From: Jamey Kirby [jkirby@storagecraft.com] Sent: Thursday, February 10, 2000 2:04 AM To: Prasad Dabak; David Welch Cc: ntdev@atria.com; ntfsd@atria.com Subject: RE: [ntdev] Re: [ntfsd] Interesting delima with process notification So, why does the IFS kit use this declaration: typedef VOID (*PCREATE_PROCESS_NOTIFY_ROUTINE)( IN HANDLE ParentId, IN HANDLE ProcessId, IN BOOLEAN Create ); According to the above prorotype, the prodess id _IS_ a handle. Jamey > -----Original Message----- > From: owner-ntdev@atria.com [mailto:owner-ntdev@atria.com]On Behalf Of > Prasad Dabak > Sent: Wednesday, February 09, 2000 6:40 PM > To: David Welch; Jamey Kirby > Cc: ntdev@atria.com; ntfsd@atria.com > Subject: Re: [ntdev] Re: [ntfsd] Interesting delima with process > notification > > > Hello, > > Yes, NTOSKRNL indeed passes the process ids to the > callback routine and NOT the handles. > > -Prasad > > > --- David Welch > wrote: > > > > Doesn't ntoskrnl pass process ids to the notify > > routine (going by the code > > from sysinternals). > > > > On Wed, 9 Feb 2000, Jamey Kirby wrote: > > > > > I have a filter driver that is using > > PsSetCreateProcessNotifyRoutine() to > > > signal process arrival an removal. > > > > > > The notification callback is called for process > > creation and process > > > deletion. The process handle is passed to the > > notification routine. > > > > > > In my filter, I am tracking process objects > > (EPROCESS). When I get the > > > deletion callback and I call > > ObReferenceObjectByHandle(), I get and error > > > (invalid handle (0xc0...08). I am confused as to > > why NT would call this > > > function after the handle has been removed from > > the handle table. If the > > > handle is invalid, why would NT pass it to a > > function? This seems stupid to > > > me. > > > > > > > - - - - - - - - - - - - - - - - - - - - - - - - - - > > - - - - - - > > [ To unsubscribe, send email to > > ntdev-request@atria.com with body > > UNSUBSCRIBE (the subject is ignored). ] > > > > ===== > Prasad S. Dabak > Director of Engineering, Windows NT/2000 Division > Cybermedia Software Private Limited > http://www.cybermedia.co.in > Co-author of the book "Undocumented Windows NT" > ISBN 0764545698 > __________________________________________________ > Do You Yahoo!? > Talk to your friends online with Yahoo! Messenger. > http://im.yahoo.com > - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - > [ To unsubscribe, send email to ntdev-request@atria.com with body > UNSUBSCRIBE (the subject is ignored). ] > - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - [ To unsubscribe, send email to ntdev-request@atria.com with body UNSUBSCRIBE (the subject is ignored). ]