0

I am using NtQueryInformationProcess : ProcessConsoleHostProcess to query the process ID of the conhost.exe process that is associated with a console application in Windows 10 x64. The function returns a success status code, but I always get an odd number, which is always one more than the actual PID. See the screenshot. My code is complied for x64.

Is there anything wrong with this?

Eryk Sun
  • 33,190
  • 5
  • 92
  • 111
hyzhangzhy
  • 17
  • 3

1 Answers1

1

From memory, process ids are a multiple of 4. It wouldn't surprise me that the low two bits are being borrowed for some reason.

  • Oh, so is it safe to clip it to a multiple of 4, I mean something like testtest = testtest & ~(sizeof(int) - 1); – hyzhangzhy Dec 08 '18 at 04:23
  • Yes, process IDs are assigned out of a handle table, so, just like with kernel handles, the least significant two bits of a PID are available for internal use. You can clear these two bits with `testtest &= ~3`, but it's not necessary if you're only passing the value to `OpenProcess`. – Eryk Sun Dec 08 '18 at 05:51
  • Thanks, I see. It is necessary in my case, I need to record processIds. – hyzhangzhy Dec 08 '18 at 06:02