31 May
2020
31 May
'20
3:11 p.m.
On 5/31/20 17:51, Jacek Caban wrote:
Hi Paul,
On 31.05.2020 16:41, Paul Gofman wrote:
+ if (!(h = OpenProcess( PROCESS_ALL_ACCESS, FALSE, process->info.UniqueProcessId))) + { + WARN("Could not open process %#04lx.\n", process->info.UniqueProcessId); + return NULL; + }
This should work, but ObOpenObjectByPointer() is generally used when we need a handle from a kernel object pointer.
Yeah, thanks, I will change that. Somehow I was confused by the fact that OpenProcess() is used throughout the ntoskrnl.c, but that's probably for the cases when kernel object is not available.