Re: ProcessNotifyRoutine and NtQueryInformationProcess

Tech Tip: Click here to run a free scan for Windows Errors and optimize PC performance

From: "Don Burn" <burn@xxxxxxxxxxxxxxxxxxxx>
Date: Fri, 12 Oct 2007 08:22:02 -0400

Well you have another problem the process is not in then process table when
the notify routineis called so you cannot open it or get details

What are you trying to do?

--
Don Burn (MVP, Windows DDK)
Windows 2k/XP/2k3 Filesystem and Driver Consulting
Website: http://www.windrvr.com
Blog: http://msmvps.com/blogs/WinDrvr
Remove StopSpam to reply

"Eugene Korobko" <ekorobko@xxxxxxxxx> wrote in message
news:%23N80tcMDIHA.3716@xxxxxxxxxxxxxxxxxxxxxxx

Hi All!

Sorry for stupid question, I'm newer in driver development.

I added process creation notifier with
PsSetCreateProcessNotifyRoutine

function. My handler called succesfully, but it gets

HANDLE ProcessId

only. I need some details for the process being created, ecactly Desktop
name.

There is a function

NtQueryInformationProcess

that should return

PROCESS_BASIC_INFORMATION

structure and this structure contains pointer to PEB.

But it wants process handle, not process id. Could anybody give me any
sample? Tha task seems to be common.

Thanks,

Eguene Korobko

Follow-Ups:
- Re: ProcessNotifyRoutine and NtQueryInformationProcess
  - From: Eugene Korobko

Prev by Date: Re: Detecting OS loader lock
Next by Date: Re: ProcessNotifyRoutine and NtQueryInformationProcess
Previous by thread: Interacting with winlogon Desktop of Windows Vista
Next by thread: Re: ProcessNotifyRoutine and NtQueryInformationProcess
Index(es):
- Date
- Thread

Relevant Pages

Re: data exchange betwen driver and gui aplication
... and lock the buffer. ... Don Burn (MVP, Windows DDK) ... Windows 2k/XP/2k3 Filesystem and Driver Consulting ...
(microsoft.public.development.device.drivers)
Re: running app from driver
... ZwCreateProcess creates a process in kernel mode, you then just have to use ... > Thanks Don for all the information, but i am trying to do as a lab project> and i am doing only for XP OS and i am ok with using undocumented fn's like> ZwCreateProcess() as it is only for lab purpose just to prove some concept. ... >> Don Burn (MVP, Windows DDK) ... >> Windows 2k/XP/2k3 Filesystem and Driver Consulting ...
(microsoft.public.development.device.drivers)
Re: Device Initialization File
... Don Burn ... SetupDiGetDeviceRegistryProperty with>> the same DeviceInfoData argument will allow you to get the UI number (i.e.>> the PCI slot and bus number) for this device. ... >> Don Burn (MVP, Windows DDK) ... >> Windows 2k/XP/2k3 Filesystem and Driver Consulting ...
(microsoft.public.development.device.drivers)
Re: WDM driver start from user mode
... In the current version install just takes the inf and the hardware ID so yes ... Don Burn (MVP, Windows DDK) ... Windows Filesystem and Driver Consulting ... The message was checked by ESET NOD32 Antivirus. ...
(microsoft.public.development.device.drivers)
Re: PnP manager berserk ??
... Don Burn (MVP, Windows DDK) ... Windows 2k/XP/2k3 Filesystem and Driver Consulting ... When I plug something into the USB or I insert a PCI card (new hardware), ...
(microsoft.public.win2000.general)