Reply To: retrieving full process image path name in kernel mode

Home Forums Discussions General retrieving full process image path name in kernel mode Reply To: retrieving full process image path name in kernel mode

#5880
Vadim Smirnov
Keymaster

    I have started to use SerpentFly’s suggestions, thus:
    PEPROCESS pEprocess = PsGetCurrentProcess();
    HANDLE SectionHandle = pEprocess->SectionHandle;

    I guess you are going to create a driver which supports all NT operating systems, so first of all you have to determine operating system version and then depending of it use the matching EPROCESS definition (from one post above). An example for Windows 2000 it would be as the following:

    PEPROCESS_W2K pEprocess = (PEPROCESS_W2K)PsGetCurrentProcess();
    HANDLE SectionHandle = pEprocess->SectionHandle;