Can process IDs be greater than 64000? Because we're seeing process IDs greater than 64000

Raymond Chen

January 30th, 20140 0

A customer asked what to me was a very strange question.

Can process IDs be greater than 64000?Because we’re seeing process IDs greater than 64000.

This is a strange question because the answer is right there:You’re seeing process IDs greater than 64000with your very own eyes.Do you doubt the evidence right there in front of you?

It’s like asking,“Is it possible to have an orange with no seeds?Because I have an orange with no seeds.”

We saw some time ago thatprocess IDs can get very high indeed,although the kernel tries to keep the numbers small purelyfor cosmetic reasons.

The customer explained why they were asking this question.

Our application is crashing when the process ID gets too large.Here is the code:

int eventId = System.Diagnostics.Process.GetCurrentProcess().Id;
EventLog.WriteEntry("Contoso",
                    message,
                    EventLogEntryType.Information,
                    eventId);

Okay, um, that code makes no sense.

The code uses the process ID as the event ID.But event IDs are static;they arereferences to messages in your event source’smessage table.It’s not like your message table contains 65535 entries like this:

MessageId=1
Severity=Informational
SymbolicName=MSG_PROCESSID_1
Language=English
An event occurred in Process ID 1: %1
.
MessageId=2
Severity=Informational
SymbolicName=MSG_PROCESSID_2
Language=English
An event occurred in Process ID 2: %1
.
MessageId=3
Severity=Informational
SymbolicName=MSG_PROCESSID_3
Language=English
An event occurred in process ID 3: %1
.
… and so on until …
MessageId=3
Severity=Informational
SymbolicName=MSG_PROCESSID_65535
Language=English
An event occurred in process ID 65535: %1
.

The event ID describes what happened,and the process ID and other information goes into thepayload.

You can see from the format of event IDs that the event numbercan be at most 65535 because the upper bits of the event IDare used to encode other information.

And the code crashes because theWrite­Entry methodspecifically checks for absurd event IDsand rejects them with anArgument­Exception.

The fix is therefore to put the process ID in the payload of youreventand let the event number describe what actually happened,like“A multi-part print job was created.”

Raymond Chen