Can handles leak after calling PsGetCurrentProcessID?

Hello,

If writing a kernel mode driver which calls PsGetCurrentProcessID, how should the handles which are returned from this function be closed (or do they need to be closed at all)?

The reason I ask is that I’m conscious not to call ZwClose in situations where ExGetPreviousMode would return UserMode.

As I see it, the possibilities are:

  1. The handles do not need to be closed.

  2. The handles do need to be closed and I need to keep hold of them and close them later when it is safe to do so (i.e when ExGetPreviousMode returns KernelMode).

Can anyone advise on how this situation should be handled? Apologies if the answer should be obvious, unfortunately the documentation doesn’t discuss this aspect and I want to avoid leaking handles or worse.

Thanks in advance.

Ishan

You don’t need to do anything to clean up the value returned, it’s simply
the value of a field of the current process (you can step through it in the
debugger to confirm, the routine is only a few lines of assembly).

-scott
OSR

wrote in message news:xxxxx@ntdev…

Hello,

If writing a kernel mode driver which calls PsGetCurrentProcessID, how
should the handles which are returned from this function be closed (or do
they need to be closed at all)?

The reason I ask is that I’m conscious not to call ZwClose in situations
where ExGetPreviousMode would return UserMode.

As I see it, the possibilities are:

  1. The handles do not need to be closed.

  2. The handles do need to be closed and I need to keep hold of them and
    close them later when it is safe to do so (i.e when ExGetPreviousMode
    returns KernelMode).

Can anyone advise on how this situation should be handled? Apologies if the
answer should be obvious, unfortunately the documentation doesn’t discuss
this aspect and I want to avoid leaking handles or worse.

Thanks in advance.

Ishan

Great, thanks for the quick reply Scott.

PsGetCurrentProcessID does NOT return a handle. It returns (as its name says) the process ID. If you call CloseHandle on it, you’ll be closing random handles of random processes.