process id to process name

Discussion in 'Windows Vista Drivers' started by steve, Feb 1, 2005.

  1. steve

    steve Guest

    In my filter driver I call PsGetCurrentProcessId() to
    determine which process is calling (i.e. what context the
    code is running in). Is there a way I can determine the
    process name (i.e. explorer.exe, winlogon.exe. etc.)
    using the process id? I want to do this all in the
    kernel without any help from a user mode app.

    steve, Feb 1, 2005
    1. Advertisements

  2. No ways without digging into the undocumented EPROCESS.
    Maxim S. Shatskih, Feb 1, 2005
    1. Advertisements

  3. And, even digging there, there would be a 16-char truncated string,
    that is more informational than anything else.
    Ivan Brugiolo [MSFT], Feb 1, 2005
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.