getting owner thread id of fastmutex

suki_minna · September 19, 2013, 9:52pm

hello ,

im using fast mutex to guard my global buffer which will be accessed from few functions and threads.

there are cases where the mutex locked and not released. From FAST_MUTEX structure i see that there is a variable ‘owner’ but it is a PKTHREAD.

typedef struct _FAST_MUTEX {
volatile LONG Count;
PKTHREAD Owner;
ULONG Contention;
KEVENT Event;
ULONG OldIrql;
} FAST_MUTEX, *PFAST_MUTEX;

my question is how can i get the thread ID from PKTRHREAD

thanks

Aditya_Shrivastava · September 19, 2013, 11:25pm

Did you try expanding on kthread and related ethread; there has to be a tid some where in them. IIRC both PID and TID were there in some sub structure.

mark-4 · September 20, 2013, 5:22am

It’s in the _CLIENT_ID structure of the ETHREAD. But of course don’t use it because thisis an opaque structure that varies between plaforms. Instead use the PsGetThreadId function.

Aditya_Shrivastava · September 20, 2013, 6:36am

Going by the description in original post; I think he will be needing this for trouble shooting. Well at least I thought so.

Daniel_Terhell · September 20, 2013, 7:31am

>my question is how can i get the thread ID from PKTRHREAD

Why a pointer to the thread is not sufficient and why do you need the thread
ID ? If you treat the pointer as an ID what difference does that make to you
? Do you only care about what process the thread belongs to ?

//Daniel

OSR_Community_User · September 20, 2013, 8:01am

I think we have lost track of the original goal, which is to discover what
thread is holding a fast mutex and failing to release it.
joe

>my question is how can i get the thread ID from PKTRHREAD

Why a pointer to the thread is not sufficient and why do you need the
thread
ID ? If you treat the pointer as an ID what difference does that make to
you
? Do you only care about what process the thread belongs to ?

//Daniel

NTFSD is sponsored by OSR

OSR is hiring!! Info at http://www.osr.com/careers

For our schedule of debugging and file system seminars visit:
http://www.osr.com/seminars

To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer

mark-4 · September 20, 2013, 11:12am

If this is just for debugging purposes and you’re after a quick way to get the thread ID outside the debugger, you can get the offset into the PETHREAD structure by looking at how PsGetCurrentThreadId does it

kd> !thread
THREAD fffffa800cd39b60 Cid 0004.0038 Teb: 0000000000000000 Win32Thread:
…

kd> u nt!PSGetCurrentThreadID
nt!PsGetCurrentThreadId:
fffff8000286609c 65488b042588010000 mov rax,qword ptr gs:[188h] fffff800028660a5 488b80b8030000 mov rax,qword ptr [rax+3B8h]
fffff800`028660ac c3 ret

kd> dq fffffa800cd39b60+3b8 L1
fffffa800cd39f18 0000000000000038