Hi everyone
I would appreciate any help on the following: I need to call
PsLookupProcessThreadByCid inside (my) NtResumeThread and I am looking at
how to get the Cid in a portable manner 2K/XP/2003. Right now, for testing
purposes, I get a reference to PETHREAD either by calling PsGetCurrentThread
or ObReferenceObjectByHandle(hThread … , and acces the Cid by means of:
PCLIENT_ID((PCHAR)ptr + 0x1e0)->UniqueProcess. I know… I know …
As you all know the ETHREAD structure has changed from 2k to xp and I am now
after a portable method to get to the Cid. Actually, what I am really after
is the UniqueProcess member …
ps: I am running in the context of the first ResumeThread for a new process.
Any idea?
Thanks,
–
Marco ( S_1_5_18 at hotmail.com )