IoGetInitiatorProcess function (ntddk.h)
The IoGetInitiatorProcess routine retrieves the process which initiated the creation of a file object if different than the process which is issuing the create.
Syntax
PEPROCESS IoGetInitiatorProcess(
[in] PFILE_OBJECT FileObject
);
Parameters
[in] FileObject
The file object from which to retrieve the initiator process.
Return value
NULL if there is no initiator process. Otherwise, a pointer to which process initiated the creation of the file object.
Remarks
A driver normally uses IoGetInitiatorProcess to determine which process has issued a request. However, there are situations where a system component may issue a create on behalf of another process (after a successful create the component will duplicate the handle to the process). This routine can be used if the driver must know which process the create operation is ultimately intended for.
Requirements
| Requirement | Value |
|---|---|
| Target Platform | Universal |
| Header | ntddk.h (include Ntddk.h) |
| Library | NtosKrnl.lib |
| DLL | NtosKrnl.exe |
| IRQL | <= DISPATCH_LEVEL |
Feedback
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see: https://aka.ms/ContentUserFeedback.
Submit and view feedback for