Problem with FltGetRequestorProcessId()

#8419 by irp
Mon Sep 05, 2011 5:13 pm

Hi all,

from msdn: FltGetRequestorProcessId returns the process ID for the process that the requesting thread is currently attached to. This process may or may not be the same process that created the thread.

So, there is a way to find the owner process ID?

Thanks, irp

Username

irp

Posts

Joined

Sat Aug 20, 2011 8:03 am

Re: Problem with FltGetRequestorProcessId()

#8450 by EP_X0FF
Wed Sep 07, 2011 1:02 pm

FLT_CALLBACK_DATA has Thread field (Pointer to the thread that initiated the I/O operation), which is PETHREAD.

ep = IoThreadToProcess(et), id = PsGetProcessId(ep)

?

FltGetRequestorProcessId just PsGetProcessId for result of FltGetRequestorProcess which calls IoGetRequestorProcess / IoGetCurrentProcess.

Ring0 - the source of inspiration

Username

EP_X0FF

Rank

Global Moderator

Posts

4947

Joined

Sun Mar 07, 2010 5:35 am

Location

Russian Federation

Contact

Re: Problem with FltGetRequestorProcessId()

#8459 by irp
Wed Sep 07, 2011 8:49 pm

Hello,

thank for your reply and sorry for my question, pretty banal (I'm just at the beginning). Irp

Username

irp

Posts

Joined

Sat Aug 20, 2011 8:03 am

Page 1 of 1
3 posts