From: Serge Zjaikin [serge@stac.ee] Sent: Friday, August 13, 1999 6:27 AM To: Joseph Prabhu Cc: ntdev@atria.com Subject: RE: [ntdev] Determining Process Names Also you can take a look at sysinternals.com utilities FILEMON or REGMON, there is another undocumented way to get the process name. serge > -----Original Message----- > From: Klaus Peter Gerlicher [SMTP:KlausPG@DiamondMM.com] > Sent: Thursday, August 12, 1999 4:00 PM > To: Joseph Prabhu > Cc: ntdev@atria.com > Subject: RE: [ntdev] Determining Process Names > > Yes there is, but it's undocumented and relies on > > NTSTATUS PsLookupProcessByProcessId(ULONG ProcId,struct _EPROCESS** ppEP); > > used like > > LPSTR get_process_name(ULONG pid) > { > struct _EPROCESS* pEP; > > if(NT_SUCCESS(PsLookupProcessByProcessId(0x02,&pEP)) ) > { > return (LPSTR)((ULONG)pEp+0x1dc) ; > } > > return (LPSTR)0; > } > > process name (16 bytes) > ppEP->0x1dc (NT 4.0 free) > ppEP->0x1fc (Win2000 free) > > > Regards, > > Dipl.Ing. (FH) Klaus P. Gerlicher > Software design engineer > Diamond Multimedia Systems,Inc. > Tel. +49-(0)8151-266-420 > Klauspg@diamondmm.com > > > > > -----Original Message----- > > From: Joseph Prabhu [SMTP:jose@crosswinds.net] > > Sent: Thursday, August 12, 1999 2:51 PM > > To: ntdev@atria.com > > Subject: [ntdev] Determining Process Names > > > > Hi, > > > > I am trying to find the name of a process from its process ID. I > need > > to find this out in an > > arbitrary context, hence i am unable to use PsGetCurrentProcess() as it > > returns the > > pointer to only the current thread. > > Is there any other way of determining the name of a process from its > > process ID. > > > > Thanx in advance. > > > > Regards, > > Jose > > > - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - > [ To unsubscribe, send email to ntdev-request@atria.com with body > UNSUBSCRIBE (the subject is ignored). ] - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - [ To unsubscribe, send email to ntdev-request@atria.com with body UNSUBSCRIBE (the subject is ignored). ]