Thanks Anders,
that was really helpful.
Cheers, Mircea.
-----Original Message-----
From: Anders Fogh [mailto:xxxxx@flaffer.com]
Sent: Saturday, March 31, 2001 12:01 AM
To: NT Developers Interest List
Subject: [ntdev] Re: Native API
Hello Mircea,
- Yes. NtOpenThread will do it for you in pure usermode.
2A. Yes. However, notice a handle is only valid within the
process where it’s created (the handle that is). The DuplicateHandle
function might do the trick if you have problems with this.
2B. Signatures? Hope this is what you mean
#if !defined(NTSYSTEM)
#define NTSYSAPI DECLSPEC_IMPORT
#define NTSYSCALLAPI DECLSPEC_IMPORT
#else
#define NTSYSAPI
#if defined(NTDLLBUILD)
#define NTSYSCALLAPI
#else
#define NTSYSCALLAPI DECLSPEC_ADDRSAFE
#endif
#endif
#define NTAPI __stdcall
NTSYSAPI
NTSTATUS
NTAPI
NtOpenThread (
OUT PHANDLE ThreadHandle,
IN ACCESS_MASK DesiredAccess,
IN POBJECT_ATTRIBUTES ObjectAttributes,
IN PCLIENT_ID ClientId OPTIONAL
);
NTSYSAPI
NTSTATUS
NTAPI
NtSuspendThread (
IN HANDLE ThreadHandle,
OUT PLONG SuspendCount OPTIONAL
);
NTSYSAPI
NTSTATUS
NTAPI
NtTerminateThread (
IN HANDLE ThreadHandle,
IN NTSTATUS ExitStatus
);
However - once you have the handle there is no reason not to use the
kernel32.dll SuspendThread() and TerminateThread()
The ultimative guide to the native api is Gary Nebbett’s book on the
subject.
- Ordinals will work. But I won’t recommend them - I wouldn’t bet on
them not changing between releases. How about using
ntdll.lib? Alternatively import them dynamically by name using
GetProcAddress() (This way your program will run on Win9x too -
although you won’t be able to use these functions).
regards,
Anders FOgh
Friday, March 30, 2001, 8:27:56 AM, you wrote:
MA> Hi guys,
MA> I have some questions regarding Native API for NT4.0.
MA> I have to get a thread handle from a thread id in user-mode and it seems
MA> imposible.
MA> (Even more than that, I have to control that thread, like
MA> suspend/resume/terminate)
MA> I’ve found in KB that yo can’t do such a thing on Win NT4.0 (altough you
can
MA> do it in
MA> Win2000 with OpenThread)
MA> So I ran into NtOpenThread:
MA> NTKERNELAPI NTSTATUS NtOpenThread (
MA> OUT PHANDLE ThreadHandle,
MA> IN ACCESS_MASK DesiredAccess,
MA> IN POBJECT_ATTRIBUTES ObjectAttributes,
MA> IN PCLIENT_ID ClientId OPTIONAL
MA> );
MA> And also I’ve discovered NtResumeThread, NtSuspendThread,
NtTerminateThread.
MA> Here are the questions (first it’s a stupid one but I wanna be sure):
MA> 1. Is any way to get in user-mode the handle for a thread from a given
MA> thread id?
MA> 2. Can I pass the thread handle from kernel-mode driver to user-mode
client
MA> using an IOCTL?
MA> 2. Where I can find the signatures for those APIs ?
MA> 3. How am I suppose to link to them? If I use ordinal number with a def
file
MA> is ok?
MA> Any help is needed cause I’m in a pretty desperate situation.
MA> Thanks in advance,
MA> Mircea Avram (xxxxx@platform.com)
MA> —
MA> You are currently subscribed to ntdev as: xxxxx@flaffer.com
MA> To unsubscribe send a blank email to leave-ntdev-$subst(‘Recip.MemberIDChar’)@lists.osr.com
–
Best regards,
Anders mailto:xxxxx@flaffer.com
You are currently subscribed to ntdev as: xxxxx@platform.com
To unsubscribe send a blank email to leave-ntdev-$subst(‘Recip.MemberIDChar’)@lists.osr.com
You are currently subscribed to ntdev as: $subst(‘Recip.EmailAddr’)
To unsubscribe send a blank email to leave-ntdev-$subst(‘Recip.MemberIDChar’)@lists.osr.com