Index: ntoskrnl/ps/query.c
===================================================================
--- ntoskrnl/ps/query.c	(revision 39008)
+++ ntoskrnl/ps/query.c	(working copy)
@@ -69,6 +69,7 @@
         (PPROCESS_BASIC_INFORMATION)ProcessInformation;
     PKERNEL_USER_TIMES ProcessTime = (PKERNEL_USER_TIMES)ProcessInformation;
     ULONG HandleCount;
+    PHANDLE_TABLE HandleTable;
     PPROCESS_SESSION_INFORMATION SessionInfo =
         (PPROCESS_SESSION_INFORMATION)ProcessInformation;
     PVM_COUNTERS VmCounters = (PVM_COUNTERS)ProcessInformation;
@@ -236,9 +237,23 @@
                 break;
             }
 
-            /* Count the number of handles this process has */
-            HandleCount = ObpGetHandleCountByHandleTable(Process->ObjectTable);
+            /* Ensure the handle table doesn't go away while we use it */
+            HandleTable = ObReferenceProcessHandleTable(Process);
 
+            if (HandleTable != NULL)
+            {
+                /* Count the number of handles this process has */
+                HandleCount = ObpGetHandleCountByHandleTable(HandleTable);
+
+                /* Let the handle table go */
+                ObDereferenceProcessHandleTable(Process);
+            }
+            else
+            {
+                /* No handle table, no handles */
+                HandleCount = 0;
+            }
+
             /* Protect write in SEH */
             _SEH2_TRY
             {