process id to process name

Discussion in 'Windows Vista Drivers' started by steve, Feb 1, 2005.

  1. steve

    steve Guest

    In my filter driver I call PsGetCurrentProcessId() to
    determine which process is calling (i.e. what context the
    code is running in). Is there a way I can determine the
    process name (i.e. explorer.exe, winlogon.exe. etc.)
    using the process id? I want to do this all in the
    kernel without any help from a user mode app.

    Steve.
     
    steve, Feb 1, 2005
    #1
    1. Advertisements

  2. No ways without digging into the undocumented EPROCESS.
     
    Maxim S. Shatskih, Feb 1, 2005
    #2
    1. Advertisements

  3. And, even digging there, there would be a 16-char truncated string,
    that is more informational than anything else.
     
    Ivan Brugiolo [MSFT], Feb 1, 2005
    #3
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.