The free OSR Learning Library has more than 50 articles on a wide variety of topics about writing and debugging device drivers and Minifilters. From introductory level to advanced. All the articles have been recently reviewed and updated, and are written using the clear and definitive style you've come to expect from OSR over the years.
Check out The OSR Learning Library at: https://www.osr.com/osr-learning-library/
I want to get the thread ID inside my PCREATE_PROCESS_NOTIFY_ROUTINE callback, since unlike the EX version there is no PPS_CREATE_NOTIFY_INFO in the third argument, what is the proper way of doing this?
I don't want to parse EPROCESS structure of the corresponding PID since its undocumented, i want a stable way of getting the thread ID that works in all windows versions.
I thought of using PsGetCurrentThreadId, but does PsGetCurrentThreadId always return the thread ID of the created process?
|Upcoming OSR Seminars|
|OSR has suspended in-person seminars due to the Covid-19 outbreak. But, don't miss your training! Attend via the internet instead!|
|Writing WDF Drivers||7 Dec 2020||LIVE ONLINE|
|Internals & Software Drivers||25 Jan 2021||LIVE ONLINE|
|Developing Minifilters||8 March 2021||LIVE ONLINE|