Get ImageFileName(Dos) from EPROCESS

Topic locked

Get ImageFileName(Dos) from EPROCESS

#11818 by Hippey
Sun Feb 26, 2012 12:54 pm

Hi all!

Can anybody give me a code, which would extract ImageFileName of EPROCESS in Dos format(like C:\\) for kernel driver?

Thanks!

Username

Hippey

Posts

Joined

Wed Oct 19, 2011 2:16 pm

Re: Get ImageFileName(Dos) from EPROCESS

#11820 by rkhunter
Sun Feb 26, 2012 1:14 pm

How do you imagine that? ImageFileName holds only ImageName, "explorer.exe", for example. Look PsGetProcessImageFileName for that. Other information is stored in PEB and you can access it through NtQueryInformationProcess.

Username

rkhunter

Posts

1156

Joined

Mon Mar 15, 2010 12:51 pm

Location

Russian Federation

Contact

Re: Get ImageFileName(Dos) from EPROCESS

#11843 by EP_X0FF
Mon Feb 27, 2012 1:53 pm

Hippey wrote:Hi all!

Can anybody give me a code, which would extract ImageFileName of EPROCESS in Dos format(like C:\\) for kernel driver?

Thanks!

http://www.kernelmode.info/forum/viewto ... 03&p=10941

Closed as duplicate. Author gets achievement - creation of three closed topics.

Ring0 - the source of inspiration

Username

EP_X0FF

Rank

Global Moderator

Posts

4947

Joined

Sun Mar 07, 2010 5:35 am

Location

Russian Federation

Contact

Topic locked

Page 1 of 1
3 posts

Return to “Newbie Questions”

Display:

Sort by:

Jump to: