public static extern NtStatus NtSetInformationThread(
SafeKernelObjectHandle ThreadHandle,
ThreadInformationClass ThreadInformationClass,
SafeBuffer ThreadInformation,
int ThreadInformationLength
);
public static extern int NtQueryInformationThread(SafeHandle hThread, ThreadInformationClass infoClass, IntPtr buffer, uint size, out uint actualSize);
public static extern int ZwQueryInformationThread(
IntPtr ThreadHandle,
ThreadInformationClass ThreadInformationClass,
ref THREAD_BASIC_INFORMATION ThreadInformation,
int ThreadInformationLength,
out int ReturnLength);
internal static extern NtStatus NtSetInformationThread(IntPtr threadHandle, ThreadInformationClass threadInformationClass, IntPtr threadInformation, int threadInformationLength);
public void KphSetInformationThread(
ThreadHandle threadHandle,
ThreadInformationClass threadInformationClass,
IntPtr threadInformation,
int threadInformationLength
)
{
byte* inData = stackalloc byte[0x10];
*(int*)inData = threadHandle;
*(int*)(inData + 0x4) = (int)threadInformationClass;
*(int*)(inData + 0x8) = threadInformation.ToInt32();
*(int*)(inData + 0xc) = threadInformationLength;
_fileHandle.IoControl(CtlCode(Control.KphSetInformationThread), inData, 0x10, null, 0);
}
public void KphQueryInformationThread(
ThreadHandle threadHandle,
ThreadInformationClass threadInformationClass,
IntPtr threadInformation,
int threadInformationLength,
out int returnLength
)
{
byte* inData = stackalloc byte[0x14];
int returnLengthLocal;
*(int*)inData = threadHandle;
*(int*)(inData + 0x4) = (int)threadInformationClass;
*(int*)(inData + 0x8) = threadInformation.ToInt32();
*(int*)(inData + 0xc) = threadInformationLength;
*(int*)(inData + 0x10) = (int)&returnLengthLocal;
try
{
_fileHandle.IoControl(CtlCode(Control.KphQueryInformationThread), inData, 0x14, null, 0);
}
finally
{
returnLength = returnLengthLocal;
}
}
public unsafe static extern int NtQueryInformationThread(SafeHandle hThread, ThreadInformationClass infoClass, out THREAD_BASIC_INFORMATION info, int size, int *actualSize = null);
public static extern NtStatus NtSetInformationThread(IntPtr ThreadHandle, ThreadInformationClass ThreadInformationClass, IntPtr ThreadInformation, int ThreadInformationLength);
/// <summary>
/// Retrieves information about the specified thread.
/// </summary>
/// <param name="threadHandle">A handle to the thread to query.</param>
/// <param name="threadInformationClass">The class of the thread to retrieve.</param>
/// <returns>The requested data as an unsigned integer.</returns>
public static unsafe ulong NtQueryInformationThread(SafeMemoryHandle threadHandle, ThreadInformationClass threadInformationClass)
{
// Check if the handle is valid
HandleManipulator.ValidateAsArgument(threadHandle, "threadHandle");
// Get the thread info
ulong info = 0;
var ret = NativeMethods.NtQueryInformationThread(threadHandle, ThreadInformationClass.ThreadBasicInformation,
&info, new IntPtr(sizeof(ulong)), out var returnLength);
// If the function succeeded
if (ret == 0)
{
return(info);
}
// Else, couldn't get the thread info, throws an exception
throw new ApplicationException($"The thread information cannot be queried; error code '{ret}'.");
}
