I was shocked that I got the same PID between User mode and Kernel mode in an IOCTL request from my application to my kernel driver(WDM) via DeviceIoControl() Win32 API.
As far as I know, drivers have its own PID in kernel mode; applications own its PID in user mode, they were separated, can be communicated through IOCTL. But today, I got the same PID between user/kernel mode in an IOCTL request. I got PID via GetCurrentProcessId() function in user mode; and got PID via PsGetCurrentProcessId() function in kernel mode, showing the result in user mode application, those two PID are the same.
Does anyone know why?
What you saw is normal. In Windows, it is normal that a thread spent part of its time running user mode codes and part of its time running kernel mode codes. In your case, after a thread executed your application which made a call to execute IOCTL, Windows kernel used this same thread to execute your kernel mode driver codes to handle this IOCTL.
Hope this helps.