SeLocateProcessImageName - NtDoc

Native API online documentation, based on the System Informer (formerly Process Hacker) phnt headers 
// ntifs.h

NTSTATUS SeLocateProcessImageName(
  PEPROCESS       Process,
  PUNICODE_STRING *pImageFileName
);
View the official Windows Driver Kit DDI reference

NtDoc

No description available.

Edit description on GitHub

Windows Driver Kit DDI reference (nf-ntifs-selocateprocessimagename)

Description

The SeLocateProcessImageName routine returns the full process image name for the specified process.

Parameters

Process

[in/out] Pointer to the process value for which to acquire the name.

pImageFileName

[out] Pointer to an allocated buffer that receives the full image name of the process. The buffer contains a Unicode string followed by the image name string.

Return value

SeLocateProcessImageName returns an NTSTATUS value such as the following.

Return code Description
STATUS_SUCCESS The routine successfully returned the process image name.
STATUS_NOT_FOUND The routine could not find the process image name.

Remarks

The caller is responsible for freeing the buffer that pImageFileName points to, using the ExFree*Xxx* routine that corresponds to the routine used to allocate the buffer.

See also

ExAllocatePool2

ExAllocatePoolWithTag

ExFreePool2

ExFreePoolWithTag

View the official Windows Driver Kit DDI reference

Edit description on GitHub