Hi
I get list of files accessed?in filter driver function
NTSTATUS
SfCreate (
??? __in PDEVICE_OBJECT DeviceObject,
??? __in PIRP Irp
??? )
I want to know application name?accessing that file. How can I achieve it?
Thanks,
Devang
IoGetRequestorProcess/IoGetRequestorProcessId
ObOpenObjectByPointer/ZwOpenProcess
and then check this out:
http://www.osronline.com/article.cfm?article=472