANDLE PsGetProcessId( IN PEPROCESS pProcess )
{
HANDLE hProcess, hProcessId = 0;
NTSTATUS status = ObOpenObjectByPointer( pProcess,
OBJ_KERNEL_HANDLE, NULL, GENERIC_READ, NULL, KernelMode, &hProcess );
if (NT_SUCCESS( status )) {
PROCESS_BASIC_INFORMATION basicInfo;
ULONG ulReturnedLength;
status = ZwQueryInformationProcess( hProcess,
ProcessBasicInformation, &basicInfo, sizeof( basicInfo ), &ulReturnedLength
);
if (NT_SUCCESS( status )) hProcessId =
(HANDLE)basicInfo.UniqueProcessId;
ZwClose( hProcess );
}
return hProcessId;
}
-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Neil Weicher
Sent: Thursday, September 30, 2010 4:58 PM
To: Windows File Systems Devs Interest List
Subject: [ntfsd] PsGetProcessId() in Windows 2000
Is there a way to emulate PsGetProcessId() in Windows 2000 (even
undocumented)? Officially it is only supported in XP and above. Thanks.
NTFSD is sponsored by OSR
For our schedule of debugging and file system seminars
(including our new fs mini-filter seminar) visit:
http://www.osr.com/seminars
To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer
See if you can use it dynamically after getting function address.