Re:How to get Parent Pid from Kernel Driver?

Tech Tip: Click here to run a free scan for Windows Errors and optimize PC performance

---

• From: "anton bassov"<xxx@xxxxxxx>
• Date: Wed, 19 Apr 2006 04:46:13 -0500

---

Hi mate

I often advise "unsupported" things, but here is the exception to the rule -
I would not advise you to access such strcutures as EPROCESS,ETHREAD,etc
(Microsoft changes them all the time). Therefore, I would rather advise you
to call NtQueryInformationProcess() or NtQuerySystemInformation()

Regards

Anton Bassov
.

---

• Follow-Ups:
  • Re: Re:How to get Parent Pid from Kernel Driver?
    • From: Norman Diamond

• References:
  • How to get Parent Pid from Kernel Driver?
    • From: macro

• Prev by Date: BuildSecurityDescriptor returns error 2310 (This shared resource does not exist.)
• Next by Date: Re: Re:How to get Parent Pid from Kernel Driver?
• Previous by thread: How to get Parent Pid from Kernel Driver?
• Next by thread: Re: Re:How to get Parent Pid from Kernel Driver?
• Index(es):
  • Date
  • Thread

• Windows
• Science
• Usenet

• Archive
• About
• Privacy
• Search
• Imprint

www.tech-archive.net  > Archive  > Development  > microsoft.public.win32.programmer.kernel  > 2006-04