Discussion in 'Windows Vista Drivers' started by steve, Feb 1, 2005.

  1. steve

    steve Guest

    In my filter driver I call PsGetCurrentProcessId() to
    determine which process is calling (i.e. what context the
    code is running in). Is there a way I can determine the
    process name (i.e. explorer.exe, winlogon.exe. etc.)
    using the process id? I want to do this all in the
    kernel without any help from a user mode app.

    steve, Feb 1, 2005
  2. No ways without digging into the undocumented EPROCESS.
    Maxim S. Shatskih, Feb 1, 2005
  3. And, even digging there, there would be a 16-char truncated string,
    that is more informational than anything else.
    Ivan Brugiolo [MSFT], Feb 1, 2005
