On Thursday 04 October 2012 08:25:13 am Dmitry Timoshkov wrote:
> Christian Costa <titan.costa@gmail.com> wrote:
> > ���PEPROCESS WINAPI IoGetCurrentProcess(void)
> > ���{
> > - ��� ���FIXME("() stub\n");
> > - ��� ���return NULL;
> > + ��� ���TRACE("()\n");
> > +
> > + ��� ���/* Return current process id since PEPROCESS is opaque and drivers
> > should not access the struct directly */ + ��� ���return
> > (PEPROCESS)PsGetCurrentProcessId();
> > ���}
>
> The returned pointer is supposed to be passed to various other ntoskrnl
> APIs, and it's needs to be a valid pointer to the kernel object. Besides
> many not trivial kernel drivers (if not all) really dig into internal
> kernel structures.
>
> Same for KeGetCurrentThread.

AFAIK the structure differs for each major version of Windows and some SP too.

At the minimum I saw some drivers expecting that at the returned pointer to be
a "System" C-style string.

I tried submitting a patch before but was not accepted.