Retrieves the name of the process that initiated the operation.
def get_originator_process_name() -> str: ...
This method can be called within certain events to retrieve the name of the process that initiated the operation. If the query fails, this method returns empty string.
Applications cannot use this method to retrieve information about remote processes accessing virtual drives shared on the network. Windows does not provide such information due to the nature of remote access.
Note: This method can only be called within events, and must be called in the same thread that the event was originally fired on. However, it must not be called within events that work with opened files, such as on_read_file and on_write_file, since such events can be initiated by system components (e.g., the cache manager, memory manager, etc.). If applications need the information this method returns during such events, they may do the following:
- Call this method within the on_create_file or on_open_file event.
- Store the information somewhere, and store a reference to it in the event's HandleContext parameter.
- In a later event, access the information via the reference stored in HandleContext.