Index: ntoskrnl/ex/sysinfo.c
===================================================================
--- ntoskrnl/ex/sysinfo.c	(revision 39008)
+++ ntoskrnl/ex/sysinfo.c	(working copy)
@@ -778,7 +778,7 @@
             SpiCurrent->BasePriority = Process->Pcb.BasePriority;
             SpiCurrent->UniqueProcessId = Process->UniqueProcessId;
             SpiCurrent->InheritedFromUniqueProcessId = Process->InheritedFromUniqueProcessId;
-            SpiCurrent->HandleCount = (Process->ObjectTable ? ObpGetHandleCountByHandleTable(Process->ObjectTable) : 0);
+            SpiCurrent->HandleCount = ObGetProcessHandleCount(Process);
             SpiCurrent->PeakVirtualSize = Process->PeakVirtualSize;
             SpiCurrent->VirtualSize = Process->VirtualSize;
             SpiCurrent->PageFaultCount = Process->Vm.PageFaultCount;
@@ -1023,7 +1023,7 @@

     do
     {
-        hCount = hCount + (pr->ObjectTable ? ObpGetHandleCountByHandleTable(pr->ObjectTable) : 0);
+        hCount = hCount + ObGetProcessHandleCount(pr);
         pr = PsGetNextProcess(pr);

         if ((pr == syspr) || (pr == NULL)) break;
@@ -1059,7 +1059,7 @@
     {
         int Count = 0, HandleCount;

-        HandleCount = (pr->ObjectTable ? ObpGetHandleCountByHandleTable(pr->ObjectTable) : 0);
+        HandleCount = ObGetProcessHandleCount(pr);

         for (Count = 0; HandleCount > 0 ; HandleCount--)
         {
Index: ntoskrnl/include/internal/ob.h
===================================================================
--- ntoskrnl/include/internal/ob.h	(revision 39008)
+++ ntoskrnl/include/internal/ob.h	(working copy)
@@ -571,6 +571,15 @@
 );

 //
+// Miscellanea
+//
+ULONG
+NTAPI
+ObGetProcessHandleCount(
+    IN PEPROCESS Process
+);
+
+//
 // Global data inside the Object Manager
 //
 extern ULONG ObpTraceLevel;
Index: ntoskrnl/ob/obhandle.c
===================================================================
--- ntoskrnl/ob/obhandle.c	(revision 39008)
+++ ntoskrnl/ob/obhandle.c	(working copy)
@@ -54,6 +54,35 @@
     ExReleaseRundownProtection(&Process->RundownProtect);
 }

+ULONG
+NTAPI
+ObGetProcessHandleCount(IN PEPROCESS Process)
+{
+    ULONG HandleCount;
+    PHANDLE_TABLE HandleTable;
+
+    ASSERT(Process);
+
+    /* Ensure the handle table doesn't go away while we use it */
+    HandleTable = ObReferenceProcessHandleTable(Process);
+
+    if (HandleTable != NULL)
+    {
+        /* Count the number of handles the process has */
+        HandleCount = ObpGetHandleCountByHandleTable(HandleTable);
+
+        /* Let the handle table go */
+        ObDereferenceProcessHandleTable(Process);
+    }
+    else
+    {
+        /* No handle table, no handles */
+        HandleCount = 0;
+    }
+
+    return HandleCount;
+}
+
 NTSTATUS
 NTAPI
 ObpReferenceProcessObjectByHandle(IN HANDLE Handle,
Index: ntoskrnl/ps/query.c
===================================================================
--- ntoskrnl/ps/query.c	(revision 39008)
+++ ntoskrnl/ps/query.c	(working copy)
@@ -237,7 +237,7 @@
             }

             /* Count the number of handles this process has */
-            HandleCount = ObpGetHandleCountByHandleTable(Process->ObjectTable);
+            HandleCount = ObGetProcessHandleCount(Process);

             /* Protect write in SEH */
             _SEH2_TRY