https://git.reactos.org/?p=reactos.git;a=commitdiff;h=7ed0284e8eb25b5512d55… commit 7ed0284e8eb25b5512d551bc9256cdfc945c0351 Author: Kyle Katarn <contact(a)kcsoftwares.com> AuthorDate: Sat Sep 3 22:56:33 2022 +0200 Commit: GitHub <noreply(a)github.com> CommitDate: Sat Sep 3 22:56:33 2022 +0200 [NTOS:EX] Fix returned number of handles for Idle System Process (#4661) PsIdleProcess and PsInitialSystemProcess share the same handle table. This leads ObGetProcessHandleCount() to report the same number of handles when called on those system processes, when being enumerated by NtQuerySystemInformation(SystemProcessInformation). Instead, just return 0 for the handle count of the Idle process in SystemProcessInformation. This is not done in ObGetProcessHandleCount(), since a separate NtQueryInformationProcess(ProcessHandleCount) for the idle process should return a non-zero value. CORE-16577 --- ntoskrnl/ex/sysinfo.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/ntoskrnl/ex/sysinfo.c b/ntoskrnl/ex/sysinfo.c index 43ff88faaff..bf9b957fd42 100644 --- a/ntoskrnl/ex/sysinfo.c +++ b/ntoskrnl/ex/sysinfo.c @@ -1031,7 +1031,11 @@ QSI_DEF(SystemProcessInformation) SpiCurrent->BasePriority = Process->Pcb.BasePriority; SpiCurrent->UniqueProcessId = Process->UniqueProcessId; SpiCurrent->InheritedFromUniqueProcessId = Process->InheritedFromUniqueProcessId; - SpiCurrent->HandleCount = ObGetProcessHandleCount(Process); + + /* PsIdleProcess shares its handle table with PsInitialSystemProcess, + * so return the handle count for System only, not Idle one. */ + SpiCurrent->HandleCount = (Process == PsIdleProcess) ? 0 : ObGetProcessHandleCount(Process); + SpiCurrent->PeakVirtualSize = Process->PeakVirtualSize; SpiCurrent->VirtualSize = Process->VirtualSize; SpiCurrent->PageFaultCount = Process->Vm.PageFaultCount;