Why “No”, since the OP already has “System” ?
This is if (pIrp->RequestorMode =3D=3D KernelMode).
If (pIrp->RequestorMode =3D=3D UserMode) you should get your “NotePad.e=
xe”.
(for XP and later there is PsGetCurrentImageFileName)
To test if it works use something like dskprobe, that directly accesses=
the
phys. disk.
Regards
Else
=
=20
“Jamey Kirby” =
=20
em Software Devs Interest List" =20
m> cc: =
=20
Sent by: Subject: RE: [ntd=
ev] Required help for finding process Name in Disk Upper =20
xxxxx@lis Filter Driver (Unsig=
ned Mail) =20
ts.osr.com =
=20
=
=20
=
=20
03.06.2004 09:11 =
=20
Please respond to =
=20
“Windows System =
=20
Software Devs Interest =
=20
List” =
=20
=
=20
No
From:xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Ramesh D
Sent: Wednesday, June 02, 2004 11:52 PM
To: Windows System Software Devs Interest List
Subject: [ntdev] Required help for finding process Name in Disk Upper
Filter Driver
Hello Everyone,
I have written a Disk upper filter driver.
I need to find the process name in IRP_MJ_WRITE dispatch routing for
allowing the write operation based on the process name, for this I trie=
d
with IoGetCurrentProcess, whereas it is returning the process name as
“System” for all the I/O Operation. My requirement is to get the exact
process name which initiated the I/O operation(i.e. if we save a file i=
n
NotePad then my process name should be NotePad).
Is it possible to get the process name in=A0Disk Upper Filter Driver.
Thank You very much!
Thanks and Regards
Ramesh.
—
Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=3D256
You are currently subscribed to ntdev as: xxxxx@storagecraft.com
To unsubscribe send a blank email to xxxxx@lists.osr.com
—
Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=3D256
You are currently subscribed to ntdev as: xxxxx@utimaco.de
To unsubscribe send a blank email to xxxxx@lists.osr.com
=