I’m using registry callbacks, and am trying to get the requestor’s Process ID. In the FS Filter world, I’d use FltGetRequestorProcessId(), but that won’t work for registry operations. I know that it’s possible, since RegMon is able to display it. How can I get the PID?
Thanks!
The calls are made in the context of the user process. Us
PsGetProcessId().
–
Don Burn (MVP, Windows DDK)
Windows 2k/XP/2k3 Filesystem and Driver Consulting
Website: http://www.windrvr.com
Blog: http://msmvps.com/blogs/WinDrvr
wrote in message news:xxxxx@ntfsd…
> I’m using registry callbacks, and am trying to get the requestor’s
> Process ID. In the FS Filter world, I’d use FltGetRequestorProcessId(),
> but that won’t work for registry operations. I know that it’s possible,
> since RegMon is able to display it. How can I get the PID?
>
> Thanks!
>
PsGetCurrentProcessId() is available for any kernel mode component.
Pete
Kernel Drivers
Windows File System and Device Driver Consulting
www.KernelDrivers.com
(303)546-0300
xxxxx@gmail.com wrote:
I’m using registry callbacks, and am trying to get the requestor’s Process ID. In the FS Filter world, I’d use FltGetRequestorProcessId(), but that won’t work for registry operations. I know that it’s possible, since RegMon is able to display it. How can I get the PID?
Thanks!
Questions? First check the IFS FAQ at https://www.osronline.com/article.cfm?id=17
You are currently subscribed to ntfsd as: xxxxx@kerneldrivers.com
To unsubscribe send a blank email to xxxxx@lists.osr.com