Shut the fuck up if you've come here to bitch. You came in the C++ section, go fuck yourself if you didn't expect this.
Anyway, because I have such a low self-asteem and I need to boost my ego from online users I've never met, by posting source code(because that's the only reason I'd ever post it) I've written up this post.
I am writing a Driver to protect another process(it's a work in progress). And I noticed that there aren't any functions to get a process handle via it's image name. So I did some googling, turns out, if it's there, it sure as hell is hard to find. I couldn't find a single result that showed me how. After doing some research on the undocumented members of a couple structs, and the ZwOpenProcess API, I found out how to get a handle to the targeted process. I think some people could benifit greatly from this, so I'm going to be posting it here on MPGH, and you're free to redistribute it in any form anywhere else. Also note, it's C and I believe C is a little less strict with the type system. The code is fairly simple to understand(at least for those who've landed on this page via google). These are stripped down header and source files from my JRK project.
While it's not copy-paste friendly, this is supposed to be an example.
[/PHP]winstructs.h : I took some of these structs from a website which lists undocumented structs & members
typedef struct _SYSTEM_THREADS
/* If ALLOW_BUFFER_ALLOCATION_RAISED is defined, buffers are allowed to exceed their fixed limit to provide a larger buffer, which may
* be required for API calls that require a buffer with an unknown and varying required size. Regardless if this is defined or not,
* BUFFER_INCREASE_PER_CYCLE must be defined.
#define BUFFER_INCREASE_PER_CYCLE 0x200 //When buffer size is not large enough, it will be increased by this amount.
#define ALLOW_MUST_SUCCEED_ALLOCATIONS 1 //Dangerous and could cause system crashes on systems with low resources. However if the buffer isn't huge, it is safe. I have to use it on my VM because of it's low amount of virtual ram.
#define SYS_INFO_PROCESSES_SIZE 0x8000
#define SystemProcessesAndThreadsInformation 5 //I had an enumerator here for all the members of, but to strip down code, I replaced it with the single required definition. If you need a list of these, they should be listed in any webpage that discuss undocumented kernel APIs.