#ifndef _NTPSAPI_H
//
// Threads
//
#if (PHNT_MODE != PHNT_MODE_KERNEL)

/**
 * Queues an APC (Asynchronous Procedure Call) to a thread.
 *
 * \param ThreadHandle Handle to the thread to which the APC is to be queued.
 * \param ApcRoutine A pointer to the RtlDispatchAPC function or custom APC routine to be executed.
 * \param ApcArgument1 Optional first argument to be passed to the APC routine.
 * \param ApcArgument2 Optional second argument to be passed to the APC routine.
 * \param ApcArgument3 Optional third argument to be passed to the APC routine.
 * \return NTSTATUS Successful or errant status.
 * \remarks The APC will be executed in the context of the specified thread when the thread enters an alertable wait state or when any
 * process calls the NtTestAlert, NtAlertThread, NtAlertResumeThread or NtAlertThreadByThreadId functions.
 */
NTSYSCALLAPI
NTSTATUS
NTAPI
NtQueueApcThread(
    _In_ HANDLE ThreadHandle,
    _In_ PPS_APC_ROUTINE ApcRoutine, // RtlDispatchAPC
    _In_opt_ PVOID ApcArgument1,
    _In_opt_ PVOID ApcArgument2,
    _In_opt_ PVOID ApcArgument3
    );

#endif
#endif
View code on GitHub

#ifndef _NTZWAPI_H

NTSYSCALLAPI
NTSTATUS
NTAPI
ZwQueueApcThread(
    _In_ HANDLE ThreadHandle,
    _In_ PPS_APC_ROUTINE ApcRoutine, // RtlDispatchAPC
    _In_opt_ PVOID ApcArgument1,
    _In_opt_ PVOID ApcArgument2,
    _In_opt_ PVOID ApcArgument3
    );

#endif
View code on GitHub

NtDoc

Queues a user-mode Asynchronous Procedure Call (APC) on the specified thread.

Parameters

ThreadHandle - a handle the the thread granting the THREAD_SET_CONTEXT access.
ApcRoutine - the address of the function to invoke.
ApcArgument1 - the first argument to pass to the APC routine.
ApcArgument2 - the second argument to pass to the APC routine.
ApcArgument3 - the third argument to pass to the APC routine.

Remarks

To execute the APC, the thread must first enter an alertable wait via NtDelayExecution (or a similar function) or call NtTestAlert.

To queue a WoW64 APC, encode the ApcRoutine parameter using the Wow64EncodeApcRoutine macro or use RtlQueueApcWow64Thread.

To specify the reserve object or use special user-mode APCs, see NtQueueApcThreadEx and NtQueueApcThreadEx2.

Note that user APCs on the Native API level have three parameters in contrast with the Win32 APCs that only have one.

QueueUserAPC

NTinternals.net (undocumented.ntinternals.net)

ThreadHandle

Open handle to any Thread Object, including caller's thread.

ApcRoutine

Entry point to user APC routine.

ApcRoutineContext

User defined parameter for ApcRoutine.

ApcStatusBlock

???

ApcReserved

???

Function adds user defined routine to thread's APC queue. This routine will be executed when thread will be signaled. You can manually empty APC queue by calling NtTestAlert.

Documented by

Tomasz Nowak

NtQueueApcThread - NtDoc

NtDoc

Parameters

Remarks

See also

NTinternals.net (undocumented.ntinternals.net)

ThreadHandle

ApcRoutine

ApcRoutineContext

ApcStatusBlock

ApcReserved

Documented by

See also

NtDoc

Parameters

Remarks

Related Win32 API

See also

NTinternals.net (undocumented.ntinternals.net)

ThreadHandle

ApcRoutine

ApcRoutineContext

ApcStatusBlock

ApcReserved

Documented by

See also