SeLocateProcessImageName function (ntifs.h)
The SeLocateProcessImageName routine returns the full process image name for the specified process.
Syntax
NTSTATUS SeLocateProcessImageName(
PEPROCESS Process,
PUNICODE_STRING *pImageFileName
);
Parameters
Process
[in/out] Pointer to the process value for which to acquire the name.
pImageFileName
[out] Pointer to an allocated buffer that receives the full image name of the process. The buffer contains a Unicode string followed by the image name string.
Return value
SeLocateProcessImageName returns an NTSTATUS value such as the following.
| Return code | Description |
|---|---|
| STATUS_SUCCESS | The routine successfully returned the process image name. |
| STATUS_NOT_FOUND | The routine could not find the process image name. |
Remarks
The caller is responsible for freeing the buffer that pImageFileName points to, using the ExFreeXxx routine that corresponds to the routine used to allocate the buffer.
Requirements
| Requirement | Value |
|---|---|
| Header | ntifs.h |
| Library | NtosKrnl.lib |
| DLL | NtosKrnl.exe |
| IRQL | PASSIVE_LEVEL |