https://github.com/im-razvan/kernel_findprocessbyname

Stealthy, kernel way to find a process by its name.
https://github.com/im-razvan/kernel_findprocessbyname

kernel kernel-driver

Last synced: 6 months ago
JSON representation

Stealthy, kernel way to find a process by its name.

• Host: GitHub
• URL: https://github.com/im-razvan/kernel_findprocessbyname
• Owner: im-razvan
• Created: 2025-01-08T21:44:57.000Z (about 1 year ago)
• Default Branch: main
• Last Pushed: 2025-01-08T21:45:13.000Z (about 1 year ago)
• Last Synced: 2025-08-05T04:45:11.874Z (6 months ago)
• Topics: kernel, kernel-driver
• Language: C
• Homepage: https://www.unknowncheats.me/forum/c-and-c-/681255-kernel-findprocessbyname.html
• Size: 1000 Bytes
• Stars: 2
• Watchers: 1
• Forks: 1
• Open Issues: 0
• Metadata Files:
  • Readme: README.md

Awesome Lists containing this project

README

          
# FindProcessByName.h

Finds the `PEPROCESS` for a process name by traversing `ActiveProcessLinks` & comparing `ImageFileName` values.

### [!] This was made for Windows 11 23H2 / 22631.

- For other versions you will need to remake the `_MY_EPROCESS` struct. This can be done easily using `WinDbg`.