What’s the difference between PsGetCurrentProcess and IoGetCurrentProcess?
The DDK documentation states:
“Highest-level drivers, file systems in particular, can call this routine
(PsGetCurrentProcess). Lower-level drivers should call IoGetCurrentProcess
instead.”
However, I find PsGetCurrentProcess is just a C macro defined as follows:
#define PsGetCurrentProcess IoGetCurrentProcess
In other words, PsGetCurrentProcess is identical to IoGetCurrentProcess.
What makes me confused is WHY are there two different routines performing
the same function?
Hope someone can give me an explanation. Thanks in advane.
You’re using an old DDK/WDK. The are now documented as identical. You
might wish to consider downloading the Vista RTM WDK.
mm
-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of John Smith
Sent: Friday, August 10, 2007 15:32
To: Windows System Software Devs Interest List
Subject: [ntdev] What’s the difference between PsGetCurrentProcess and
IoGetCurrentProcess?
What’s the difference between PsGetCurrentProcess and
IoGetCurrentProcess?
The DDK documentation states:
“Highest-level drivers, file systems in particular, can call this
routine
(PsGetCurrentProcess). Lower-level drivers should call
IoGetCurrentProcess
instead.”
However, I find PsGetCurrentProcess is just a C macro defined as
follows:
#define PsGetCurrentProcess IoGetCurrentProcess
In other words, PsGetCurrentProcess is identical to
IoGetCurrentProcess.
What makes me confused is WHY are there two different routines
performing
the same function?
Hope someone can give me an explanation. Thanks in advane.
NTDEV is sponsored by OSR
For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars
To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer
Actually, there are a bunch of these in the DDK, as Martin pointed out the
documentation was wrong. The reasoning behind the #define though is right.
Most of us would have a hard time keeping track that it was,
IoGetCurrentProcess but PsGetCurrentProcessId. Using the macros, helped
remove some warts in the implementation.
–
Don Burn (MVP, Windows DDK)
Windows 2k/XP/2k3 Filesystem and Driver Consulting
Website: http://www.windrvr.com
Blog: http://msmvps.com/blogs/WinDrvr
Remove StopSpam to reply
“John Smith” wrote in message news:xxxxx@ntdev…
> What’s the difference between PsGetCurrentProcess and
> IoGetCurrentProcess?
>
> The DDK documentation states:
> “Highest-level drivers, file systems in particular, can call this routine
> (PsGetCurrentProcess). Lower-level drivers should call
> IoGetCurrentProcess instead.”
>
> However, I find PsGetCurrentProcess is just a C macro defined as follows:
>
> #define PsGetCurrentProcess IoGetCurrentProcess
>
> In other words, PsGetCurrentProcess is identical to IoGetCurrentProcess.
>
> What makes me confused is WHY are there two different routines performing
> the same function?
>
> Hope someone can give me an explanation. Thanks in advane.
>
>
Many thanks to you two. I’m clear now.
“Don Burn” дÈëÏûÏ¢ÐÂÎÅ:xxxxx@ntdev…
> Actually, there are a bunch of these in the DDK, as Martin pointed out the
> documentation was wrong. The reasoning behind the #define though is
> right. Most of us would have a hard time keeping track that it was,
> IoGetCurrentProcess but PsGetCurrentProcessId. Using the macros, helped
> remove some warts in the implementation.
>
> –
> Don Burn (MVP, Windows DDK)
> Windows 2k/XP/2k3 Filesystem and Driver Consulting
> Website: http://www.windrvr.com
> Blog: http://msmvps.com/blogs/WinDrvr
> Remove StopSpam to reply
>
>
> “John Smith” wrote in message news:xxxxx@ntdev…
>> What’s the difference between PsGetCurrentProcess and
>> IoGetCurrentProcess?
>>
>> The DDK documentation states:
>> “Highest-level drivers, file systems in particular, can call this routine
>> (PsGetCurrentProcess). Lower-level drivers should call
>> IoGetCurrentProcess instead.”
>>
>> However, I find PsGetCurrentProcess is just a C macro defined as follows:
>>
>> #define PsGetCurrentProcess IoGetCurrentProcess
>>
>> In other words, PsGetCurrentProcess is identical to IoGetCurrentProcess.
>>
>> What makes me confused is WHY are there two different routines performing
>> the same function?
>>
>> Hope someone can give me an explanation. Thanks in advane.
>>
>>
>
>
>
> What makes me confused is WHY are there two different routines performing
the same function?
To confuse you even more, both IoGetCurrentProcess() and PsGetCurrentProcess() are exported by
ntoskrnl.exe, i.e. PsGetCurrentProcess() that you call in your code has nothing to do with PsGetCurrentProcess() that is exported by ntoskrnl.exe…
Anton Bassov
I examined the entry point of IoGetCurrentProcess with WinDBG, and found it
the same address as that of PsGetCurrentProcess. That is, the two routines
are absolutely identical in terms of binary code.
дÈëÏûÏ¢ÐÂÎÅ:xxxxx@ntdev…
>> What makes me confused is WHY are there two different routines performing
>> the same function?
>
>
> To confuse you even more, both IoGetCurrentProcess() and
> PsGetCurrentProcess() are exported by
> ntoskrnl.exe, i.e. PsGetCurrentProcess() that you call in your code has
> nothing to do with PsGetCurrentProcess() that is exported by
> ntoskrnl.exe…
>
> Anton Bassov
>
> I examined the entry point of IoGetCurrentProcess with WinDBG, and found it
the same address as that of PsGetCurrentProcess.
Actually, this is true - I just did not compare RVAs in a dump before postong. However, after having read your post, I checked RVAs - indeed, RVAs for PsGetCurrentProcess() and IoGetCurrentProcess() are the same, so that these are just 2 different names for the same function (at least under XP SP 2, although I am not so sure about the earlier OS versions). I think at some point these were 2 different functions, so MSFT, apparently, kept both names just for compatibility reasons…
Anton Bassov