How to get Process name from process id in windows through C++ without enumerating process?

Question

I need to get process name from process id in windows to find process names associated with a logged event. It is able to get Execution process id only from the logged event. Process handle is the required input to use GetProcessImageFileName() method. It's not able to get process handle from logged event.

In the duplicate question, it talks about currently running process. But I need not currently running process since it talks about logged event. & I have a doubt of whether processID vs processName combination is unique or not in Windows. So need to consider that also..

I expect that there must be some structure to map process id to process name. Are there any structure so? or any other methods to get process image name from process id?

Answer 1

I need to get process name from process id in windows to find process names associated with a logged event.

If you are getting the Process ID from a log, it will only be valid if the original process is still running. Otherwise, the ID is no longer valid for that process name. If the process has already exited before you read the log, all bets are off.

I need not currently running process since it talks about logged event.

Then you are out of luck, if the original process name was not logged.

I have a doubt of whether processID vs processName combination is unique or not in Windows.

A Process ID is unique only while being used for a running process. Once a process ends, its Process ID is no longer valid, and can be re-used for a subsequent new process.

I expect that there must be some structure to map process id to process name.

Yes, but only for a running process. You can pass the Process ID to OpenProcess(). If successful, it will return a HANDLE to the running process. You can then pass that HANDLE to GetModuleFileName(), GetProcessImageFileName(), or QueryFullProcessImageName(), depending on OS version and permissions you are able to gain from OpenProcess().