PsGetProcessImageFileName

PsGetProcessImageFileName

• https://community.osr.com/discussion/109252/psgetprocessimagefilename
  
  问:in my filter driver, i would like to get the process name using PsGetProcessImageFileName. but it is not documented. can anyone tell me the pros and cons of using PsGetProcessImageFileName
  答:
  IIRC this only returns the short name (without directory path), it is ANSI
  and is limited to 8.3. These are the names you see in Task Manager.
  PsGetProcessImageFileName just returns the EPROCESS field, which has all of
  the above limitations.
  
  PS:
  1. PsGetProcessImageFileName 没有官方的文档说明
  2. PsGetProcessImageFileName 编码是ANSI,Task Manager中看到的名字返回，无路径说明。
  
  -ansi编码
  在简体中文Windows操作系统中，ANSI 编码代表GBK 编码；在繁体中文Windows操作系统中，ANSI编码代表Big5；在日文Windows操作系统中，ANSI 编码代表Shift_JIS 编码。