Question

I am writing my first device driver.

I am trying to figure out, which process generated a given IRP.

Obj->MajorFunction[IRP_MJ_DIRECTORY_CONTROL] = dirCtl;

NTSTATUS dirCtl(IN PDEVICE_OBJECT DeviceObject, IN PIRP Irp);

Given the DeviceObject/Irp how can I find out which user-land process tried to query a directory? (e.g. explorer.exe)

Était-ce utile?

La solution

Most of the time PsGetCurrentProcessId() will do the trick since kernel is actually resides in process' memory space.

Licencié sous: CC-BY-SA avec attribution
Non affilié à StackOverflow
scroll top