Returns the PID (ID of the process) that initiated the operation
function GetOriginatorProcessId(var ProcessId : LongWord) : boolean;
bool GetOriginatorProcessId(LPDWORD ProcessId);
bool __fastcall GetOriginatorProcessId(unsigned long &ProcessId);
bool GetOriginatorProcessId(UInt32% ProcessId);
bool GetOriginatorProcessId(ref UInt32 ProcessId);
Function GetOriginatorProcessId(ByRef ProcessId As UInt32) As Boolean
TRUE / true if the function succeeded or FALSE / false if the function failed.
Use GetOriginatorProcessId to get the ID of the process that originated the operation.
Call this method only from the callback / event handlers.
Do not call this method from handlers for OnReadFile*, OnWriteFile* and other callbacks that work with opened files, as that callbacks can be initiated by the system components (cache manager, memory manager etc.). Instead do the following:
If you monitor shared disk, you might want to get the name and/or ID of the remote process which accesses the disk. Unfortunately Windows doesn't provide such information due to the nature of the remote access.