WDK : get processId by name.exe

I'开发者_C百科m developing a driver in Windows Filtering Platform and I need the process ID of another process to do what I need to do. I know only the file name of that process (name.exe).

In win32 I could use the function CreateToolhelp32Snapshot to get the list of all processes and I could search the PID there. ( http://msdn.microsoft.com/en-us/library/ms684834(VS.85).aspx )

Unfortunately in kernel mode this stuff is not available. Anyone know how can I obtain the processID knowing only the binary name, by kernel space?

Thanks, Marco

You can use ZwQuerySystemInformation with SystemProcessesAndThreadsInformation information class. This is analogous to CreateToolhelp32Snapshot. However, some of the structs are undocumented. Here's an example:
http://www.volynkin.com/procenum.htm
http://msdn.microsoft.com/en-us/library/ms725506.aspx