From: Serge Zjaikin [serge@stac.ee]
Sent: Friday, August 13, 1999 6:27 AM
To: Joseph Prabhu
Cc: ntdev@atria.com
Subject: RE: [ntdev] Determining Process Names

Also you can take a look at sysinternals.com utilities FILEMON or REGMON,
there is another undocumented way to get the process name.

serge

> -----Original Message-----
> From:	Klaus Peter Gerlicher [SMTP:KlausPG@DiamondMM.com]
> Sent:	Thursday, August 12, 1999 4:00 PM
> To:	Joseph Prabhu
> Cc:	ntdev@atria.com
> Subject:	RE: [ntdev] Determining Process Names
> 
> Yes there is, but it's undocumented and relies on 
> 
> NTSTATUS PsLookupProcessByProcessId(ULONG ProcId,struct _EPROCESS** ppEP);
> 
> used like 
> 
> LPSTR get_process_name(ULONG pid)
> {
> 	struct _EPROCESS* pEP;
> 
> 	if(NT_SUCCESS(PsLookupProcessByProcessId(0x02,&pEP)) )
> 	{
> 		return (LPSTR)((ULONG)pEp+0x1dc) ;
> 	}
> 
> 	return (LPSTR)0;
> }
> 
> process name (16 bytes)
> ppEP->0x1dc (NT 4.0 free)
> ppEP->0x1fc (Win2000 free)
> 
> 
> Regards,
> 
> Dipl.Ing. (FH) Klaus P. Gerlicher
> Software design engineer
> Diamond Multimedia Systems,Inc.
> Tel. +49-(0)8151-266-420
> Klauspg@diamondmm.com
> 
> 
> 
> > -----Original Message-----
> > From:	Joseph Prabhu [SMTP:jose@crosswinds.net]
> > Sent:	Thursday, August 12, 1999 2:51 PM
> > To:	ntdev@atria.com
> > Subject:	[ntdev] Determining Process Names
> > 
> > Hi,
> >  
> >     I am trying to find the name of a process from its process ID. I
> need
> > to find this out in an
> > arbitrary context, hence i am unable to use PsGetCurrentProcess() as it
> > returns the
> > pointer to only the current thread.
> >     Is there any other way of determining the name of a process from its
> > process ID.
> >  
> > Thanx in advance.
> >  
> > Regards,
> > Jose
> >  
>  - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
> [ To unsubscribe, send email to ntdev-request@atria.com with body
> UNSUBSCRIBE (the subject is ignored). ]
 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
[ To unsubscribe, send email to ntdev-request@atria.com with body
UNSUBSCRIBE (the subject is ignored). ]
