tags:

views:

28

answers:

1
Q: 

WDK : get processId by name.exe

Hi, I'm developing a driver in Windows Filtering Platform and I need the process ID of another process to do what I need to do. I know only the file name of that process (name.exe).

In win32 I could use the function CreateToolhelp32Snapshot to get the list of all processes and I could search the PID there. ( http://msdn.microsoft.com/en-us/library/ms684834(VS.85).aspx )

Unfortunately in kernel mode this stuff is not available. Anyone know how can I obtain the processID knowing only the binary name, by kernel space?

Thanks, Marco

A: 

Depending on the timing, it seems that you could call PsSetCreateProcessNotifyRoutineEx() with your own handler for CreateProcessNotifyEx(). Your CreateProcessNotifyEx() will then receive a pointer to a PS_CREATE_NOTIFY_INFO. In this struct is the field ImageFileName and also the bit FileOpenNameAvailable.

The program name will be in the Unicode string pointed to by ImageFileName. If FileOpenNameAvailable, then that string will contain the fully-qualified path to the binary. Otherwise, expect to find only the module name, possibly without the extension.

Heath Hunnicutt  2010-08-07 22:59:15
Thanks for your reply!According with MSDN: "The PsSetCreateProcessNotifyRoutineEx routine registers or removes a callback routine that notifies the caller when a process is created or exits."So unfortunately it doesn't seem what I need.I need to know the process that already are running because my driver are loaded after the application starts.
Marco  2010-08-08 01:26:33
@Marco, you are welcome. Yes, that is what I wondered with "depending on the timing..." Sorry that doesn't work for you...If I remember right, the PEB has a double-linked list in it somewhere, and from that you can get to all the PEBs on the system.
Heath Hunnicutt  2010-08-08 02:18:10

related questions

any good tool for makefile generation?
How do you pass a function as a parameter in C?
Where should a veteran C programmer start in order to master Java ?
Any good book on best practice and guidelines in developing a SDK in C?
How do you determine the size of a file in C?
Decoding printf statements in C (Printf Primer)
Shift operator in C
How to avoid redefining VERSION, PACKAGE, etc.
Alpha blending sprites in Nintendo DS Homebrew
When should I use type abstraction in embedded systems
How to implement continuations?
What are the barriers to understanding pointers and what can be done to overcome them?
Anyone have experience creating a shared library in MATLAB?
String.indexOf function in C
Passing multidimensional arrays as function arguments in C
C/C++ library for reading MIDI signals from a USB MIDI device
Choosing a static code analysis tool
How do you printf an unsigned long long int?
Good STL-like library for C.
Rockbox audio format
Why am I getting a malloc: double free error with realloc()?
Should I learn C?
GTK implementation of MessageBox
Is gettimeofday() guaranteed to be of microsecond resolution?
How to use the C socket API in C++ on z/OS