Re: RE:[ntfsd] Re: RE:[ntfsd] fullpath name of current process in win2k?

OSR_Community_User · June 12, 2008, 7:07am

> I would definitely enjoy finding this value in the

EPROCESS - the only thing there I’ve ever seen is
the eyecatcher name, not the full path name.

I would definitely enjoy finding this value in the EPROCESS - the
only thing there I’ve ever seen is the eyecatcher name, not the full
path name.

There is pointer to section object (maybe it was handle in Win2000),
you can get SEGMENT pointer from that, then CONTROL_AREA, then
FileObject.

L.

OSR_Community_User · June 13, 2008, 1:52pm

Ah, yes, that was the approach I investigated but I couldn’t find a way to do that with documented APIs. Since I wanted to use it in a toolkit, it has to obey the rules.

Tony
OSR