Prev: ERROR_BAD_IMPERSONATION_LEVEL with Vista SP1, any workaround?
Next: DEP and /NXCOMPAT troubles...
From: Volodymyr M. Shcherbyna on 28 Oct 2008 12:52
So why in the hell someone has to rely on (HANDLE)2 if there is public
method (GetCurrentThread) to use? :)

--
Volodymyr, blog: http://www.shcherbyna.com/
(This posting is provided "AS IS" with no warranties, and confers no
rights)
"Pavel A." <pavel_a(a)NOfastmailNO.fm> wrote in message
news:e78Y0yROJHA.4760(a)TK2MSFTNGP02.phx.gbl...
> Volodymyr M. Shcherbyna wrote:
>>> This is why linux kernel folks hate macros and typedefs...
>>> Indeed, why someone needs another name for -2 ?
>>>
>>> --PA
>>
>> I don't know, but why someone changed PID for System process in Windows
>> XP to 4 from 8 (in Windows 2k)?
>
> This could be part of boot optimization <g>
>
> Seriously, system processes can be detected by other sane means
> (PsInitialSystemProcess, PsIsSystemThread)
>
> --PA


From: Pavel A. on 28 Oct 2008 17:54
Volodymyr M. Shcherbyna wrote:
> So why in the hell someone has to rely on (HANDLE)2 if there is public
> method (GetCurrentThread) to use? :)
>

GetCurrentThread is Win32 API, you can't call it in a driver.
NtCurrentThread is a native API (obviously, not mentioned in MSDN).
So yes, -2 is better, to avoid undocumented stuff ;)

--PA
From: Volodymyr M. Shcherbyna on 28 Oct 2008 18:04
IIRC there were no talks about calling this function in kernel mode, so I
assume we speak about user mode :)

--
Volodymyr, blog: http://www.shcherbyna.com/
(This posting is provided "AS IS" with no warranties, and confers no
rights)
"Pavel A." <pavel_a(a)NOfastmailNO.fm> wrote in message
news:OlN0xfUOJHA.1164(a)TK2MSFTNGP03.phx.gbl...
> Volodymyr M. Shcherbyna wrote:
>> So why in the hell someone has to rely on (HANDLE)2 if there is public
>> method (GetCurrentThread) to use? :)
>>
>
> GetCurrentThread is Win32 API, you can't call it in a driver.
> NtCurrentThread is a native API (obviously, not mentioned in MSDN).
> So yes, -2 is better, to avoid undocumented stuff ;)
>
> --PA


From: Volodymyr M. Shcherbyna on 28 Oct 2008 18:21
2 Pavel,

Even if we speak about kernel mode, I would prefer to use NtCurrentThread
instead of using -2 define in my code, as if things will change in future
you will have a hidden bug which could be hard to trace.

On the other hand, If your driver will be using NtCurrentThread you will
discover problem at compilation stage (linker will fail if NtCurrentThread
will be removed from list of exported functions by ntoskrnl) or at customer
side driver just would not load and there will be apropriate entry in event
manager ...

--
Volodymyr, blog: http://www.shcherbyna.com/
(This posting is provided "AS IS" with no warranties, and confers no
rights)
"Volodymyr M. Shcherbyna" <v_scherbina(a)online.mvps.org> wrote in message
news:edBglkUOJHA.4504(a)TK2MSFTNGP03.phx.gbl...
> IIRC there were no talks about calling this function in kernel mode, so I
> assume we speak about user mode :)
>
> --
> Volodymyr, blog: http://www.shcherbyna.com/
> (This posting is provided "AS IS" with no warranties, and confers no
> rights)
> "Pavel A." <pavel_a(a)NOfastmailNO.fm> wrote in message
> news:OlN0xfUOJHA.1164(a)TK2MSFTNGP03.phx.gbl...
>> Volodymyr M. Shcherbyna wrote:
>>> So why in the hell someone has to rely on (HANDLE)2 if there is public
>>> method (GetCurrentThread) to use? :)
>>>
>>
>> GetCurrentThread is Win32 API, you can't call it in a driver.
>> NtCurrentThread is a native API (obviously, not mentioned in MSDN).
>> So yes, -2 is better, to avoid undocumented stuff ;)
>>
>> --PA
>
>


From: Richard Russell on 28 Oct 2008 18:28
On Oct 28, 4:52 pm, "Volodymyr M. Shcherbyna" wrote:
> So why in the hell someone has to rely on (HANDLE)2 if there is public
> method (GetCurrentThread) to use? :)

I don't suppose anybody *has* to rely on it, although there are
obvious (if small) advantages such as slightly shorter code and
slightly faster execution speed.

I would turn the question around. If existing code uses (HANDLE)-2,
is there a good reason to go to the trouble of changing it? My
reading of the replies in this thread is probably not. The
"theoretical" possibility of the value changing in the future doesn't
worry me, because almost certainly other things would require changing
then too.

Richard.
http://www.rtrussell.co.uk/
To reply by email change 'news' to my forename.
 |  Next  |  Last
Pages: 1 2
Prev: ERROR_BAD_IMPERSONATION_LEVEL with Vista SP1, any workaround?
Next: DEP and /NXCOMPAT troubles...