NtQueryInformationThread - NtDoc
Native API online documentation, based on the System Informer
(formerly Process Hacker) phnt
headers
#ifndef _NTPSAPI_H
// Threads
#if (PHNT_MODE != PHNT_MODE_KERNEL)
NTSYSCALLAPI
NTSTATUS
NTAPI
NtQueryInformationThread(
_In_ HANDLE ThreadHandle,
_In_ THREADINFOCLASS ThreadInformationClass,
_Out_writes_bytes_(ThreadInformationLength) PVOID ThreadInformation,
_In_ ULONG ThreadInformationLength,
_Out_opt_ PULONG ReturnLength
);
View code on GitHub#ifndef _NTZWAPI_H
NTSYSCALLAPI
NTSTATUS
NTAPI
ZwQueryInformationThread(
_In_ HANDLE ThreadHandle,
_In_ THREADINFOCLASS ThreadInformationClass,
_Out_writes_bytes_(ThreadInformationLength) PVOID ThreadInformation,
_In_ ULONG ThreadInformationLength,
_Out_opt_ PULONG ReturnLength
);
View code on GitHubQueries various information about the specified thread. This function is partially documented in Windows Driver Kit and Winodws SDK.
ThreadHandle - a handle to the thread or the NtCurrentThread pseudo-handle. For most information classes, the handle must grant either THREAD_QUERY_INFORMATION or THREAD_QUERY_LIMITED_INFORMATION access.ThreadInformationClass - the type of information to retrieve.ThreadInformation - a pointer to user-allocated buffer that receives the requested information.ThreadInformationLength - the size of the provided buffer in bytes.ReturnLength - an optional pointer to a variable that receives the number of bytes written when the function succeeds or the number of bytes requires when the buffer is too small.For the list of supported info classes and required thread access, see THREADINFOCLASS.
STATUS_BUFFER_TOO_SMALL and STATUS_INFO_LENGTH_MISMATCH indicate that the requested information does not fit into the provided buffer.GetThreadInformationGetThreadIdGetProcessIdOfThreadGetExitCodeThreadGetThreadDescriptionGetThreadIOPendingFlagGetThreadPriorityGetThreadTimesWow64GetThreadContext