RE: How to get process ID

NTDEV
1

Hello,
Is there any way to get process ID of user mode process that send IRP to my kernel driver?
Thanks in advice
Mark

Questions? First check the Kernel Driver FAQ at http://www.osronline.com/article.cfm?id=256

To unsubscribe, visit the List Server section of OSR Online at http://www.osronline.com/page.cfm?name=ListServer

2

The call you are looking for is IoGetRequestorProcessId. Now be aware if
your driver is not on the top of the stack of drivers, there is nothing to
stop an upper level driver from changing the way things work. For
instance, if this is a disk driver you will not see many I/O requests since
the cache manager is in the middle. Also the requests you see may not be
from the requesting process but the system.


Don Burn (MVP, Windows DDK)
Windows 2k/XP/2k3 Filesystem and Driver Consulting
http://www.windrvr.com
Remove StopSpam from the email to reply

“Mark Shnaider” wrote in message news:xxxxx@ntdev…
Hello,
Is there any way to get process ID of user mode process that send IRP
to my kernel driver?
Thanks in advice
Mark


Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256

To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer

3

PsGetCurrentProcessId() but note that there are many requests which are not
called in context so be aware.

Pete

Kernel Drivers
Windows Filesystem and Device Driver Consulting
www.KernelDrivers.com
(303)546-0300

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Mark Shnaider
Sent: Monday, November 20, 2006 7:37 AM
To: Windows System Software Devs Interest List
Subject: RE: [ntdev] How to get process ID

Hello,
Is there any way to get process ID of user mode process that send IRP to
my kernel driver?
Thanks in advice
Mark

Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256

To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer

Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256

To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer