I'开发者_C百科m developing a driver in Windows Filtering Platform and I need the process ID of another process to do what I need to do. I know only the file name of that process (name.exe).
In win32 I could use the function CreateToolhelp32Snapshot to get the list of all processes and I could search the PID there. ( http://msdn.microsoft.com/en-us/library/ms684834(VS.85).aspx )
Unfortunately in kernel mode this stuff is not available. Anyone know how can I obtain the processID knowing only the binary name, by kernel space?
Thanks, Marco
You can use ZwQuerySystemInformation with SystemProcessesAndThreadsInformation information class. This is analogous to CreateToolhelp32Snapshot. However, some of the structs are undocumented. Here's an example:
http://www.volynkin.com/procenum.htm
http://msdn.microsoft.com/en-us/library/ms725506.aspx
![Interactive visualization of a graph in python [closed]](https://www.devze.com/res/2023/04-10/09/92d32fe8c0d22fb96bd6f6e8b7d1f457.gif)
加载中,请稍侯......
精彩评论