WDK : get processId by name.exe

2023-01-10 09:55 问答作者：

I'开发者_C百科m developing a driver in Windows Filtering Platform and I need the process ID of another process to do what I need to do. I know only the file name of that process (name.exe).

In win32 I could use the function CreateToolhelp32Snapshot to get the list of all processes and I could search the PID there. ( http://msdn.microsoft.com/en-us/library/ms684834(VS.85).aspx )

Unfortunately in kernel mode this stuff is not available. Anyone know how can I obtain the processID knowing only the binary name, by kernel space?

Thanks, Marco

You can use ZwQuerySystemInformation with SystemProcessesAndThreadsInformation information class. This is analogous to CreateToolhelp32Snapshot. However, some of the structs are undocumented. Here's an example:
http://www.volynkin.com/procenum.htm
http://msdn.microsoft.com/en-us/library/ms725506.aspx

继续阅读：kernel process wdk

WDK : get processId by name.exe

更多精彩内容

精彩评论

最新问答

第一次出国飞行流程+注意事项？

再生油（关于再生油的介绍）？

东莞科技进修学院（关于东莞科技进修学院的介绍）？

均为镇政府人员平均年龄不超30？

手机msn在哪里下载（其实很简单）？

问答排行榜

王昌瑞《潜梦追凶》剧组庆生新锐演员未来可期？

Is it allowed to ask users to enter credit card details for own payment method?

Escaping "<" in Perl-generated XML

imessage会显示已读吗？

微信重新建群怎么建？