thrdinfo.c

Undocumented Windows NT 中文版CHM格式

							&Win32StartAddressBuffer,
							sizeof(Win32StartAddressBuffer),
							NULL);
	if (rc==STATUS_SUCCESS) {
		printf("Win32StartAddressBuffer.Win32StartAddress = %x\n", Win32StartAddressBuffer.Win32StartAddress);
	} else {
		printf("NtQueryInformationThread failed with infoclass 'ThreadQuerySetWin32StartAddress', rc=%x\n", rc);
		return;
	}

	printf("Address of NewWin32StartAddress = %x\n", NewWin32StartAddress);
	Win32StartAddressBuffer.Win32StartAddress=(PVOID)NewWin32StartAddress;
	rc=NtSetInformationThread(ghThread,
							ThreadQuerySetWin32StartAddress,
							&Win32StartAddressBuffer,
							sizeof(Win32StartAddressBuffer));
	if (rc==STATUS_SUCCESS) {
		printf("Win32Startaddress set to NewWin32StartAddress\n");
	} else {
		printf("NtSetInformationThread failed with infoclass 'ThreadQuerySetWin32StartAddress', rc=%x\n", rc);
		return;
	}

	rc=NtQueryInformationThread(ghThread,
							ThreadQuerySetWin32StartAddress,
							&Win32StartAddressBuffer,
							sizeof(Win32StartAddressBuffer),
							NULL);
	if (rc==STATUS_SUCCESS) {
		printf("Win32StartAddressBuffer.Win32StartAddress = %x\n", Win32StartAddressBuffer.Win32StartAddress);
	} else {
		printf("NtQueryInformationThread failed with infoclass 'ThreadQuerySetWin32StartAddress', rc=%x\n", rc);
		return;
	}
}

void InfoZeroTlsCell()
{
	/* No get method for this information class */
	/*TLS values can be set only for the current thread*/

	/* The TlsFree API uses this system service. The TLS state is maintained in both 
	kernel TEB and user TEB. Hence calling this system service directly does not mean 
	that the TLS index now is available for reuse*/
	ZERO_TLSCELL ZeroTlsCellInfoInfoBuffer;
	NTSTATUS rc;

	ZeroTlsCellInfoInfoBuffer.TlsIndex=0;
	rc=NtSetInformationThread(ghThread,
							ThreadZeroTlsCell,
							&ZeroTlsCellInfoInfoBuffer,
							sizeof(ZeroTlsCellInfoInfoBuffer));
	
	if (rc==STATUS_SUCCESS) {
		printf("TlsIndex %d zeroed\n", ZeroTlsCellInfoInfoBuffer.TlsIndex);
	} else {
		printf("NtSetInformationThread failed with infoclass 'ThreadZeroTlsCell', rc=%x\n", rc);
		return;
	}
}

void InfoThreadPerformanceCount()
{
	/* No set method for this information class */
	PERFORMANCE_COUNTER_INFO PerformaceCounterInfoBuffer;
	NTSTATUS rc;

	rc=NtQueryInformationThread(ghThread,
							ThreadPerformanceCount,
							&PerformaceCounterInfoBuffer,
							sizeof(PerformaceCounterInfoBuffer),
							NULL);
	if (rc==STATUS_SUCCESS) {
		printf("PerformaceCounterInfoBuffer.Count1 = %x\n", PerformaceCounterInfoBuffer.Count1);
		printf("PerformaceCounterInfoBuffer.Count2 = %x\n", PerformaceCounterInfoBuffer.Count2);
	} else {
		printf("NtQueryInformationThread failed with infoclass 'ThreadPerformanceCount', rc=%x\n", rc);
		return;
	}
}

void InfoThreadAmILastThread()
{
	/* No set method for this information class */
	/* The system service ignores the ghThread passed, instead works with
	calling thread only */
	/* The system service is used by ExitThread function to check if the
	last thread is calling ExitThread. If so, it calls ExitProcess function
	to exit the process as well */
	AMI_LAST_THREADINFO	AmILastThreadInfoBuffer;
	NTSTATUS rc;

	rc=NtQueryInformationThread(ghThread,
							ThreadAmILastThread,
							&AmILastThreadInfoBuffer,
							sizeof(AmILastThreadInfoBuffer),
							NULL);
	if (rc==STATUS_SUCCESS) {
		printf("AmILastThreadInfoBuffer.bAmILastThread = %s\n", AmILastThreadInfoBuffer.bAmILastThread?"TRUE":"FALSE");
	} else {
		printf("NtQueryInformationThread failed with infoclass 'ThreadAmILastThread', rc=%x\n", rc);
		return;
	}
}


void InfoIdealProcessor()
{
	/* No get method for this information class */
	/*Max value allowed is 0x20, No validation is performed about whether
	such processor is available on the system*/
	IDEAL_PROCESSORINFO IdealProcessorInfo;
	NTSTATUS rc;

	IdealProcessorInfo.IdealProcessor=1;
	rc=NtSetInformationThread(ghThread,
							ThreadIdealProcessor,
							&IdealProcessorInfo,
							sizeof(IdealProcessorInfo));
	if (rc==STATUS_SUCCESS) {
		printf("IdealProcessorInfo.IdealProcessor = %d\n", IdealProcessorInfo.IdealProcessor);
	} else {
		printf("NtSetInformationThread failed with infoclass 'ThreadIdealProcessor', rc=%x\n", rc);
		return;
	}
}

void InfoPriorityBoost()
{
	NTSTATUS rc;
	PRIORITYBOOSTINFO PriorityBoostInfo;

	rc=NtQueryInformationThread(ghThread,
							ThreadPriorityBoost,
							&PriorityBoostInfo,
							sizeof(PriorityBoostInfo),
							NULL);
	if (rc!=STATUS_SUCCESS) {
		printf("NtQueryInformationThread failed with infoclass 'ThreadPriorityBoost', rc=%x\n", rc);
		return;
	}
	printf("PriorityBoostInfo.bPriorityBoostEnabled=%x\n", PriorityBoostInfo.bPriorityBoostEnabled);

	PriorityBoostInfo.bPriorityBoostEnabled=TRUE;
	rc=NtSetInformationThread(ghThread,
							ThreadPriorityBoost,
							&PriorityBoostInfo,
							sizeof(PriorityBoostInfo));
	if (rc!=STATUS_SUCCESS) {
		printf("NtSetInformationThread failed with infoclass 'ThreadPriorityBoost', rc=%x\n", rc);
		return;
	}

	rc=NtQueryInformationThread(ghThread,
							ThreadPriorityBoost,
							&PriorityBoostInfo,
							sizeof(PriorityBoostInfo),
							NULL);
	if (rc!=STATUS_SUCCESS) {
		printf("NtQueryInformationThread failed with infoclass 'ThreadPriorityBoost', rc=%x\n", rc);
		return;
	}
	printf("PriorityBoostInfo.bPriorityBoostEnabled=%x\n", PriorityBoostInfo.bPriorityBoostEnabled);
}

void InfoTlsArrayAddress()
{
	/* No get method for this information class */
	TLS_ARRAYINFO TlsArrayInfo;
	static ULONG TlsArray[64];
	NTSTATUS rc;

	TlsArrayInfo.pTlsArray=TlsArray;
	rc=NtSetInformationThread(ghThread,
							ThreadSetTlsArrayAddress,
							&TlsArrayInfo,
							sizeof(TlsArrayInfo));
	if (rc==STATUS_SUCCESS) {
		printf("TLS Array set\n");
	} else {
		printf("NtSetInformationThread failed with infoclass 'ThreadSetTlsArrayAddress', rc=%x\n", rc);
		return;
	}
}

void InfoIsIOPending()
{
	/* No set method for this information class */
	NTSTATUS rc;
	IS_IO_PENDINGINFO IsIoPendingInfoBuffer;

	rc=NtQueryInformationThread(ghThread,
							ThreadIsIoPending,
							&IsIoPendingInfoBuffer,
							sizeof(IsIoPendingInfoBuffer),
							NULL);
	if (rc==STATUS_SUCCESS) {
		printf("IsIoPendingInfoBuffer.bIsIOPending = %s\n", IsIoPendingInfoBuffer.bIsIOPending?"TRUE":"FALSE");
	} else {
		printf("NtQueryInformationThread failed with infoclass 'ThreadIsIoPending', rc=%x\n", rc);
		return;
	}
}

void InfoHideFromDebugger()
{
	/* No get method for this information class */
	/* TODO: service fails with the error code of STATUS_INFO_LENGTH_MISMATCH */
	HIDE_FROM_DEBUGGERINFO HideFromDebuggerInfo;
	NTSTATUS rc;

	HideFromDebuggerInfo.bHideFromDebugger=TRUE;
	rc=NtSetInformationThread(ghThread,
							ThreadHideFromDebugger,
							&HideFromDebuggerInfo,
							sizeof(HideFromDebuggerInfo));
	if (rc==STATUS_SUCCESS) {
		printf("Thread hidden from Debugger\n");
	} else {
		printf("NtSetInformationThread failed with infoclass 'ThreadHideFromDebugger', rc=%x\n", rc);
		return;
	}
}


int main(int argc, char **argv)
{
	if (argc==2) {
		NTSTATUS rc;
		CLIENT_ID ClientId;
		OBJECT_ATTRIBUTES ObjAttr;

		InitializeObjectAttributes(&ObjAttr,
									NULL,
									0,
									NULL,
									NULL);


		ClientId.UniqueProcess=(HANDLE)0;
		ClientId.UniqueThread=(HANDLE)atoi(argv[1]);

		rc=NtOpenThread(&ghThread,
							THREAD_ALL_ACCESS,
							&ObjAttr,
							&ClientId);
		if (rc!=STATUS_SUCCESS) {
			printf("NtOpenThread failed, rc=%x\n", rc);
			return 0;
		}
	} else {
		ghThread=NtCurrentThread();
	}

	printf("ghThread=%x\n", ghThread);


	InfoThreadBasicInformation();
	InfoThreadTimes();
	InfoThreadPriority();
	InfoThreadBasePriority();
	InfoThreadAffinityMask();
	InfoThreadImpersonationToken();
	InfoThreadDescriptorTableEntry();
	InfoAllignmentFaultFixup();
	InfoThreadEventPair();
	InfoWin32StartAddress();
	InfoZeroTlsCell();
	InfoThreadPerformanceCount();
	InfoThreadAmILastThread();
	InfoIdealProcessor();
	InfoPriorityBoost();
	InfoTlsArrayAddress();
	InfoIsIOPending();
	InfoHideFromDebugger();
}