通过EPROCESS获取进程名

VOID DisplayItsProcessName(){    // 得到当前进程    PEPROCESS pEprocess = PsGetCurrentProcess();        // 得到当前进程名称    PTSTR ProcessName = (PTSTR)((ULONG)pEprocess + 0x174);    KdPrint(("%s \r\n", ProcessName));}

lkd> ! process 0 0

……

PROCESS 887ae768 SessionId: 0 Cid: 0d84 Peb: 7ffdd000 ParentCid: 0780
DirBase: 0ebc0580 ObjectTable: e1697608 HandleCount: 60.
Image: windbg.exe

lkd> dt _eprocess 887ae768
……

+0x174 ImageFileName : [16] "windbg.exe"

……