#ifndef _NTPSAPI_H
//
// Threads
//
#if (PHNT_MODE != PHNT_MODE_KERNEL)
#if (PHNT_VERSION >= PHNT_WINDOWS_11)

/**
 * Queues an Asynchronous Procedure Call (APC) to a specified thread.
 *
 * \param ThreadHandle A handle to the thread to which the APC is to be queued.
 * \param ReserveHandle An optional handle to a reserve object. This can be obtained using NtAllocateReserveObject.
 * \param ApcFlags Flags that control the behavior of the APC. These flags are defined in QUEUE_USER_APC_FLAGS.
 * \param ApcRoutine A pointer to the RtlDispatchAPC function or custom APC routine to be executed.
 * \param ApcArgument1 An optional argument to be passed to the APC routine.
 * \param ApcArgument2 An optional argument to be passed to the APC routine.
 * \param ApcArgument3 An optional argument to be passed to the APC routine.
 * \return NTSTATUS Successful or errant status.
 * \remarks The APC will be executed in the context of the specified thread when the thread enters an alertable wait state or immediately
 * when QUEUE_USER_APC_SPECIAL_USER_APC is used or any process calls the NtTestAlert, NtAlertThread,
 * NtAlertResumeThread or NtAlertThreadByThreadId functions.
 */
NTSYSCALLAPI
NTSTATUS
NTAPI
NtQueueApcThreadEx2(
    _In_ HANDLE ThreadHandle,
    _In_opt_ HANDLE ReserveHandle, // NtAllocateReserveObject
    _In_ ULONG ApcFlags, // QUEUE_USER_APC_FLAGS
    _In_ PPS_APC_ROUTINE ApcRoutine, // RtlDispatchAPC
    _In_opt_ PVOID ApcArgument1,
    _In_opt_ PVOID ApcArgument2,
    _In_opt_ PVOID ApcArgument3
    );

#endif
#endif
#endif
View code on GitHub

#ifndef _NTZWAPI_H

NTSYSCALLAPI
NTSTATUS
NTAPI
ZwQueueApcThreadEx2(
    _In_ HANDLE ThreadHandle,
    _In_opt_ HANDLE ReserveHandle, // NtAllocateReserveObject
    _In_ ULONG ApcFlags, // QUEUE_USER_APC_FLAGS
    _In_ PPS_APC_ROUTINE ApcRoutine, // RtlDispatchAPC
    _In_opt_ PVOID ApcArgument1,
    _In_opt_ PVOID ApcArgument2,
    _In_opt_ PVOID ApcArgument3
    );

#endif
View code on GitHub

NtDoc

Queues a user-mode Asynchronous Procedure Call (APC) on the specified thread.

Parameters

ThreadHandle - a handle the the thread granting the THREAD_SET_CONTEXT access.
ReserveHandle - an optional handle to the reserve object (see NtAllocateReserveObject) to avoid memory allocations.
ApcFlags - the flags that control properties of the APC.
ApcRoutine - the address of the function to invoke.
ApcArgument1 - the first argument to pass to the APC routine.
ApcArgument2 - the second argument to pass to the APC routine.
ApcArgument3 - the third argument to pass to the APC routine.

Supported flags

QUEUE_USER_APC_FLAGS_NONE - indicates that none of the flags listed below are used. The behavior defaults to regular APCs that require the thread to first enter an alertable wait via NtDelayExecution (or a similar function) or call NtTestAlert.
QUEUE_USER_APC_FLAGS_SPECIAL_USER_APC - queue a special user-mode APC that does not require the thread to enter an alertable state. The APC will be executed on the next thread's transition to user mode.
QUEUE_USER_APC_FLAGS_CALLBACK_DATA_CONTEXT - let the callback routine receive the context (set of registers) that was interrupted when the thread was directed to call the APC function.

Remarks

To queue a WoW64 APC, encode the ApcRoutine parameter using the Wow64EncodeApcRoutine macro or use RtlQueueApcWow64Thread.

Note that user APCs on the Native API level have three parameters in contrast with the Win32 APCs that only have one.

QueueUserAPC2

Required OS version

This function was introduced in Windows 11.

NtQueueApcThreadEx2 - NtDoc

NtDoc

Parameters

Supported flags

Remarks

Required OS version

See also

NtDoc

Parameters

Supported flags

Remarks

Related Win32 API

Required OS version

See also