GetHandleCreatorProcessId Method

Retrieves the Id of the process (PID) that opened the file handle.

Syntax

int GetHandleCreatorProcessId();
INT GetHandleCreatorProcessId();

Remarks

This method can be called within certain events to retrieve the Id of the process (PID) that opened the file handle. If the query fails, this method returns 0.

Please note that PIDs are not unique, and may be reused by different processes over time (though in practice, this is uncommon).

Applications cannot use this method to retrieve information about remote processes accessing drives shared on the network. Windows does not provide such information due to the nature of remote access.

Note: This method can only be called within the AfterCreateFile and AfterOpenFile events, and must be called in the same thread that the event was originally fired on. Applications that need the information that this method returns during other events can do the following:

  1. Call this method within the AfterCreateFile or AfterOpenFile event.
  2. Store the information somewhere, and store a reference to it in the event's HandleContext parameter.
  3. In a later event, access the information via the reference stored in HandleContext.
Please refer to the Contexts topic for more information on how to use events' context parameters.

Error Handling (C++)

This method returns an Integer value; after it returns, call the GetLastErrorCode() method to obtain its result code; 0 indicates success, while a non-zero error code indicates that this method encountered an error during its execution. If an error occurs, the GetLastError() method can be called to retrieve the associated error message.

 
 
Copyright (c) 2021 Callback Technologies, Inc. - All rights reserved.
CBFS Filter 2020 C++ Edition - Version 20.0 [Build 7836]