What does the lead "\ ?? \" mean on the way to the window?

Question

What does the lead "\ ?? \" mean on the way to the window?

When using GetModuleFileNameEx to request a path to a sample of a running process, some processes have an image path starting with "\ ?? \". For example, while most processes start "C: \ WINDOWS", some processes start "\ ?? \ C: \ WINDOWS".

What does the leading \ ?? \ mean on the way to the window?

+6

windows winapi path

kdt Apr 15 '10 at 9:01

source share

2 answers

2 question marks in front of the drive letter, i.e. \ ?? \ c: means it works in Kernal mode. (In PICK or a multi-valued OS, we will call this level "monitor mode", where the instruction can directly address the memory or execute the IO disk.) The kernel mode is better explained in this message: What to do "\\. \", "\ ?? \ ", \\? \", "\\" means? what was indicated by dot com

Another way to put it; user mode leaves the workspace for the user / window, while kernel mode uses a memory space common to all, which means that you can stop the machine and not interrupt only one window / tab in Windows.

I leave it to search in kernel mode (engine)

-one

CliffOnTheRoad Apr 24 '16 at 2:18

source share

Richiehindle · Accepted Answer · 2010-04-15T09:04:23+0000

This is a long Unicode length path - see Naming Files, Paths , and Namespaces on MSDN (section "Limiting Maximum Path Length").

(By the way, do you mean \\?\ , Not \??\ ?)

What does the lead "\ ?? \" mean on the way to the window?

More articles: