When to use PsGetCurrentProcessId and FltGetRequestorProcessId ?

Hello everyone,

I was looking at one of the discussions regarding the Process ID.
I am a little confused. Till now i had been using PsGetCurrentProcessId everywhere.
When is FltGetRequestorProcessId needed?

Thank you.
Tushar

For anything other than a create you cannot rely on the current process
being the requesting process.


Don Burn (MVP, Windows DDK)
Windows 2k/XP/2k3 Filesystem and Driver Consulting
Website: http://www.windrvr.com
Blog: http://msmvps.com/blogs/WinDrvr
Remove StopSpam to reply

wrote in message news:xxxxx@ntfsd…
> Hello everyone,
>
> I was looking at one of the discussions regarding the Process ID.
> I am a little confused. Till now i had been using PsGetCurrentProcessId
> everywhere.
> When is FltGetRequestorProcessId needed?
>
> Thank you.
> Tushar
>

Thank you Don.

I have one more doubt.
If a minifilter driver which is above a second minifilter driver posts a request to a worker thread and the calls FltCompletePendedPreOperation from that worker thread so as to pass the request down.
Lets say the upper minifilter had received the request in context of Process X and thread Y, will the lower minifilter also receive the request in context of Process X & thread Y? Is this applicable for all requests

Thank you.
Tushar
Tushar

I am not an expert in mini-filters, but after reading documentation for PFLT_PRE_OPERATION_CALLBACK & FltCompletePendedPreOperation I have following impression.

  1. as you return FLT_PREOP_PENDING from PFLT_PRE_OPERATION_CALLBACK and you can call it only for IRP based I/Os, you cannot pass this request down anymore. You are saying by this “hey I will process this request instead of FSD”. It’s the same like you call IoMarkIrpPending() and return STATUS_PENDING in legacy FSF.

  2. For synchronous requests is requestor thread waiting for completion in Io Manager

  3. For asynchronous/overlapped operations thread returns to caller (in user mode).

It implies that you cannot pass down request in requestor thread context.

I hope I am not completely wrong because I am not authority in this field.
-bg