Is there a kernel mode version of OpenProcess function?
Basically I want to get a process HANDLE from process ID. Specifically, I want to get the HANDLE of System Process ID.
Thanks!
If you are in an arbitrary system thread you can use ZwCurrentProcess(), otherwise you will need to figure out the ID of a system thread somehow and use ZwOpenProcess.
You might also look to see if there is a way to convert the result of PsInitialSystemProcess to a process handle (or maybe PsInitialSystemProcess is what you are really after).