#ifndef _NTPSAPI_H
//
// Threads
//
#if (PHNT_MODE != PHNT_MODE_KERNEL)

/**
 * Creates a new thread in the specified process.
 *
 * \param ThreadHandle A pointer to a handle that receives the thread object handle.
 * \param DesiredAccess The access rights desired for the thread object.
 * \param ObjectAttributes Optional. A pointer to an OBJECT_ATTRIBUTES structure that specifies the attributes of the new thread.
 * \param ProcessHandle A handle to the process in which the thread is to be created.
 * \param ClientId A pointer to a CLIENT_ID structure that receives the client ID of the new thread.
 * \param ThreadContext A pointer to a CONTEXT structure that specifies the initial context of the new thread.
 * \param InitialTeb A pointer to an INITIAL_TEB structure that specifies the initial stack limits of the new thread.
 * \param CreateSuspended If TRUE, the thread is created in a suspended state.
 * \return NTSTATUS Successful or errant status.
 */
NTSYSCALLAPI
NTSTATUS
NTAPI
NtCreateThread(
    _Out_ PHANDLE ThreadHandle,
    _In_ ACCESS_MASK DesiredAccess,
    _In_opt_ PCOBJECT_ATTRIBUTES ObjectAttributes,
    _In_ HANDLE ProcessHandle,
    _Out_ PCLIENT_ID ClientId,
    _In_ PCONTEXT ThreadContext,
    _In_ PINITIAL_TEB InitialTeb,
    _In_ BOOLEAN CreateSuspended
    );

#endif
#endif
View code on GitHub

#ifndef _NTZWAPI_H

NTSYSCALLAPI
NTSTATUS
NTAPI
ZwCreateThread(
    _Out_ PHANDLE ThreadHandle,
    _In_ ACCESS_MASK DesiredAccess,
    _In_opt_ PCOBJECT_ATTRIBUTES ObjectAttributes,
    _In_ HANDLE ProcessHandle,
    _Out_ PCLIENT_ID ClientId,
    _In_ PCONTEXT ThreadContext,
    _In_ PINITIAL_TEB InitialTeb,
    _In_ BOOLEAN CreateSuspended
    );

#endif
View code on GitHub

Creates a new thread in the specified process. This is a legacy function that requires manually allocating stack and preparing thread context.

Parameters

ThreadHandle - a pointer to a variable that receives a handle to the new thread.
DesiredAccess - the thread access mask to provide on the returned handle. This value is usually THREAD_ALL_ACCESS.
ObjectAttributes - an optional pointer to an OBJECT_ATTRIBUTES structure that specifies attributes for the new object/handle, such as the security descriptor and handle inheritance.
ProcessHandle - a handle to the process where the thread should be created. This can either be the NtCurrentProcess pseudo-handle or a handle with PROCESS_CREATE_THREAD access.
ClientId - a pointer to a variable that receives the client ID of the new thread.
ThreadContext - the initial context (a set of registers) for the thread.
InitialTeb - the structure describing the thread stack.
CreateSuspended - whether the new thread should be created in a suspended state or allowed to run immediately. When specifying TRUE, you can use NtResumeThread to resume the thread later.

Remarks

For the modern equivalent, see NtCreateThreadEx.

To avoid retaining unused resources, call NtClose to close the returned handle when it is no longer required.

This functionality is not exposed in Win32 API. The closest alternative that uses the modern syscall is CreateRemoteThreadEx.

NtCreateThread - NtDoc

Parameters

Remarks

See also

Parameters

Remarks

Related Win32 API

See also