4 Oct
2012
4 Oct
'12
5:25 a.m.
Christian Costa <titan.costa(a)gmail.com> wrote:
PEPROCESS WINAPI IoGetCurrentProcess(void) { - FIXME("() stub\n"); - return NULL; + TRACE("()\n"); + + /* Return current process id since PEPROCESS is opaque and drivers should not access the struct directly */ + return (PEPROCESS)PsGetCurrentProcessId(); }
The returned pointer is supposed to be passed to various other ntoskrnl APIs, and it's needs to be a valid pointer to the kernel object. Besides many not trivial kernel drivers (if not all) really dig into internal kernel structures. Same for KeGetCurrentThread. -- Dmitry.