PEPROCESS
IoGetCurrentProcess(
);
IoGetCurrentProcess returns a pointer to the current process.
In general, highest-level drivers, particularly file systems, are most likely to call this routine. An intermediate or underlying device driver seldom is called in the context of a thread that originates the current I/O request that the driver is processing, so it cannot get access to such a thread’s process space.
Callers of IoGetCurrentProcess must be running at IRQL PASSIVE_LEVEL.