Question

I am writing my first device driver.

I am trying to figure out, which process generated a given IRP.

Obj->MajorFunction[IRP_MJ_DIRECTORY_CONTROL] = dirCtl;

NTSTATUS dirCtl(IN PDEVICE_OBJECT DeviceObject, IN PIRP Irp);

Given the DeviceObject/Irp how can I find out which user-land process tried to query a directory? (e.g. explorer.exe)

Was it helpful?

Solution

Most of the time PsGetCurrentProcessId() will do the trick since kernel is actually resides in process' memory space.

Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top