2012/10/4 Paul Chitescu paulc@voip.null.ro
On Thursday 04 October 2012 08:25:13 am Dmitry Timoshkov wrote:
Christian Costa titan.costa@gmail.com wrote:
PEPROCESS WINAPI IoGetCurrentProcess(void) {
- FIXME("() stub\n");
- return NULL;
- TRACE("()\n");
- /* Return current process id since PEPROCESS is opaque and drivers
should not access the struct directly */ + return (PEPROCESS)PsGetCurrentProcessId(); }
The returned pointer is supposed to be passed to various other ntoskrnl APIs, and it's needs to be a valid pointer to the kernel object. Besides many not trivial kernel drivers (if not all) really dig into internal kernel structures.
Same for KeGetCurrentThread.
AFAIK the structure differs for each major version of Windows and some SP too.
I was expecting something like this. :(
At the minimum I saw some drivers expecting that at the returned pointer to be a "System" C-style string.
Which windows version it is ? In Vista definition the first basic element can be either an UCHAR or an ULONG. Not a char buffer.
I tried submitting a patch before but was not accepted.