This method is deprecated.
Returns the executable path (including name of the image) associated with a given thread.
HRESULT
GetExecutablePathForThreadId(
[in] int ThreadId,
[out, retval] BSTR* PathBuffer
)
ThreadId [in]
The identifier of the thread for which the executable image path is being sought.
PathBuffer [out, retval]
A pointer to a BSTR into which the result is stored on success. On return with success, a string holding the path to the executable image name associated with the thread. On return with an error status, the contents of PathBuffer are undefined.
A standard HRESULT value indicating the success or failure of the lookup operation.
Note that this method can fail due to security reasons, when called for certain Windows protected processes. This is by (Microsoft’s) design and cannot be bypassed.
Important: This method is deprecated and is pending removal from FESF. Do not use it. Convert existing code that uses it as soon as possible. Use the equivalent function provided by the FesfUtil2 Library.
On success, this method returns a fully qualified executable path for the executable image associated with the thread identified by the provided ThreadId (TID). This method relies on support from the FESF Kernel Mode Components to ensure that all TIDs, even those of protected processes, can be translated to a path.
This method will return one of four different path formats:
5. Local volume, mount point found
e:\FileTest.exe
6. Local volume, no mount point
\\?\Volume{xxx}\FileTest.exe
7. Network share
\\Server\Share\FileTest.exe
8. Shadow volume
\\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy9\FileTest.exe
If the thread is owned by the system process, then this method will return System as the path.
Note that methods in the FESF Utility library are only designed for use when FESF is installed and the FESF Kernel Mode Components are running.
See the example shown at GetSidForThreadId.
The provided Sample Policy DLL (in the UM_Sample solution) contains multiple examples that illustrate the use of GetExecutablePathForThreadId.
|
Software version |
FESF V1 (or later) |
|
DLL |
FESFUtility.DLL |
|
Supported FESF State |
FESF Online State |
|
Type Library |
\UM_FESF\UMLIB\FESFUTILITY.TLB |
|
IID |
IFesfUtil (please use the defintion from the Type Library) |
|
CLSID |
FesfUtil (please use the definition from the Type Library) |