thread.c File Reference

#include <kph.h>
#include <dyndata.h>

Go to the source code of this file.

Typedefs
typedef struct _EXIT_THREAD_CONTEXT	EXIT_THREAD_CONTEXT
typedef struct _EXIT_THREAD_CONTEXT *	PEXIT_THREAD_CONTEXT
typedef struct _CAPTURE_BACKTRACE_THREAD_CONTEXT	CAPTURE_BACKTRACE_THREAD_CONTEXT
typedef struct _CAPTURE_BACKTRACE_THREAD_CONTEXT *	PCAPTURE_BACKTRACE_THREAD_CONTEXT

Functions
VOID	KphpCaptureStackBackTraceThreadSpecialApc (__in PRKAPC Apc, __inout PKNORMAL_ROUTINE *NormalRoutine, __inout PVOID *NormalContext, __inout PVOID *SystemArgument1, __inout PVOID *SystemArgument2)
VOID	KphpExitThreadSpecialApc (__in PRKAPC Apc, __inout PKNORMAL_ROUTINE *NormalRoutine, __inout PVOID *NormalContext, __inout PVOID *SystemArgument1, __inout PVOID *SystemArgument2)
NTSTATUS	KpiOpenThread (__out PHANDLE ThreadHandle, __in ACCESS_MASK DesiredAccess, __in PCLIENT_ID ClientId, __in KPROCESSOR_MODE AccessMode)
	Opens a thread.
NTSTATUS	KpiOpenThreadProcess (__in HANDLE ThreadHandle, __in ACCESS_MASK DesiredAccess, __out PHANDLE ProcessHandle, __in KPROCESSOR_MODE AccessMode)
	Opens the process of a thread.
NTSTATUS	KphTerminateThreadByPointerInternal (__in PETHREAD Thread, __in NTSTATUS ExitStatus)
	Terminates a thread using PspTerminateThreadByPointer.
NTSTATUS	KpiTerminateThread (__in HANDLE ThreadHandle, __in NTSTATUS ExitStatus, __in KPROCESSOR_MODE AccessMode)
	Terminates a thread.
NTSTATUS	KpiTerminateThreadUnsafe (__in HANDLE ThreadHandle, __in NTSTATUS ExitStatus, __in KPROCESSOR_MODE AccessMode)
	Terminates a thread using an unsafe method.
NTSTATUS	KpiGetContextThread (__in HANDLE ThreadHandle, __inout PCONTEXT ThreadContext, __in KPROCESSOR_MODE AccessMode)
	Gets the context of a thread.
NTSTATUS	KpiSetContextThread (__in HANDLE ThreadHandle, __in PCONTEXT ThreadContext, __in KPROCESSOR_MODE AccessMode)
	Sets the context of a thread.
ULONG	KphCaptureStackBackTrace (__in ULONG FramesToSkip, __in ULONG FramesToCapture, __in_opt ULONG Flags, __out_ecount(FramesToCapture) PVOID *BackTrace, __out_opt PULONG BackTraceHash)
	Captures a stack trace of the current thread.
NTSTATUS	KphCaptureStackBackTraceThread (__in PETHREAD Thread, __in ULONG FramesToSkip, __in ULONG FramesToCapture, __out_ecount(FramesToCapture) PVOID *BackTrace, __out_opt PULONG CapturedFrames, __out_opt PULONG BackTraceHash, __in KPROCESSOR_MODE AccessMode)
	Captures the stack trace of a thread.
NTSTATUS	KpiCaptureStackBackTraceThread (__in HANDLE ThreadHandle, __in ULONG FramesToSkip, __in ULONG FramesToCapture, __out_ecount(FramesToCapture) PVOID *BackTrace, __out_opt PULONG CapturedFrames, __out_opt PULONG BackTraceHash, __in KPROCESSOR_MODE AccessMode)
	Captures the stack trace of a thread.
NTSTATUS	KpiQueryInformationThread (__in HANDLE ThreadHandle, __in KPH_THREAD_INFORMATION_CLASS ThreadInformationClass, __out_bcount(ProcessInformationLength) PVOID ThreadInformation, __in ULONG ThreadInformationLength, __out_opt PULONG ReturnLength, __in KPROCESSOR_MODE AccessMode)
	Queries thread information.
NTSTATUS	KpiSetInformationThread (__in HANDLE ThreadHandle, __in KPH_THREAD_INFORMATION_CLASS ThreadInformationClass, __in_bcount(ThreadInformationLength) PVOID ThreadInformation, __in ULONG ThreadInformationLength, __in KPROCESSOR_MODE AccessMode)
	Sets thread information.

Variables
KKERNEL_ROUTINE	KphpCaptureStackBackTraceThreadSpecialApc
KKERNEL_ROUTINE	KphpExitThreadSpecialApc

Typedef Documentation

typedef struct _CAPTURE_BACKTRACE_THREAD_CONTEXT CAPTURE_BACKTRACE_THREAD_CONTEXT

typedef struct _EXIT_THREAD_CONTEXT EXIT_THREAD_CONTEXT

typedef struct _CAPTURE_BACKTRACE_THREAD_CONTEXT * PCAPTURE_BACKTRACE_THREAD_CONTEXT

typedef struct _EXIT_THREAD_CONTEXT * PEXIT_THREAD_CONTEXT

Function Documentation

ULONG KphCaptureStackBackTrace	(	__in ULONG	FramesToSkip,
		__in ULONG	FramesToCapture,
		__in_opt ULONG	Flags,
		__out_ecount(FramesToCapture) PVOID *	BackTrace,
		__out_opt PULONG	BackTraceHash
	)

Captures a stack trace of the current thread.

Parameters

FramesToSkip	The number of frames to skip from the bottom of the stack.
FramesToCapture	The number of frames to capture.
Flags	A combination of the following: RTL_WALK_USER_MODE_STACK The user-mode stack will be retrieved instead of the kernel-mode stack.
BackTrace	An array in which the stack trace will be stored.
BackTraceHash	A variable which receives a hash of the stack trace.

Returns

The number of frames captured.

Definition at line 582 of file thread.c.

NTSTATUS KphCaptureStackBackTraceThread	(	__in PETHREAD	Thread,
		__in ULONG	FramesToSkip,
		__in ULONG	FramesToCapture,
		__out_ecount(FramesToCapture) PVOID *	BackTrace,
		__out_opt PULONG	CapturedFrames,
		__out_opt PULONG	BackTraceHash,
		__in KPROCESSOR_MODE	AccessMode
	)

Captures the stack trace of a thread.

Parameters

Thread	The thread to capture the stack trace of.
FramesToSkip	The number of frames to skip from the bottom of the stack.
FramesToCapture	The number of frames to capture.
BackTrace	An array in which the stack trace will be stored.
CapturedFrames	A variable which receives the number of frames captured.
BackTraceHash	A variable which receives a hash of the stack trace.
AccessMode	The mode in which to perform access checks.

Returns

The number of frames captured.

Definition at line 650 of file thread.c.

VOID KphpCaptureStackBackTraceThreadSpecialApc	(	__in PRKAPC	Apc,
		__inout PKNORMAL_ROUTINE *	NormalRoutine,
		__inout PVOID *	NormalContext,
		__inout PVOID *	SystemArgument1,
		__inout PVOID *	SystemArgument2
	)

VOID KphpExitThreadSpecialApc	(	__in PRKAPC	Apc,
		__inout PKNORMAL_ROUTINE *	NormalRoutine,
		__inout PVOID *	NormalContext,
		__inout PVOID *	SystemArgument1,
		__inout PVOID *	SystemArgument2
	)

NTSTATUS KphTerminateThreadByPointerInternal	(	__in PETHREAD	Thread,
		__in NTSTATUS	ExitStatus
	)

Terminates a thread using PspTerminateThreadByPointer.

Parameters

Thread	A thread object.
ExitStatus	A status value which indicates why the thread is being terminated.

Definition at line 257 of file thread.c.

NTSTATUS KpiCaptureStackBackTraceThread	(	__in HANDLE	ThreadHandle,
		__in ULONG	FramesToSkip,
		__in ULONG	FramesToCapture,
		__out_ecount(FramesToCapture) PVOID *	BackTrace,
		__out_opt PULONG	CapturedFrames,
		__out_opt PULONG	BackTraceHash,
		__in KPROCESSOR_MODE	AccessMode
	)

Captures the stack trace of a thread.

Parameters

ThreadHandle	A handle to the thread to capture the stack trace of.
FramesToSkip	The number of frames to skip from the bottom of the stack.
FramesToCapture	The number of frames to capture.
BackTrace	An array in which the stack trace will be stored.
CapturedFrames	A variable which receives the number of frames captured.
BackTraceHash	A variable which receives a hash of the stack trace.
AccessMode	The mode in which to perform access checks.

Returns

The number of frames captured.

Definition at line 866 of file thread.c.

NTSTATUS KpiGetContextThread	(	__in HANDLE	ThreadHandle,
		__inout PCONTEXT	ThreadContext,
		__in KPROCESSOR_MODE	AccessMode
	)

Gets the context of a thread.

Parameters

ThreadHandle	A handle to a thread.
ThreadContext	A pointer to a context structure. ContextFlags must be set.
AccessMode	The mode in which to perform access checks.

Definition at line 501 of file thread.c.

NTSTATUS KpiOpenThread	(	__out PHANDLE	ThreadHandle,
		__in ACCESS_MASK	DesiredAccess,
		__in PCLIENT_ID	ClientId,
		__in KPROCESSOR_MODE	AccessMode
	)

Opens a thread.

Parameters

ThreadHandle	A variable which receives the thread handle.
DesiredAccess	The desired access to the thread.
ClientId	The identifier of a thread. UniqueThread must be present. If UniqueProcess is present, the process of the referenced thread will be checked against this identifier.
AccessMode	The mode in which to perform access checks.

Definition at line 89 of file thread.c.

NTSTATUS KpiOpenThreadProcess	(	__in HANDLE	ThreadHandle,
		__in ACCESS_MASK	DesiredAccess,
		__out PHANDLE	ProcessHandle,
		__in KPROCESSOR_MODE	AccessMode
	)

Opens the process of a thread.

Parameters

ThreadHandle	A handle to a thread.
DesiredAccess	The desired access to the process.
ProcessHandle	A variable which receives the process handle.
AccessMode	The mode in which to perform access checks.

Definition at line 176 of file thread.c.

NTSTATUS KpiQueryInformationThread	(	__in HANDLE	ThreadHandle,
		__in KPH_THREAD_INFORMATION_CLASS	ThreadInformationClass,
		__out_bcount(ProcessInformationLength) PVOID	ThreadInformation,
		__in ULONG	ThreadInformationLength,
		__out_opt PULONG	ReturnLength,
		__in KPROCESSOR_MODE	AccessMode
	)

Queries thread information.

Parameters

ThreadHandle	A handle to a thread.
ThreadInformationClass	The type of information to query.
ThreadInformation	The buffer in which the information will be stored.
ThreadInformationLength	The number of bytes available in ThreadInformation.
ReturnLength	A variable which receives the number of bytes required to be available in ThreadInformation.
AccessMode	The mode in which to perform access checks.

Definition at line 919 of file thread.c.

NTSTATUS KpiSetContextThread	(	__in HANDLE	ThreadHandle,
		__in PCONTEXT	ThreadContext,
		__in KPROCESSOR_MODE	AccessMode
	)

Sets the context of a thread.

Parameters

ThreadHandle	A handle to a thread.
ThreadContext	The new context of the thread.
AccessMode	The mode in which to perform access checks.

Definition at line 537 of file thread.c.

NTSTATUS KpiSetInformationThread	(	__in HANDLE	ThreadHandle,
		__in KPH_THREAD_INFORMATION_CLASS	ThreadInformationClass,
		__in_bcount(ThreadInformationLength) PVOID	ThreadInformation,
		__in ULONG	ThreadInformationLength,
		__in KPROCESSOR_MODE	AccessMode
	)

Sets thread information.

Parameters

ThreadHandle	A handle to a thread.
ThreadInformationClass	The type of information to set.
ThreadInformation	A buffer which contains the information to set.
ThreadInformationLength	The number of bytes present in ThreadInformation.
AccessMode	The mode in which to perform access checks.

Definition at line 1074 of file thread.c.

NTSTATUS KpiTerminateThread	(	__in HANDLE	ThreadHandle,
		__in NTSTATUS	ExitStatus,
		__in KPROCESSOR_MODE	AccessMode
	)

Terminates a thread.

Parameters

ThreadHandle	A handle to a thread.
ExitStatus	A status value which indicates why the thread is being terminated.
AccessMode	The mode in which to perform access checks.

Definition at line 354 of file thread.c.

NTSTATUS KpiTerminateThreadUnsafe	(	__in HANDLE	ThreadHandle,
		__in NTSTATUS	ExitStatus,
		__in KPROCESSOR_MODE	AccessMode
	)

Terminates a thread using an unsafe method.

Parameters

ThreadHandle	A handle to a thread.
ExitStatus	A status value which indicates why the thread is being terminated.
AccessMode	The mode in which to perform access checks.

Remarks

The thread will be terminated even if it is currently running kernel-mode code. Therefore, resources may be leaked or remain locked indefinitely.

Definition at line 403 of file thread.c.

Variable Documentation

VOID KphpCaptureStackBackTraceThreadSpecialApc

Definition at line 44 of file thread.c.

VOID KphpExitThreadSpecialApc

Definition at line 45 of file thread.c.