Re: Process image file path
- From: "Maxim S. Shatskih" <maxim@xxxxxxxxxxxxxxxx>
- Date: Wed, 24 May 2006 15:38:40 +0400
In the WXP ntddk.h file there is an enum value, ProcessImageFileName.
Using this value with ZwQueryInformationProcess returns the path +
filename successfully.
The path? I'm really amazed.
XP SP2's Windows Firewall has the rules based on EXE pathname. To match the app
against these rules, IPNATHLP.DLL (which is the user-mode part of Windows
Firewall) uses good old psapi!GetModuleFileNameEx, which just reads the
target's PEB using ReadProcessMemory and gets the pathname string in the PEB's
child structure of RTL_USER_PROCESS_PARAMETERS.
I would be very much surprised that XP's kernel has a call to get the _Unicode
full pathname_ of the process's EXE.
--
Maxim Shatskih, Windows DDK MVP
StorageCraft Corporation
maxim@xxxxxxxxxxxxxxxx
http://www.storagecraft.com
.
- Follow-Ups:
- Re: Process image file path
- From: Pavel Lebedinsky [MSFT]
- Re: Process image file path
- From: Ivan Brugiolo [MSFT]
- Re: Process image file path
- From: Patrik Moberg
- Re: Process image file path
- References:
- Process image file path
- From: Patrik Moberg
- Process image file path
- Prev by Date: Re: Child display driver ... adding PnP crashes!
- Next by Date: Re: Driver project configuration.
- Previous by thread: Process image file path
- Next by thread: Re: Process image file path
- Index(es):
Relevant Pages
|
