typedef enum _THREADINFOCLASS
{
ThreadBasicInformation, // q: THREAD_BASIC_INFORMATION
ThreadTimes, // q: KERNEL_USER_TIMES
ThreadPriority, // s: KPRIORITY (requires SeIncreaseBasePriorityPrivilege)
ThreadBasePriority, // s: KPRIORITY
ThreadAffinityMask, // s: KAFFINITY
ThreadImpersonationToken, // s: HANDLE
ThreadDescriptorTableEntry, // q: DESCRIPTOR_TABLE_ENTRY (or WOW64_DESCRIPTOR_TABLE_ENTRY)
ThreadEnableAlignmentFaultFixup, // s: BOOLEAN
ThreadEventPair,
ThreadQuerySetWin32StartAddress, // q: ULONG_PTR
ThreadZeroTlsCell, // s: ULONG // TlsIndex // 10
ThreadPerformanceCount, // q: LARGE_INTEGER
ThreadAmILastThread, // q: ULONG
ThreadIdealProcessor, // s: ULONG
ThreadPriorityBoost, // qs: ULONG
ThreadSetTlsArrayAddress, // s: ULONG_PTR // Obsolete
ThreadIsIoPending, // q: ULONG
ThreadHideFromDebugger, // q: BOOLEAN; s: void
ThreadBreakOnTermination, // qs: ULONG
ThreadSwitchLegacyState, // s: void // NtCurrentThread // NPX/FPU
ThreadIsTerminated, // q: ULONG // 20
ThreadLastSystemCall, // q: THREAD_LAST_SYSCALL_INFORMATION
ThreadIoPriority, // qs: IO_PRIORITY_HINT (requires SeIncreaseBasePriorityPrivilege)
ThreadCycleTime, // q: THREAD_CYCLE_TIME_INFORMATION
ThreadPagePriority, // qs: PAGE_PRIORITY_INFORMATION
ThreadActualBasePriority, // s: LONG (requires SeIncreaseBasePriorityPrivilege)
ThreadTebInformation, // q: THREAD_TEB_INFORMATION (requires THREAD_GET_CONTEXT + THREAD_SET_CONTEXT)
ThreadCSwitchMon, // Obsolete
ThreadCSwitchPmu,
ThreadWow64Context, // qs: WOW64_CONTEXT, ARM_NT_CONTEXT since 20H1
ThreadGroupInformation, // qs: GROUP_AFFINITY // 30
ThreadUmsInformation, // q: THREAD_UMS_INFORMATION // Obsolete
ThreadCounterProfiling, // q: BOOLEAN; s: THREAD_PROFILING_INFORMATION?
ThreadIdealProcessorEx, // qs: PROCESSOR_NUMBER; s: previous PROCESSOR_NUMBER on return
ThreadCpuAccountingInformation, // q: BOOLEAN; s: HANDLE (NtOpenSession) // NtCurrentThread // since WIN8
ThreadSuspendCount, // q: ULONG // since WINBLUE
ThreadHeterogeneousCpuPolicy, // q: KHETERO_CPU_POLICY // since THRESHOLD
ThreadContainerId, // q: GUID
ThreadNameInformation, // qs: THREAD_NAME_INFORMATION
ThreadSelectedCpuSets,
ThreadSystemThreadInformation, // q: SYSTEM_THREAD_INFORMATION // 40
ThreadActualGroupAffinity, // q: GROUP_AFFINITY // since THRESHOLD2
ThreadDynamicCodePolicyInfo, // q: ULONG; s: ULONG (NtCurrentThread)
ThreadExplicitCaseSensitivity, // qs: ULONG; s: 0 disables, otherwise enables
ThreadWorkOnBehalfTicket, // RTL_WORK_ON_BEHALF_TICKET_EX
ThreadSubsystemInformation, // q: SUBSYSTEM_INFORMATION_TYPE // since REDSTONE2
ThreadDbgkWerReportActive, // s: ULONG; s: 0 disables, otherwise enables
ThreadAttachContainer, // s: HANDLE (job object) // NtCurrentThread
ThreadManageWritesToExecutableMemory, // MANAGE_WRITES_TO_EXECUTABLE_MEMORY // since REDSTONE3
ThreadPowerThrottlingState, // POWER_THROTTLING_THREAD_STATE // since REDSTONE3 (set), WIN11 22H2 (query)
ThreadWorkloadClass, // THREAD_WORKLOAD_CLASS // since REDSTONE5 // 50
ThreadCreateStateChange, // since WIN11
ThreadApplyStateChange,
ThreadStrongerBadHandleChecks, // since 22H1
ThreadEffectiveIoPriority, // q: IO_PRIORITY_HINT
ThreadEffectivePagePriority, // q: ULONG
MaxThreadInfoClass
} THREADINFOCLASS;
View code on GitHub
This enumeration defines types of information that can be queried or set for threads.
Applicable to
Members
Retrieves basic information about the thread such as its exit status, TEB address, and CLIENT_ID.
See also
ThreadTimes (1)
Retrieves creation and executions times for the thread.
|
Query |
Set |
| Type |
KERNEL_USER_TIMES |
N/A |
| Required access |
THREAD_QUERY_LIMITED_INFORMATION |
N/A |
ThreadPriority (2)
Adjusts the priority of the thread.
|
Query |
Set |
| Type |
N/A |
KPRIORITY |
| Required access |
N/A |
THREAD_SET_LIMITED_INFORMATION |
| Required privilege |
None |
SeIncreaseBasePriorityPrivilege |
ThreadBasePriority (3)
Adjusts the base priority of the thread.
|
Query |
Set |
| Type |
N/A |
KPRIORITY |
| Required access |
N/A |
THREAD_SET_LIMITED_INFORMATION |
ThreadAffinityMask (4)
Limits on which processors the thread is allowed to run.
|
Query |
Set |
| Type |
N/A |
KAFFINITY |
| Required access |
N/A |
THREAD_SET_LIMITED_INFORMATION |
ThreadImpersonationToken (5)
Sets thread impersonation token.
|
Query |
Set |
| Type |
N/A |
Token HANDLE with TOKEN_IMPERSONATE access or NULL to clear |
| Required access |
N/A |
THREAD_SET_THREAD_TOKEN |
Note that if the the target process does not have SeImpersonatePrivilege enabled, the system might silently downgrade the assigned token (a copy of the provided one) to the identification level of impersonation. Additionally, the system can also duplicate the token before assignment to remove an incompatible process trust level.
Notable return values
STATUS_BAD_TOKEN_TYPE - the caller provided a primary token while the operation requires an impersonation token.
See also
ThreadDescriptorTableEntry (6)
ThreadEnableAlignmentFaultFixup (7)
|
Query |
Set |
| Type |
N/A |
BOOLEAN |
| Required access |
N/A |
THREAD_SET_INFORMATION |
ThreadEventPair (8)
ThreadQuerySetWin32StartAddress (9)
Retrieves the start address of a Win32 thread.
ThreadZeroTlsCell (10)
Zeros out the specified TLS cell indicated by index.
|
Query |
Set |
| Type |
N/A |
ULONG |
| Required access |
N/A |
THREAD_SET_INFORMATION |
ThreadAmILastThread (12)
Determines if the thread is the only one in the process.
|
Query |
Set |
| Type |
ULONG or BOOL |
N/A |
| Required access |
THREAD_QUERY_LIMITED_INFORMATION |
N/A |
ThreadIdealProcessor (13)
Adjusts the number of the ideal (preferred) processor for the thread. This info class only supports the current processor group. To set the ideal processor from another group, use ThreadIdealProcessorEx (info class 33).
|
Query |
Set |
| Type |
N/A |
ULONG |
| Required access |
N/A |
THREAD_SET_INFORMATION |
ThreadPriorityBoost (14)
Queries, enables, or disables priority boosting for the thread.
|
Query |
Set |
| Type |
ULONG or BOOL |
ULONG or BOOL |
| Required access |
THREAD_QUERY_LIMITED_INFORMATION |
THREAD_SET_LIMITED_INFORMATION |
ThreadSetTlsArrayAddress (15)
ThreadIsIoPending (16)
Determines if the thread has any pending I/O requests.
ThreadHideFromDebugger (17)
Queries or enables suppression of debug events generated on the thread. Threads that do not generate debug events are essentially invisible to debuggers.
See also
ThreadBreakOnTermination (18)
Marks the thread as critical, causing a BSOD if it terminates.
|
Query |
Set |
| Type |
ULONG or BOOL |
ULONG or BOOL |
| Required access |
THREAD_QUERY_INFORMATION |
THREAD_SET_INFORMATION |
| Required privilege |
None |
SeDebugPrivilege |
See also
ThreadSwitchLegacyState (19)
ThreadIsTerminated (20)
Determines if the thread has already terminated. The result is similar to a no-timeout wait on the handle via NtWaitForSingleObject but requires a different access mask.
|
Query |
Set |
| Type |
ULONG or BOOL |
N/A |
| Required access |
THREAD_QUERY_LIMITED_INFORMATION |
N/A |
See also
ThreadLastSystemCall (21)
Queries the information about the last syscall performed by the thread.
ThreadIoPriority (22)
Determines or adjusts I/O priority for the thread.
|
Query |
Set |
| Type |
IO_PRIORITY_HINT |
IO_PRIORITY_HINT |
| Required access |
THREAD_QUERY_LIMITED_INFORMATION |
THREAD_SET_INFORMATION |
| Required privilege |
None |
SeIncreaseBasePriorityPrivilege |
ThreadCycleTime (23)
Determines the number of cycles spent by the thread.
|
Query |
Set |
| Type |
THREAD_QUERY_LIMITED_INFORMATION |
N/A |
| Required access |
THREAD_QUERY_LIMITED_INFORMATION |
N/A |
ThreadPagePriority (24)
Determines or adjusts paging priority for the thread.
ThreadActualBasePriority (25)
Adjusts the base priority of the thread.
|
Query |
Set |
| Type |
N/A |
LONG |
| Required access |
N/A |
THREAD_SET_LIMITED_INFORMATION |
| Required privilege |
None |
SeIncreaseBasePriorityPrivilege |
Allows reading a portion of the thread's TEB.
ThreadCSwitchMon (27)
ThreadCSwitchPmu (28)
ThreadWow64Context (29)
Gets and sets the WoW64 context (set of registers) for 32-bit threads running on 64-bit systems.
|
Query |
Set |
| Type |
WOW64_CONTEXT |
WOW64_CONTEXT |
| Required access |
THREAD_GET_CONTEXT |
THREAD_SET_CONTEXT |
See also
Queries or adjusts the processor group for the thread.
|
Query |
Set |
| Type |
GROUP_AFFINITY |
GROUP_AFFINITY |
| Required access |
THREAD_QUERY_LIMITED_INFORMATION |
THREAD_SET_INFORMATION |
ThreadCounterProfiling (32)
ThreadIdealProcessorEx (33)
Queries or the number of the ideal (preferred) processor for the thread.
|
Query |
Set |
| Type |
PROCESSOR_NUMBER |
PROCESSOR_NUMBER |
| Required access |
THREAD_QUERY_LIMITED_INFORMATION |
THREAD_SET_INFORMATION |
ThreadSuspendCount (35)
Queries the current suspension counter of the thread. Note that the value is incremented by one for frozen threads. If the value is zero, the thread is allowed to run.
|
Query |
Set |
| Type |
ULONG |
N/A |
| Required access |
THREAD_QUERY_LIMITED_INFORMATION |
N/A |
| Minimal version |
Windows 8.1 |
N/A |
See also
ThreadHeterogeneousCpuPolicy (36)
Determines heterogeneous (big.LITTLE) scheduling policy for the thread.
|
Query |
Set |
| Type |
KHETERO_CPU_POLICY |
N/A |
| Required access |
THREAD_QUERY_LIMITED_INFORMATION |
N/A |
| Minimal version |
Windows 10 TH1 (1507) |
N/A |
ThreadContainerId (37)
Queries the job container ID attached to the thread.
|
Query |
Set |
| Type |
GUID |
N/A |
| Required access |
THREAD_QUERY_LIMITED_INFORMATION |
N/A |
| Minimal version |
Windows 10 TH1 (1507) |
N/A |
Queries or sets the thread description string.
ThreadSelectedCpuSets (39)
Queries various information (exit status, times, priority, etc.) for the thread, returning the same structure as used when enumerating processes/threads via NtQuerySystemInformation.
|
Query |
Set |
| Type |
SYSTEM_THREAD_INFORMATION |
N/A |
| Required access |
THREAD_QUERY_LIMITED_INFORMATION |
N/A |
| Minimal version |
Windows 10 TH1 (1507) |
N/A |
ThreadActualGroupAffinity (41)
|
Query |
Set |
| Type |
GROUP_AFFINITY |
N/A |
| Required access |
THREAD_QUERY_LIMITED_INFORMATION |
N/A |
| Minimal version |
Windows 10 TH2 (1511) |
N/A |
ThreadDynamicCodePolicyInfo (42)
Checks or applies exemptions for dynamic code policy (the Arbitrary Code Guard mitigation).
|
Query |
Set |
| Type |
ULONG or BOOL |
ULONG or BOOL |
| Required access |
THREAD_QUERY_LIMITED_INFORMATION |
N/A (NtCurrentThread only) |
| Minimal version |
Windows 10 TH2 (1511) |
Windows 10 TH2 (1511) |
ThreadExplicitCaseSensitivity (43)
Configures explicit case-sensitivity for the thread.
|
Query |
Set |
| Type |
ULONG or BOOL |
ULONG or BOOL |
| Required access |
THREAD_QUERY_LIMITED_INFORMATION |
THREAD_SET_INFORMATION |
| Required privilege |
None |
SeDebugPrivilege |
| Minimal version |
Windows 10 TH2 (1511) |
Windows 10 TH2 (1511) |
ThreadWorkOnBehalfTicket (44)
Determines the subsystem of the thread.
|
Query |
Set |
| Type |
SUBSYSTEM_INFORMATION_TYPE |
N/A |
| Required access |
THREAD_QUERY_LIMITED_INFORMATION |
N/A |
| Minimal version |
Windows 10 RS2 (1703) |
N/A |
ThreadDbgkWerReportActive (46)
Enables or disables Windows Error Reporting on the thread.
|
Query |
Set |
| Type |
N/A |
ULONG or BOOL |
| Required access |
N/A |
THREAD_SET_INFORMATION |
| Minimal version |
N/A |
Windows 10 RS2 (1703) |
ThreadAttachContainer (47)
|
Query |
Set |
| Type |
N/A |
Job HANDLE with JOB_OBJECT_IMPERSONATE access |
| Required access |
N/A |
N/A (NtCurrentThread only) |
| Minimal version |
N/A |
Windows 10 RS2 (1703) |
ThreadManageWritesToExecutableMemory (48)
ThreadPowerThrottlingState (49)
ThreadWorkloadClass (50)
ThreadCreateStateChange (51)
ThreadApplyStateChange (52)
ThreadStrongerBadHandleChecks (53)
ThreadEffectiveIoPriority (54)
ThreadEffectivePagePriority (55)
