PsGetCurrentProcessId and IoGetRequestorProcessId

OSR_Community_User · November 10, 2005, 2:24pm

Do these two return the value with the same meaning? I.e. assuming
no pending was done, would IoGetReuqestorProcessId(Irp) and
PsGetCurrentProcessId return the same value?
I ask because one returns a HANDLE, the other a ULONG.

–
Kind regards, Dejan M.
http://www.alfasp.com E-mail: xxxxx@alfasp.com
Alfa Transparent File Encryptor - Transparent file encryption services.
Alfa File Protector - File protection and hiding library for Win32
developers.
Alfa File Monitor - File monitoring library for Win32 developers.

OSR_Community_User · November 10, 2005, 2:43pm

Funny you should ask - I had a conversation recently with a very
reputable dev @ Microsoft on this very issue.

This is a bug in the definition of IoGetRequestorProcessId - it does in
fact return a HANDLE. I’m honestly not sure why nobody saw this issue
before (think of kernel handle’s with the high bit set - or is that bit
31? Probably because a process ID is not likely to have its high bit
set) but they didn’t.

As a result, this error has crept into filter manager as well. It’s a
pretty low impact issue because a “process ID” is a handle in a special
handle table used for processes and threads; thus, it represents the
offset into that table. To overflow the first 31 bits you’ll have to
have a LOT of handles (each entry is 8 bytes on x86; I assume it is 16
bytes on x64 but I haven’t verified this.)

I’m not sure how they will resolve this one, since this is a bug in the
API - change the API, break existing code. Don’t change the API, risk
someone on one of those 1TB 64-bit boxes creating the requisite number
of threads and failing in mysterious and difficult to debug ways. Of
course, those folks with the 1TB ia64 boxes are exactly the people who
WILL debug an issue like this, particularly when their 16TB SQL 2005
database crashes as a result.

Regards,

Tony

Tony Mason
Consulting Partner
OSR Open Systems Resources, Inc.
http://www.osr.com

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Dejan Maksimovic
Sent: Thursday, November 10, 2005 2:24 PM
To: ntfsd redirect
Subject: [ntfsd] PsGetCurrentProcessId and IoGetRequestorProcessId

Do these two return the value with the same meaning? I.e. assuming
no pending was done, would IoGetReuqestorProcessId(Irp) and
PsGetCurrentProcessId return the same value?
I ask because one returns a HANDLE, the other a ULONG.

–
Kind regards, Dejan M.
http://www.alfasp.com E-mail: xxxxx@alfasp.com
Alfa Transparent File Encryptor - Transparent file encryption services.
Alfa File Protector - File protection and hiding library for Win32
developers.
Alfa File Monitor - File monitoring library for Win32 developers.

Questions? First check the IFS FAQ at
https://www.osronline.com/article.cfm?id=17

You are currently subscribed to ntfsd as: xxxxx@osr.com
To unsubscribe send a blank email to xxxxx@lists.osr.com

OSR_Community_User · November 10, 2005, 3:04pm

For filter driver purposes, knowing the values they return have the same meaning
is enough (typecast), but it was only in the FltMgr world that I noticed this,
because I had a wrapper IoGetRequestorProcessId, since I needed it on NT4.

The info below is quite interesting though, thanks!

Tony Mason wrote:

Funny you should ask - I had a conversation recently with a very
reputable dev @ Microsoft on this very issue.

This is a bug in the definition of IoGetRequestorProcessId - it does in
fact return a HANDLE. I’m honestly not sure why nobody saw this issue
before (think of kernel handle’s with the high bit set - or is that bit
31? Probably because a process ID is not likely to have its high bit
set) but they didn’t.

As a result, this error has crept into filter manager as well. It’s a
pretty low impact issue because a “process ID” is a handle in a special
handle table used for processes and threads; thus, it represents the
offset into that table. To overflow the first 31 bits you’ll have to
have a LOT of handles (each entry is 8 bytes on x86; I assume it is 16
bytes on x64 but I haven’t verified this.)

I’m not sure how they will resolve this one, since this is a bug in the
API - change the API, break existing code. Don’t change the API, risk
someone on one of those 1TB 64-bit boxes creating the requisite number
of threads and failing in mysterious and difficult to debug ways. Of
course, those folks with the 1TB ia64 boxes are exactly the people who
WILL debug an issue like this, particularly when their 16TB SQL 2005
database crashes as a result.

–
Kind regards, Dejan M.
http://www.alfasp.com E-mail: xxxxx@alfasp.com
Alfa Transparent File Encryptor - Transparent file encryption services.
Alfa File Protector - File protection and hiding library for Win32 developers.
Alfa File Monitor - File monitoring library for Win32 developers.

OSR_Community_User · November 10, 2005, 7:34pm

If the IRP was sent to the worker thread by the upper code (FSDs often do
this) - then not so.

Maxim Shatskih, Windows DDK MVP
StorageCraft Corporation
xxxxx@storagecraft.com
http://www.storagecraft.com

----- Original Message -----
From: “Dejan Maksimovic”
To: “Windows File Systems Devs Interest List”
Sent: Thursday, November 10, 2005 10:24 PM
Subject: [ntfsd] PsGetCurrentProcessId and IoGetRequestorProcessId

>
> Do these two return the value with the same meaning? I.e. assuming
> no pending was done, would IoGetReuqestorProcessId(Irp) and
> PsGetCurrentProcessId return the same value?
> I ask because one returns a HANDLE, the other a ULONG.
>
> –
> Kind regards, Dejan M.
> http://www.alfasp.com E-mail: xxxxx@alfasp.com
> Alfa Transparent File Encryptor - Transparent file encryption services.
> Alfa File Protector - File protection and hiding library for Win32
> developers.
> Alfa File Monitor - File monitoring library for Win32 developers.
>
>
>
>
> —
> Questions? First check the IFS FAQ at
https://www.osronline.com/article.cfm?id=17
>
> You are currently subscribed to ntfsd as: xxxxx@storagecraft.com
> To unsubscribe send a blank email to xxxxx@lists.osr.com

OSR_Community_User · November 10, 2005, 8:28pm

I did say assuming no pending.

“Maxim S. Shatskih” wrote:

If the IRP was sent to the worker thread by the upper code (FSDs often do
this) - then not so.

Maxim Shatskih, Windows DDK MVP
StorageCraft Corporation
xxxxx@storagecraft.com
http://www.storagecraft.com

----- Original Message -----
From: “Dejan Maksimovic”
> To: “Windows File Systems Devs Interest List”
> Sent: Thursday, November 10, 2005 10:24 PM
> Subject: [ntfsd] PsGetCurrentProcessId and IoGetRequestorProcessId
>
> >
> > Do these two return the value with the same meaning? I.e. assuming
> > no pending was done, would IoGetReuqestorProcessId(Irp) and
> > PsGetCurrentProcessId return the same value?
> > I ask because one returns a HANDLE, the other a ULONG.
> >
> > –
> > Kind regards, Dejan M.
> > http://www.alfasp.com E-mail: xxxxx@alfasp.com
> > Alfa Transparent File Encryptor - Transparent file encryption services.
> > Alfa File Protector - File protection and hiding library for Win32
> > developers.
> > Alfa File Monitor - File monitoring library for Win32 developers.
> >
> >
> >
> >
> > —
> > Questions? First check the IFS FAQ at
> https://www.osronline.com/article.cfm?id=17
> >
> > You are currently subscribed to ntfsd as: xxxxx@storagecraft.com
> > To unsubscribe send a blank email to xxxxx@lists.osr.com
>
> —
> Questions? First check the IFS FAQ at https://www.osronline.com/article.cfm?id=17
>
> You are currently subscribed to ntfsd as: xxxxx@alfasp.com
> To unsubscribe send a blank email to xxxxx@lists.osr.com

–
Kind regards, Dejan M.
http://www.alfasp.com E-mail: xxxxx@alfasp.com
Alfa Transparent File Encryptor - Transparent file encryption services.
Alfa File Protector - File protection and hiding library for Win32 developers.
Alfa File Monitor - File monitoring library for Win32 developers.