Thanks, I understand. I sent my answer before Marks reply came in,
and I was focussed on “can I get the Processname”, not on “is it reliab=
le”.
Which is a faux pas, I must admit.
Else
=
=20
xxxxx@3Dlabs.c =
=20
om To: “Windows Syst=
em Software Devs Interest List” =20
Sent by: cc: =
=20
xxxxx@lis Subject: RE: [ntd=
ev] Required help for finding process Name in Disk Upper =20
ts.osr.com Filter Driver (Unsig=
ned Mail) (Unsigned Mail) =20
=
=20
=
=20
03.06.2004 12:56 =
=20
Please respond to =
=20
“Windows System =
=20
Software Devs Interest =
=20
List” =
=20
=
=20
Else,
As Mark Roddy tried to explain, there can often be a context switch (i.=
e.
Notepad is no longer “current process”) before the disk filter driver i=
s
run. This means that the information, although it may be available, is =
not
going to be correct. Sometimes it may be correct, at other times it wil=
l
not
be.
–
Mats
> -----Original Message-----
> From: Else Kluger [mailto:xxxxx@utimaco.de]
> Sent: Thursday, June 03, 2004 11:35 AM
> To: Windows System Software Devs Interest List
> Subject: RE: [ntdev] Required help for finding process Name in Disk
> Upper Filter Driver (Unsigned Mail)
>
>
>
> Why “No”, since the OP already has “System” ?
> This is if (pIrp->RequestorMode =3D=3D KernelMode).
> If (pIrp->RequestorMode =3D=3D UserMode) you should get your
> “NotePad.exe”.
> (for XP and later there is PsGetCurrentImageFileName)
> To test if it works use something like dskprobe, that
> directly accesses the
> phys. disk.
>
> Regards
> Else
>
>
>
>
>
>
> “Jamey Kirby”
>
>
> > “Windows System Software Devs Interest List”
>
> m> cc:
>
>
> Sent by: Subject:
> RE: [ntdev] Required help for finding process Name in Disk
> Upper
> xxxxx@lis Filter
> Driver (Unsigned Mail)
>
> ts.osr.com
>
>
>
>
>
>
>
>
> 03.06.2004 09:11
>
>
> Please respond to
>
>
> “Windows System
>
>
> Software Devs Interest
>
>
> List”
>
>
>
>
>
>
>
>
>
>
>
> No
>
>
>
>
>
>
>
>
> From:xxxxx@lists.osr.com
> [mailto:xxxxx@lists.osr.com] On Behalf Of Ramesh D
> Sent: Wednesday, June 02, 2004 11:52 PM
> To: Windows System Software Devs Interest List
> Subject: [ntdev] Required help for finding process Name in Disk Upper=
> Filter Driver
>
>
>
> Hello Everyone,
>
> I have written a Disk upper filter driver.
>
>
> I need to find the process name in IRP_MJ_WRITE dispatch routing for
> allowing the write operation based on the process name, for
> this I tried
> with IoGetCurrentProcess, whereas it is returning the process name as=
> “System” for all the I/O Operation. My requirement is to get the exac=
t
> process name which initiated the I/O operation(i.e. if we
> save a file in
> NotePad then my process name should be NotePad).
>
>
>
> Is it possible to get the process name in=A0Disk Upper Filter Driver.=
>
>
>
> Thank You very much!
>
> Thanks and Regards
>
> Ramesh.
>
> —
> Questions? First check the Kernel Driver FAQ at
> http://www.osronline.com/article.cfm?id=3D256
>
> You are currently subscribed to ntdev as: xxxxx@storagecraft.com
> To unsubscribe send a blank email to xxxxx@lists.osr.com=
> —
> Questions? First check the Kernel Driver FAQ at
> http://www.osronline.com/article.cfm?id=3D256
>
> You are currently subscribed to ntdev as: xxxxx@utimaco.de
> To unsubscribe send a blank email to xxxxx@lists.osr.com=
>
>
>
> —
> Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=3D256
You are currently subscribed to ntdev as: xxxxx@3dlabs.com
To unsubscribe send a blank email to xxxxx@lists.osr.com
—
Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=3D256
You are currently subscribed to ntdev as: xxxxx@utimaco.de
To unsubscribe send a blank email to xxxxx@lists.osr.com
=