Required help for finding process Name in Disk Upper Filter Driver

Hello Everyone,

I have written a Disk upper filter driver.

I need to find the process name in IRP_MJ_WRITE dispatch routing for allowing the write operation based on the process name, for this I tried with IoGetCurrentProcess, whereas it is returning the process name as “System” for all the I/O Operation. My requirement is to get the exact process name which initiated the I/O operation(i.e. if we save a file in NotePad then my process name should be NotePad).

Is it possible to get the process name in Disk Upper Filter Driver.

Thank You very much!

Thanks and Regards
Ramesh.

No


From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Ramesh D
Sent: Wednesday, June 02, 2004 11:52 PM
To: Windows System Software Devs Interest List
Subject: [ntdev] Required help for finding process Name in Disk Upper Filter
Driver

Hello Everyone,

I have written a Disk upper filter driver.

I need to find the process name in IRP_MJ_WRITE dispatch routing for
allowing the write operation based on the process name, for this I tried
with IoGetCurrentProcess, whereas it is returning the process name as
“System” for all the I/O Operation. My requirement is to get the exact
process name which initiated the I/O operation(i.e. if we save a file in
NotePad then my process name should be NotePad).

Is it possible to get the process name in Disk Upper Filter Driver.

Thank You very much!

Thanks and Regards

Ramesh.


Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256

You are currently subscribed to ntdev as: xxxxx@storagecraft.com
To unsubscribe send a blank email to xxxxx@lists.osr.com

James is of course absolutely correct, but he did omit any explanation. The
problem is that frequently the process context will be arbitrary at the disk
driver level. If you need to control IO operations based on process you need
to be operating as a file system filter driver.


From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Jamey Kirby
Sent: Thursday, June 03, 2004 3:11 AM
To: Windows System Software Devs Interest List
Subject: RE: [ntdev] Required help for finding process Name in Disk Upper
Filter Driver

No


From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Ramesh D
Sent: Wednesday, June 02, 2004 11:52 PM
To: Windows System Software Devs Interest List
Subject: [ntdev] Required help for finding process Name in Disk Upper Filter
Driver

Hello Everyone,

I have written a Disk upper filter driver.

I need to find the process name in IRP_MJ_WRITE dispatch routing for
allowing the write operation based on the process name, for this I tried
with IoGetCurrentProcess, whereas it is returning the process name as
“System” for all the I/O Operation. My requirement is to get the exact
process name which initiated the I/O operation(i.e. if we save a file in
NotePad then my process name should be NotePad).

Is it possible to get the process name in Disk Upper Filter Driver.

Thank You very much!

Thanks and Regards

Ramesh.


Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256

You are currently subscribed to ntdev as: xxxxx@storagecraft.com
To unsubscribe send a blank email to xxxxx@lists.osr.com


Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256

You are currently subscribed to ntdev as: xxxxx@hollistech.com
To unsubscribe send a blank email to xxxxx@lists.osr.com

Bad idea.

Access control decisions must be made in CREATE and not write. Otherwise, it will be grossly confusing to most apps (some treat any write failure as “disk full”).

Maxim Shatskih, Windows DDK MVP
StorageCraft Corporation
xxxxx@storagecraft.com
http://www.storagecraft.com

----- Original Message -----
From: Ramesh D
To: Windows System Software Devs Interest List
Sent: Thursday, June 03, 2004 10:51 AM
Subject: [ntdev] Required help for finding process Name in Disk Upper Filter Driver

Hello Everyone,

I have written a Disk upper filter driver.

I need to find the process name in IRP_MJ_WRITE dispatch routing for allowing the write operation based on the process name, for this I tried with IoGetCurrentProcess, whereas it is returning the process name as “System” for all the I/O Operation. My requirement is to get the exact process name which initiated the I/O operation(i.e. if we save a file in NotePad then my process name should be NotePad).

Is it possible to get the process name in Disk Upper Filter Driver.

Thank You very much!

Thanks and Regards
Ramesh.

Questions? First check the Kernel Driver FAQ at http://www.osronline.com/article.cfm?id=256

You are currently subscribed to ntdev as: xxxxx@storagecraft.com
To unsubscribe send a blank email to xxxxx@lists.osr.com

In addition to everything else others have already mentioned, you do
realize that someone can rename any executable to anything they want, right?

Ramesh D wrote:

Hello Everyone,

I have written a Disk upper filter driver.

I need to find the process name in IRP_MJ_WRITE dispatch routing for
allowing the write operation based on the process name, for this I tried
with IoGetCurrentProcess, whereas it is returning the process name as
“System” for all the I/O Operation. My requirement is to get the exact
process name which initiated the I/O operation(i.e. if we save a file in
NotePad then my process name should be NotePad).

Is it possible to get the process name in Disk Upper Filter Driver.

Thank You very much!

Thanks and Regards
Ramesh.


…/ray..

Please remove “.spamblock” from my email address if you need to contact
me outside the newsgroup.

It isn’t even possible to get the process name in a file system filter
driver, let alone a disk filter. Most write-back I/O through the disk
is done because the lazy writer, modified page writer, or mapped page
writer (all part of the “System” process) initiated that I/O, not
because the application did so.

Regards,

Tony

Tony Mason
Consulting Partner
OSR Open Systems Resources, Inc.
http://www.osr.com

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Ray Trent
Sent: Friday, June 04, 2004 6:03 PM
To: ntdev redirect
Subject: Re:[ntdev] Required help for finding process Name in Disk Upper
Filter Driver

In addition to everything else others have already mentioned, you do
realize that someone can rename any executable to anything they want,
right?

Ramesh D wrote:

Hello Everyone,

I have written a Disk upper filter driver.

I need to find the process name in IRP_MJ_WRITE dispatch routing for
allowing the write operation based on the process name, for this I
tried with IoGetCurrentProcess, whereas it is returning the process
name as “System” for all the I/O Operation. My requirement is to get
the exact process name which initiated the I/O operation(i.e. if we
save a file in NotePad then my process name should be NotePad).

Is it possible to get the process name in Disk Upper Filter Driver.

Thank You very much!

Thanks and Regards
Ramesh.


…/ray..

Please remove “.spamblock” from my email address if you need to contact
me outside the newsgroup.


Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256

You are currently subscribed to ntdev as: xxxxx@osr.com To unsubscribe
send a blank email to xxxxx@lists.osr.com