Home/ Questions/Q 8550987
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-11T14:05:33+00:00

I’m starting to write a TDI filter driver, and one of the things I’d

  • 0

I’m starting to write a TDI filter driver, and one of the things I’d like to know is which process is generating the requests. I’m guessing the info is available somewhere in the (mostly undocumented) structures. For example, I currently get the IP address and port inside TDI_CONNECT event like this:

stackIrp = IoGetCurrentIrpStackLocation(irp);
connectRequest = (TDI_REQUEST_KERNEL_CONNECT*) &stackIrp->Parameters;
transportAddr = (TRANSPORT_ADDRESS*) connectRequest->RequestConnectionInformation->RemoteAddress;
taAddr = (TA_ADDRESS*) transportAddr->Address;
ipAddr = (TDI_ADDRESS_IP*) taAddr->Address;

Do I end up just getting a socket handle and I have to work backwards to get process info, or do I get a process ID somewhere?

Ultimately I’d like to know the process info (EXE name, handle, etc), but also will need to know the Windows user that owns the session the process is running in… because yah, I’m writing yet another website filtering app, and like all of the others it needs to allow for different options per user.

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    You may use the ‘IoGetRequestorProcessId’ routine, which described at http://msdn.microsoft.com/en-us/library/windows/hardware/ff548391(v=vs.85).aspx, to get an unique 32-bit ULONG process id for the thread that originally request a given I/O operation.

    After you get the process id, you can retrieve the process information, such as EXE name, modules, execution path and something else in a user-mode application.

    • 0