THREADINFOCLASS - NtDoc

Native API online documentation, based on the System Informer (formerly Process Hacker) phnt headers 
#ifndef _NTPSAPI_H
//
// NtQueryInformationThread/NtSetInformationThread types
//
#if (PHNT_MODE != PHNT_MODE_KERNEL)

typedef enum _THREADINFOCLASS
{
    ThreadBasicInformation,                         // q: THREAD_BASIC_INFORMATION
    ThreadTimes,                                    // q: KERNEL_USER_TIMES
    ThreadPriority,                                 // s: KPRIORITY (requires SeIncreaseBasePriorityPrivilege)
    ThreadBasePriority,                             // s: KPRIORITY
    ThreadAffinityMask,                             // s: KAFFINITY
    ThreadImpersonationToken,                       // s: HANDLE
    ThreadDescriptorTableEntry,                     // q: DESCRIPTOR_TABLE_ENTRY (or WOW64_DESCRIPTOR_TABLE_ENTRY)
    ThreadEnableAlignmentFaultFixup,                // s: BOOLEAN
    ThreadEventPair,                                // q: Obsolete
    ThreadQuerySetWin32StartAddress,                // qs: PVOID (requires THREAD_SET_LIMITED_INFORMATION)
    ThreadZeroTlsCell,                              // s: ULONG // TlsIndex // 10
    ThreadPerformanceCount,                         // q: LARGE_INTEGER
    ThreadAmILastThread,                            // q: ULONG
    ThreadIdealProcessor,                           // s: ULONG
    ThreadPriorityBoost,                            // qs: ULONG
    ThreadSetTlsArrayAddress,                       // s: ULONG_PTR
    ThreadIsIoPending,                              // q: ULONG
    ThreadHideFromDebugger,                         // q: BOOLEAN; s: void
    ThreadBreakOnTermination,                       // qs: ULONG
    ThreadSwitchLegacyState,                        // s: void // NtCurrentThread // NPX/FPU
    ThreadIsTerminated,                             // q: ULONG // 20
    ThreadLastSystemCall,                           // q: THREAD_LAST_SYSCALL_INFORMATION
    ThreadIoPriority,                               // qs: IO_PRIORITY_HINT (requires SeIncreaseBasePriorityPrivilege)
    ThreadCycleTime,                                // q: THREAD_CYCLE_TIME_INFORMATION (requires THREAD_QUERY_LIMITED_INFORMATION)
    ThreadPagePriority,                             // qs: PAGE_PRIORITY_INFORMATION
    ThreadActualBasePriority,                       // s: LONG (requires SeIncreaseBasePriorityPrivilege)
    ThreadTebInformation,                           // q: THREAD_TEB_INFORMATION (requires THREAD_GET_CONTEXT + THREAD_SET_CONTEXT)
    ThreadCSwitchMon,                               // q: Obsolete
    ThreadCSwitchPmu,                               // q: Obsolete
    ThreadWow64Context,                             // qs: WOW64_CONTEXT, ARM_NT_CONTEXT since 20H1
    ThreadGroupInformation,                         // qs: GROUP_AFFINITY // 30
    ThreadUmsInformation,                           // q: THREAD_UMS_INFORMATION // Obsolete
    ThreadCounterProfiling,                         // q: BOOLEAN; s: THREAD_PROFILING_INFORMATION?
    ThreadIdealProcessorEx,                         // qs: PROCESSOR_NUMBER; s: previous PROCESSOR_NUMBER on return
    ThreadCpuAccountingInformation,                 // q: BOOLEAN; s: HANDLE (NtOpenSession) // NtCurrentThread // since WIN8
    ThreadSuspendCount,                             // q: ULONG // since WINBLUE
    ThreadHeterogeneousCpuPolicy,                   // q: KHETERO_CPU_POLICY // since THRESHOLD
    ThreadContainerId,                              // q: GUID
    ThreadNameInformation,                          // qs: THREAD_NAME_INFORMATION (requires THREAD_SET_LIMITED_INFORMATION)
    ThreadSelectedCpuSets,                          // q: ULONG[]
    ThreadSystemThreadInformation,                  // q: SYSTEM_THREAD_INFORMATION // 40
    ThreadActualGroupAffinity,                      // q: GROUP_AFFINITY // since THRESHOLD2
    ThreadDynamicCodePolicyInfo,                    // q: ULONG; s: ULONG (NtCurrentThread)
    ThreadExplicitCaseSensitivity,                  // qs: ULONG; s: 0 disables, otherwise enables // (requires SeDebugPrivilege and PsProtectedSignerAntimalware)
    ThreadWorkOnBehalfTicket,                       // q: ALPC_WORK_ON_BEHALF_TICKET // RTL_WORK_ON_BEHALF_TICKET_EX // NtCurrentThread
    ThreadSubsystemInformation,                     // q: SUBSYSTEM_INFORMATION_TYPE // since REDSTONE2
    ThreadDbgkWerReportActive,                      // s: ULONG; s: 0 disables, otherwise enables
    ThreadAttachContainer,                          // s: HANDLE (job object) // NtCurrentThread
    ThreadManageWritesToExecutableMemory,           // s: MANAGE_WRITES_TO_EXECUTABLE_MEMORY // since REDSTONE3
    ThreadPowerThrottlingState,                     // qs: POWER_THROTTLING_THREAD_STATE // since REDSTONE3 (set), WIN11 22H2 (query)
    ThreadWorkloadClass,                            // q: THREAD_WORKLOAD_CLASS // since REDSTONE5 // 50
    ThreadCreateStateChange,                        // s: Obsolete // since WIN11
    ThreadApplyStateChange,                         // s: Obsolete
    ThreadStrongerBadHandleChecks,                  // s: ULONG // NtCurrentThread // since 22H1
    ThreadEffectiveIoPriority,                      // q: IO_PRIORITY_HINT
    ThreadEffectivePagePriority,                    // q: ULONG
    ThreadUpdateLockOwnership,                      // s: THREAD_LOCK_OWNERSHIP // since 24H2
    ThreadSchedulerSharedDataSlot,                  // q: SCHEDULER_SHARED_DATA_SLOT_INFORMATION
    ThreadTebInformationAtomic,                     // q: THREAD_TEB_INFORMATION (requires THREAD_GET_CONTEXT + THREAD_QUERY_INFORMATION)
    ThreadIndexInformation,                         // q: THREAD_INDEX_INFORMATION
    MaxThreadInfoClass
} THREADINFOCLASS;

#endif
#endif

View code on GitHub

NtDoc

This enumeration defines types of information that can be queried or set for threads.

Applicable to

Members

ThreadBasicInformation (0)

Retrieves basic information about the thread such as its exit status, TEB address, and CLIENT_ID.

Query Set
Type THREAD_BASIC_INFORMATION N/A
Required access THREAD_QUERY_LIMITED_INFORMATION N/A

See also

ThreadTimes (1)

Retrieves creation and executions times for the thread.

Query Set
Type KERNEL_USER_TIMES N/A
Required access THREAD_QUERY_LIMITED_INFORMATION N/A

ThreadPriority (2)

Adjusts the priority of the thread.

Query Set
Type N/A KPRIORITY
Required access N/A THREAD_SET_LIMITED_INFORMATION
Required privilege None SeIncreaseBasePriorityPrivilege

ThreadBasePriority (3)

Adjusts the base priority of the thread.

Query Set
Type N/A KPRIORITY
Required access N/A THREAD_SET_LIMITED_INFORMATION

ThreadAffinityMask (4)

Limits on which processors the thread is allowed to run.

Query Set
Type N/A KAFFINITY
Required access N/A THREAD_SET_LIMITED_INFORMATION

ThreadImpersonationToken (5)

Sets thread impersonation token.

Query Set
Type N/A Token HANDLE with TOKEN_IMPERSONATE access or NULL to clear
Required access N/A THREAD_SET_THREAD_TOKEN

Remarks

Note that if the the target process does not have SeImpersonatePrivilege enabled, the system might silently downgrade the assigned token (a copy of the provided one) to the identification level of impersonation. Additionally, the system can also duplicate the token before assignment to remove an incompatible process trust level.

Notable return values

See also

ThreadDescriptorTableEntry (6)

Query Set
Type DESCRIPTOR_TABLE_ENTRY or WOW64_DESCRIPTOR_TABLE_ENTRY N/A
Required access THREAD_QUERY_INFORMATION N/A

ThreadEnableAlignmentFaultFixup (7)

Query Set
Type N/A BOOLEAN
Required access N/A THREAD_SET_INFORMATION

ThreadEventPair (8)

ThreadQuerySetWin32StartAddress (9)

Retrieves the start address of a Win32 thread.

Query Set
Type PVOID or ULONG_PTR N/A
Required access THREAD_QUERY_INFORMATION N/A

ThreadZeroTlsCell (10)

Zeros out the specified TLS cell indicated by index.

Query Set
Type N/A ULONG
Required access N/A THREAD_SET_INFORMATION

ThreadPerformanceCount (11)

Query Set
Type LARGE_INTEGER N/A
Required access THREAD_QUERY_INFORMATION N/A

ThreadAmILastThread (12)

Determines if the thread is the only one in the process.

Query Set
Type ULONG or BOOL N/A
Required access THREAD_QUERY_LIMITED_INFORMATION N/A

ThreadIdealProcessor (13)

Adjusts the number of the ideal (preferred) processor for the thread. This info class only supports the current processor group. To set the ideal processor from another group, use ThreadIdealProcessorEx (info class 33).

Query Set
Type N/A ULONG
Required access N/A THREAD_SET_INFORMATION

ThreadPriorityBoost (14)

Queries, enables, or disables priority boosting for the thread.

Query Set
Type ULONG or BOOL ULONG or BOOL
Required access THREAD_QUERY_LIMITED_INFORMATION THREAD_SET_LIMITED_INFORMATION

ThreadSetTlsArrayAddress (15)

ThreadIsIoPending (16)

Determines if the thread has any pending I/O requests.

Query Set
Type ULONG or BOOL N/A
Required access THREAD_QUERY_INFORMATION N/A

ThreadHideFromDebugger (17)

Queries or enables suppression of debug events generated on the thread. Threads that do not generate debug events are essentially invisible to debuggers.

Query Set
Type BOOLEAN void (zero-size)
Required access THREAD_QUERY_INFORMATION THREAD_SET_INFORMATION

See also

ThreadBreakOnTermination (18)

Marks the thread as critical, causing a BSOD if it terminates.

Query Set
Type ULONG or BOOL ULONG or BOOL
Required access THREAD_QUERY_INFORMATION THREAD_SET_INFORMATION
Required privilege None SeDebugPrivilege

See also

ThreadSwitchLegacyState (19)

ThreadIsTerminated (20)

Determines if the thread has already terminated. The result is similar to a no-timeout wait on the handle via NtWaitForSingleObject but requires a different access mask.

Query Set
Type ULONG or BOOL N/A
Required access THREAD_QUERY_LIMITED_INFORMATION N/A

See also

ThreadLastSystemCall (21)

Queries the information about the last syscall performed by the thread.

Query Set
Type THREAD_LAST_SYSCALL_INFORMATION N/A
Required access THREAD_GET_CONTEXT N/A

ThreadIoPriority (22)

Determines or adjusts I/O priority for the thread.

Query Set
Type IO_PRIORITY_HINT IO_PRIORITY_HINT
Required access THREAD_QUERY_LIMITED_INFORMATION THREAD_SET_INFORMATION
Required privilege None SeIncreaseBasePriorityPrivilege

ThreadCycleTime (23)

Determines the number of cycles spent by the thread.

Query Set
Type THREAD_QUERY_LIMITED_INFORMATION N/A
Required access THREAD_QUERY_LIMITED_INFORMATION N/A

ThreadPagePriority (24)

Determines or adjusts paging priority for the thread.

Query Set
Type PAGE_PRIORITY_INFORMATION PAGE_PRIORITY_INFORMATION
Required access THREAD_QUERY_LIMITED_INFORMATION THREAD_SET_INFORMATION

ThreadActualBasePriority (25)

Adjusts the base priority of the thread.

Query Set
Type N/A LONG
Required access N/A THREAD_SET_LIMITED_INFORMATION
Required privilege None SeIncreaseBasePriorityPrivilege

ThreadTebInformation (26)

Allows reading a portion of the thread's TEB.

Query Set
Type THREAD_TEB_INFORMATION N/A
Required access THREAD_GET_CONTEXT + THREAD_SET_CONTEXT N/A

ThreadCSwitchMon (27)

ThreadCSwitchPmu (28)

ThreadWow64Context (29)

Gets and sets the WoW64 context (set of registers) for 32-bit threads running on 64-bit systems.

Query Set
Type WOW64_CONTEXT WOW64_CONTEXT
Required access THREAD_GET_CONTEXT THREAD_SET_CONTEXT

See also

ThreadGroupInformation (30)

Queries or adjusts the processor group for the thread.

Query Set
Type GROUP_AFFINITY GROUP_AFFINITY
Required access THREAD_QUERY_LIMITED_INFORMATION THREAD_SET_INFORMATION

ThreadUmsInformation (31)

ThreadCounterProfiling (32)

ThreadIdealProcessorEx (33)

Queries or the number of the ideal (preferred) processor for the thread.

Query Set
Type PROCESSOR_NUMBER PROCESSOR_NUMBER
Required access THREAD_QUERY_LIMITED_INFORMATION THREAD_SET_INFORMATION

ThreadCpuAccountingInformation (34)

ThreadSuspendCount (35)

Queries the current suspension counter of the thread. Note that the value is incremented by one for frozen threads. If the value is zero, the thread is allowed to run.

Query Set
Type ULONG N/A
Required access THREAD_QUERY_LIMITED_INFORMATION N/A
Minimal version Windows 8.1 N/A

See also

ThreadHeterogeneousCpuPolicy (36)

Determines heterogeneous (big.LITTLE) scheduling policy for the thread.

Query Set
Type KHETERO_CPU_POLICY N/A
Required access THREAD_QUERY_LIMITED_INFORMATION N/A
Minimal version Windows 10 TH1 (1507) N/A

ThreadContainerId (37)

Queries the job container ID attached to the thread.

Query Set
Type GUID N/A
Required access THREAD_QUERY_LIMITED_INFORMATION N/A
Minimal version Windows 10 TH1 (1507) N/A

ThreadNameInformation (38)

Queries or sets the thread description string.

Query Set
Type THREAD_NAME_INFORMATION THREAD_NAME_INFORMATION
Required access THREAD_QUERY_LIMITED_INFORMATION THREAD_SET_LIMITED_INFORMATION
Minimal version Windows 10 TH1 (1507) Windows 10 TH1 (1507)

ThreadSelectedCpuSets (39)

ThreadSystemThreadInformation (40)

Queries various information (exit status, times, priority, etc.) for the thread, returning the same structure as used when enumerating processes/threads via NtQuerySystemInformation.

Query Set
Type SYSTEM_THREAD_INFORMATION N/A
Required access THREAD_QUERY_LIMITED_INFORMATION N/A
Minimal version Windows 10 TH1 (1507) N/A

ThreadActualGroupAffinity (41)

Query Set
Type GROUP_AFFINITY N/A
Required access THREAD_QUERY_LIMITED_INFORMATION N/A
Minimal version Windows 10 TH2 (1511) N/A

ThreadDynamicCodePolicyInfo (42)

Checks or applies exemptions for dynamic code policy (the Arbitrary Code Guard mitigation).

Query Set
Type ULONG or BOOL ULONG or BOOL
Required access THREAD_QUERY_LIMITED_INFORMATION N/A (NtCurrentThread only)
Minimal version Windows 10 TH2 (1511) Windows 10 TH2 (1511)

ThreadExplicitCaseSensitivity (43)

Configures explicit case-sensitivity for the thread.

Query Set
Type ULONG or BOOL ULONG or BOOL
Required access THREAD_QUERY_LIMITED_INFORMATION THREAD_SET_INFORMATION
Required privilege None SeDebugPrivilege
Minimal version Windows 10 TH2 (1511) Windows 10 TH2 (1511)

ThreadWorkOnBehalfTicket (44)

ThreadSubsystemInformation (45)

Determines the subsystem of the thread.

Query Set
Type SUBSYSTEM_INFORMATION_TYPE N/A
Required access THREAD_QUERY_LIMITED_INFORMATION N/A
Minimal version Windows 10 RS2 (1703) N/A

ThreadDbgkWerReportActive (46)

Enables or disables Windows Error Reporting on the thread.

Query Set
Type N/A ULONG or BOOL
Required access N/A THREAD_SET_INFORMATION
Minimal version N/A Windows 10 RS2 (1703)

ThreadAttachContainer (47)

Query Set
Type N/A Job HANDLE with JOB_OBJECT_IMPERSONATE access
Required access N/A N/A (NtCurrentThread only)
Minimal version N/A Windows 10 RS2 (1703)

ThreadManageWritesToExecutableMemory (48)

ThreadPowerThrottlingState (49)

ThreadWorkloadClass (50)

ThreadCreateStateChange (51)

ThreadApplyStateChange (52)

ThreadStrongerBadHandleChecks (53)

ThreadEffectiveIoPriority (54)

ThreadEffectivePagePriority (55)

Edit description on GitHub