CBFS Filter 2020 Python Edition

Questions / Feedback?

get_handle_creator_process_name Method

Retrieves the name of the process that opened the file handle.

Syntax

def get_handle_creator_process_name() -> str: ...

Remarks

This method can be called within certain events to retrieve the name of the process that opened the file handle. If the query fails, this method returns empty string.

Applications cannot use this method to retrieve information about remote processes accessing drives shared on the network. Windows does not provide such information due to the nature of remote access.

Note: This method can only be called within the on_after_create_file and on_after_open_file events, and must be called in the same thread that the event was originally fired on. Applications that need the information that this method returns during other events can do the following:

  1. Call this method within the on_after_create_file or on_after_open_file event.
  2. Store the information somewhere, and store a reference to it in the event's HandleContext parameter.
  3. In a later event, access the information via the reference stored in HandleContext.
Please refer to the Contexts topic for more information on how to use events' context parameters.

Note: This method cannot be used from on_cleanup_context event handlers.

Copyright (c) 2022 Callback Technologies, Inc. - All rights reserved.
CBFS Filter 2020 Python Edition - Version 20.0 [Build 8317]