Process Hacker
thread.c File Reference
#include <kph.h>
#include <dyndata.h>

Go to the source code of this file.

Typedefs

typedef struct _EXIT_THREAD_CONTEXT EXIT_THREAD_CONTEXT
 
typedef struct
_EXIT_THREAD_CONTEXT * 
PEXIT_THREAD_CONTEXT
 
typedef struct
_CAPTURE_BACKTRACE_THREAD_CONTEXT 
CAPTURE_BACKTRACE_THREAD_CONTEXT
 
typedef struct
_CAPTURE_BACKTRACE_THREAD_CONTEXT * 
PCAPTURE_BACKTRACE_THREAD_CONTEXT
 

Functions

VOID KphpCaptureStackBackTraceThreadSpecialApc (__in PRKAPC Apc, __inout PKNORMAL_ROUTINE *NormalRoutine, __inout PVOID *NormalContext, __inout PVOID *SystemArgument1, __inout PVOID *SystemArgument2)
 
VOID KphpExitThreadSpecialApc (__in PRKAPC Apc, __inout PKNORMAL_ROUTINE *NormalRoutine, __inout PVOID *NormalContext, __inout PVOID *SystemArgument1, __inout PVOID *SystemArgument2)
 
NTSTATUS KpiOpenThread (__out PHANDLE ThreadHandle, __in ACCESS_MASK DesiredAccess, __in PCLIENT_ID ClientId, __in KPROCESSOR_MODE AccessMode)
 Opens a thread.
 
NTSTATUS KpiOpenThreadProcess (__in HANDLE ThreadHandle, __in ACCESS_MASK DesiredAccess, __out PHANDLE ProcessHandle, __in KPROCESSOR_MODE AccessMode)
 Opens the process of a thread.
 
NTSTATUS KphTerminateThreadByPointerInternal (__in PETHREAD Thread, __in NTSTATUS ExitStatus)
 Terminates a thread using PspTerminateThreadByPointer.
 
NTSTATUS KpiTerminateThread (__in HANDLE ThreadHandle, __in NTSTATUS ExitStatus, __in KPROCESSOR_MODE AccessMode)
 Terminates a thread.
 
NTSTATUS KpiTerminateThreadUnsafe (__in HANDLE ThreadHandle, __in NTSTATUS ExitStatus, __in KPROCESSOR_MODE AccessMode)
 Terminates a thread using an unsafe method.
 
NTSTATUS KpiGetContextThread (__in HANDLE ThreadHandle, __inout PCONTEXT ThreadContext, __in KPROCESSOR_MODE AccessMode)
 Gets the context of a thread.
 
NTSTATUS KpiSetContextThread (__in HANDLE ThreadHandle, __in PCONTEXT ThreadContext, __in KPROCESSOR_MODE AccessMode)
 Sets the context of a thread.
 
ULONG KphCaptureStackBackTrace (__in ULONG FramesToSkip, __in ULONG FramesToCapture, __in_opt ULONG Flags, __out_ecount(FramesToCapture) PVOID *BackTrace, __out_opt PULONG BackTraceHash)
 Captures a stack trace of the current thread.
 
NTSTATUS KphCaptureStackBackTraceThread (__in PETHREAD Thread, __in ULONG FramesToSkip, __in ULONG FramesToCapture, __out_ecount(FramesToCapture) PVOID *BackTrace, __out_opt PULONG CapturedFrames, __out_opt PULONG BackTraceHash, __in KPROCESSOR_MODE AccessMode)
 Captures the stack trace of a thread.
 
NTSTATUS KpiCaptureStackBackTraceThread (__in HANDLE ThreadHandle, __in ULONG FramesToSkip, __in ULONG FramesToCapture, __out_ecount(FramesToCapture) PVOID *BackTrace, __out_opt PULONG CapturedFrames, __out_opt PULONG BackTraceHash, __in KPROCESSOR_MODE AccessMode)
 Captures the stack trace of a thread.
 
NTSTATUS KpiQueryInformationThread (__in HANDLE ThreadHandle, __in KPH_THREAD_INFORMATION_CLASS ThreadInformationClass, __out_bcount(ProcessInformationLength) PVOID ThreadInformation, __in ULONG ThreadInformationLength, __out_opt PULONG ReturnLength, __in KPROCESSOR_MODE AccessMode)
 Queries thread information.
 
NTSTATUS KpiSetInformationThread (__in HANDLE ThreadHandle, __in KPH_THREAD_INFORMATION_CLASS ThreadInformationClass, __in_bcount(ThreadInformationLength) PVOID ThreadInformation, __in ULONG ThreadInformationLength, __in KPROCESSOR_MODE AccessMode)
 Sets thread information.
 

Variables

KKERNEL_ROUTINE KphpCaptureStackBackTraceThreadSpecialApc
 
KKERNEL_ROUTINE KphpExitThreadSpecialApc
 

Typedef Documentation

typedef struct _CAPTURE_BACKTRACE_THREAD_CONTEXT CAPTURE_BACKTRACE_THREAD_CONTEXT
typedef struct _EXIT_THREAD_CONTEXT EXIT_THREAD_CONTEXT
typedef struct _CAPTURE_BACKTRACE_THREAD_CONTEXT * PCAPTURE_BACKTRACE_THREAD_CONTEXT
typedef struct _EXIT_THREAD_CONTEXT * PEXIT_THREAD_CONTEXT

Function Documentation

ULONG KphCaptureStackBackTrace ( __in ULONG  FramesToSkip,
__in ULONG  FramesToCapture,
__in_opt ULONG  Flags,
__out_ecount(FramesToCapture) PVOID *  BackTrace,
__out_opt PULONG  BackTraceHash 
)

Captures a stack trace of the current thread.

Parameters
FramesToSkipThe number of frames to skip from the bottom of the stack.
FramesToCaptureThe number of frames to capture.
FlagsA combination of the following:
  • RTL_WALK_USER_MODE_STACK The user-mode stack will be retrieved instead of the kernel-mode stack.
BackTraceAn array in which the stack trace will be stored.
BackTraceHashA variable which receives a hash of the stack trace.
Returns
The number of frames captured.

Definition at line 582 of file thread.c.

NTSTATUS KphCaptureStackBackTraceThread ( __in PETHREAD  Thread,
__in ULONG  FramesToSkip,
__in ULONG  FramesToCapture,
__out_ecount(FramesToCapture) PVOID *  BackTrace,
__out_opt PULONG  CapturedFrames,
__out_opt PULONG  BackTraceHash,
__in KPROCESSOR_MODE  AccessMode 
)

Captures the stack trace of a thread.

Parameters
ThreadThe thread to capture the stack trace of.
FramesToSkipThe number of frames to skip from the bottom of the stack.
FramesToCaptureThe number of frames to capture.
BackTraceAn array in which the stack trace will be stored.
CapturedFramesA variable which receives the number of frames captured.
BackTraceHashA variable which receives a hash of the stack trace.
AccessModeThe mode in which to perform access checks.
Returns
The number of frames captured.

Definition at line 650 of file thread.c.

VOID KphpCaptureStackBackTraceThreadSpecialApc ( __in PRKAPC  Apc,
__inout PKNORMAL_ROUTINE NormalRoutine,
__inout PVOID *  NormalContext,
__inout PVOID *  SystemArgument1,
__inout PVOID *  SystemArgument2 
)
VOID KphpExitThreadSpecialApc ( __in PRKAPC  Apc,
__inout PKNORMAL_ROUTINE NormalRoutine,
__inout PVOID *  NormalContext,
__inout PVOID *  SystemArgument1,
__inout PVOID *  SystemArgument2 
)
NTSTATUS KphTerminateThreadByPointerInternal ( __in PETHREAD  Thread,
__in NTSTATUS  ExitStatus 
)

Terminates a thread using PspTerminateThreadByPointer.

Parameters
ThreadA thread object.
ExitStatusA status value which indicates why the thread is being terminated.

Definition at line 257 of file thread.c.

NTSTATUS KpiCaptureStackBackTraceThread ( __in HANDLE  ThreadHandle,
__in ULONG  FramesToSkip,
__in ULONG  FramesToCapture,
__out_ecount(FramesToCapture) PVOID *  BackTrace,
__out_opt PULONG  CapturedFrames,
__out_opt PULONG  BackTraceHash,
__in KPROCESSOR_MODE  AccessMode 
)

Captures the stack trace of a thread.

Parameters
ThreadHandleA handle to the thread to capture the stack trace of.
FramesToSkipThe number of frames to skip from the bottom of the stack.
FramesToCaptureThe number of frames to capture.
BackTraceAn array in which the stack trace will be stored.
CapturedFramesA variable which receives the number of frames captured.
BackTraceHashA variable which receives a hash of the stack trace.
AccessModeThe mode in which to perform access checks.
Returns
The number of frames captured.

Definition at line 866 of file thread.c.

NTSTATUS KpiGetContextThread ( __in HANDLE  ThreadHandle,
__inout PCONTEXT  ThreadContext,
__in KPROCESSOR_MODE  AccessMode 
)

Gets the context of a thread.

Parameters
ThreadHandleA handle to a thread.
ThreadContextA pointer to a context structure. ContextFlags must be set.
AccessModeThe mode in which to perform access checks.

Definition at line 501 of file thread.c.

NTSTATUS KpiOpenThread ( __out PHANDLE  ThreadHandle,
__in ACCESS_MASK  DesiredAccess,
__in PCLIENT_ID  ClientId,
__in KPROCESSOR_MODE  AccessMode 
)

Opens a thread.

Parameters
ThreadHandleA variable which receives the thread handle.
DesiredAccessThe desired access to the thread.
ClientIdThe identifier of a thread. UniqueThread must be present. If UniqueProcess is present, the process of the referenced thread will be checked against this identifier.
AccessModeThe mode in which to perform access checks.

Definition at line 89 of file thread.c.

NTSTATUS KpiOpenThreadProcess ( __in HANDLE  ThreadHandle,
__in ACCESS_MASK  DesiredAccess,
__out PHANDLE  ProcessHandle,
__in KPROCESSOR_MODE  AccessMode 
)

Opens the process of a thread.

Parameters
ThreadHandleA handle to a thread.
DesiredAccessThe desired access to the process.
ProcessHandleA variable which receives the process handle.
AccessModeThe mode in which to perform access checks.

Definition at line 176 of file thread.c.

NTSTATUS KpiQueryInformationThread ( __in HANDLE  ThreadHandle,
__in KPH_THREAD_INFORMATION_CLASS  ThreadInformationClass,
__out_bcount(ProcessInformationLength) PVOID  ThreadInformation,
__in ULONG  ThreadInformationLength,
__out_opt PULONG  ReturnLength,
__in KPROCESSOR_MODE  AccessMode 
)

Queries thread information.

Parameters
ThreadHandleA handle to a thread.
ThreadInformationClassThe type of information to query.
ThreadInformationThe buffer in which the information will be stored.
ThreadInformationLengthThe number of bytes available in ThreadInformation.
ReturnLengthA variable which receives the number of bytes required to be available in ThreadInformation.
AccessModeThe mode in which to perform access checks.

Definition at line 919 of file thread.c.

NTSTATUS KpiSetContextThread ( __in HANDLE  ThreadHandle,
__in PCONTEXT  ThreadContext,
__in KPROCESSOR_MODE  AccessMode 
)

Sets the context of a thread.

Parameters
ThreadHandleA handle to a thread.
ThreadContextThe new context of the thread.
AccessModeThe mode in which to perform access checks.

Definition at line 537 of file thread.c.

NTSTATUS KpiSetInformationThread ( __in HANDLE  ThreadHandle,
__in KPH_THREAD_INFORMATION_CLASS  ThreadInformationClass,
__in_bcount(ThreadInformationLength) PVOID  ThreadInformation,
__in ULONG  ThreadInformationLength,
__in KPROCESSOR_MODE  AccessMode 
)

Sets thread information.

Parameters
ThreadHandleA handle to a thread.
ThreadInformationClassThe type of information to set.
ThreadInformationA buffer which contains the information to set.
ThreadInformationLengthThe number of bytes present in ThreadInformation.
AccessModeThe mode in which to perform access checks.

Definition at line 1074 of file thread.c.

NTSTATUS KpiTerminateThread ( __in HANDLE  ThreadHandle,
__in NTSTATUS  ExitStatus,
__in KPROCESSOR_MODE  AccessMode 
)

Terminates a thread.

Parameters
ThreadHandleA handle to a thread.
ExitStatusA status value which indicates why the thread is being terminated.
AccessModeThe mode in which to perform access checks.

Definition at line 354 of file thread.c.

NTSTATUS KpiTerminateThreadUnsafe ( __in HANDLE  ThreadHandle,
__in NTSTATUS  ExitStatus,
__in KPROCESSOR_MODE  AccessMode 
)

Terminates a thread using an unsafe method.

Parameters
ThreadHandleA handle to a thread.
ExitStatusA status value which indicates why the thread is being terminated.
AccessModeThe mode in which to perform access checks.
Remarks
The thread will be terminated even if it is currently running kernel-mode code. Therefore, resources may be leaked or remain locked indefinitely.

Definition at line 403 of file thread.c.

Variable Documentation

VOID KphpCaptureStackBackTraceThreadSpecialApc

Definition at line 44 of file thread.c.

VOID KphpExitThreadSpecialApc

Definition at line 45 of file thread.c.