kernel mode version of OpenProcess

Question

Is there a kernel mode version of OpenProcess function?

Basically I want to get a process HANDLE from process ID. Specifically, I want to get the HANDLE of System Process ID.

Thanks!

I think you looking for [This](https://stackoverflow.com/questions/2221103/how-to-get-process-handle-from-process-id) — ntshetty, Dec 05 '17 at 07:04
Thank you for that but correct if I'm wrong but I think that won't work in developing windows driver. — Brex, Dec 05 '17 at 07:14

score 0 · Accepted Answer · answered Dec 05 '17 at 07:56

0

If you are in an arbitrary system thread you can use ZwCurrentProcess(), otherwise you will need to figure out the ID of a system thread somehow and use ZwOpenProcess.

You might also look to see if there is a way to convert the result of PsInitialSystemProcess to a process handle (or maybe PsInitialSystemProcess is what you are really after).

answered Dec 05 '17 at 07:56

SoronelHaetir

14,104
1
12
23

Thank you! PsInitialSystemProcess is what I needed. – Brex Dec 05 '17 at 08:04

kernel mode version of OpenProcess

1 Answers1