Thread IDs

NTDEV
1

Does anybody know how thread IDs are generated? I’d like to know the maximal TID I can expect under normal conditions. On XP (SP0, SMP kernel) it seems TIDs fall to 0 - 0xfff range.

Note I need it for debugging purposes only and don’t intend to use any assumption about TIDs in production code. Also, even debugging code won’t crash if the assumptions fails. What I need is something reasonable which works in about 90% of cases under normal conditions.

Best regards,

Michal Vodicka
UPEK, Inc.
[xxxxx@upek.com, http:://www.upek.com]

2

IIRC they are handles in System process handle table.

Maxim Shatskih, Windows DDK MVP
StorageCraft Corporation
xxxxx@storagecraft.com
http://www.storagecraft.com

----- Original Message -----
From: “Michal Vodicka”
To: “Windows System Software Devs Interest List”
Sent: Friday, April 23, 2004 12:02 AM
Subject: [ntdev] Thread IDs

> Does anybody know how thread IDs are generated? I’d like to know the maximal
TID I can expect under normal conditions. On XP (SP0, SMP kernel) it seems TIDs
fall to 0 - 0xfff range.
>
> Note I need it for debugging purposes only and don’t intend to use any
assumption about TIDs in production code. Also, even debugging code won’t crash
if the assumptions fails. What I need is something reasonable which works in
about 90% of cases under normal conditions.
>
> Best regards,
>
> Michal Vodicka
> UPEK, Inc.
> [xxxxx@upek.com, http:://www.upek.com]
>
>
> —
> Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256
>
> You are currently subscribed to ntdev as: xxxxx@storagecraft.com
> To unsubscribe send a blank email to xxxxx@lists.osr.com
>

3

It doesn’t seem so. At least on XP; I have free entries on valid TIDs in system handle table and there are thread handles with different TIDs.

BTW, both SoftICE and WinDbg failed to display all necessary info. SI isn’t able to find new handle table and WinDbg isn’t able to identify valid thread object. The only tools which display valid info are from System Internals.

Best regards,

Michal Vodicka
UPEK, Inc.
[xxxxx@upek.com, http:://www.upek.com]

From: xxxxx@lists.osr.com[SMTP:xxxxx@lists.osr.com] on behalf of Maxim S. Shatskih[SMTP:xxxxx@storagecraft.com]
Reply To: Windows System Software Devs Interest List
Sent: Thursday, April 22, 2004 10:27 PM
To: Windows System Software Devs Interest List
Subject: Re: [ntdev] Thread IDs

IIRC they are handles in System process handle table.

Maxim Shatskih, Windows DDK MVP
StorageCraft Corporation
xxxxx@storagecraft.com
http://www.storagecraft.com

----- Original Message -----
From: “Michal Vodicka”
> To: “Windows System Software Devs Interest List”
> Sent: Friday, April 23, 2004 12:02 AM
> Subject: [ntdev] Thread IDs
>
>
> > Does anybody know how thread IDs are generated? I’d like to know the maximal
> TID I can expect under normal conditions. On XP (SP0, SMP kernel) it seems TIDs
> fall to 0 - 0xfff range.
> >
> > Note I need it for debugging purposes only and don’t intend to use any
> assumption about TIDs in production code. Also, even debugging code won’t crash
> if the assumptions fails. What I need is something reasonable which works in
> about 90% of cases under normal conditions.
> >
> > Best regards,
> >
> > Michal Vodicka
> > UPEK, Inc.
> > [xxxxx@upek.com, http:://www.upek.com]
> >
> >
> > —
> > Questions? First check the Kernel Driver FAQ at
> http://www.osronline.com/article.cfm?id=256
> >
> > You are currently subscribed to ntdev as: xxxxx@storagecraft.com
> > To unsubscribe send a blank email to xxxxx@lists.osr.com
> >
>
>
> —
> Questions? First check the Kernel Driver FAQ at http://www.osronline.com/article.cfm?id=256
>
> You are currently subscribed to ntdev as: xxxxx@upek.com
> To unsubscribe send a blank email to xxxxx@lists.osr.com
>

4

If you trace into the PsLookupThreadByThreadId routine, you’d notice a call
to ExMapHandleToPointer function. This function is used to lookup an object
referenced by handle in handle table. What it means is that Thread ID is
actually a handle into global handle table (PspCidTable on Windows 2000
SP0). And that’s why TID is often defined as HANDLE in headers. This might
also mean that TIDs are allocated using the same rules as allocating any
other handle. OS kernel uses only 24 bits (this might be extended on 64-bit
platforms) for handle value reserving the rest of bits for handle flags
(‘kernel handle’ flag is one of them).

–htfv

“Michal Vodicka” wrote in message
news:xxxxx@ntdev…
Does anybody know how thread IDs are generated? I’d like to know the maximal
TID I can expect under normal conditions. On XP (SP0, SMP kernel) it seems
TIDs fall to 0 - 0xfff range.

Note I need it for debugging purposes only and don’t intend to use any
assumption about TIDs in production code. Also, even debugging code won’t
crash if the assumptions fails. What I need is something reasonable which
works in about 90% of cases under normal conditions.

Best regards,

Michal Vodicka
UPEK, Inc.
[xxxxx@upek.com, http:://www.upek.com]

5

Thanks, good pointer. It seems PspCidTable (at XP) is a special handle table for both PIDs and TIDs. On my computer its size is 0x1000 entries which matches my previous observation. There are many free ones so it seems until there is a lot of processes and thread, my assumption about range may work. Yes, it seems the same routine is used for TID/handle creation as for other handles.

Best regards,

Michal Vodicka
UPEK, Inc.
[xxxxx@upek.com, http:://www.upek.com]

From: xxxxx@lists.osr.com[SMTP:xxxxx@lists.osr.com] on behalf of Alexey Logachyov[SMTP:xxxxx@vba.com.by]
Reply To: Windows System Software Devs Interest List
Sent: Monday, April 26, 2004 10:20 AM
To: Windows System Software Devs Interest List
Subject: Re:[ntdev] Thread IDs

If you trace into the PsLookupThreadByThreadId routine, you’d notice a call
to ExMapHandleToPointer function. This function is used to lookup an object
referenced by handle in handle table. What it means is that Thread ID is
actually a handle into global handle table (PspCidTable on Windows 2000
SP0). And that’s why TID is often defined as HANDLE in headers. This might
also mean that TIDs are allocated using the same rules as allocating any
other handle. OS kernel uses only 24 bits (this might be extended on 64-bit
platforms) for handle value reserving the rest of bits for handle flags
(‘kernel handle’ flag is one of them).

–htfv

“Michal Vodicka” wrote in message
> news:xxxxx@ntdev…
> Does anybody know how thread IDs are generated? I’d like to know the maximal
> TID I can expect under normal conditions. On XP (SP0, SMP kernel) it seems
> TIDs fall to 0 - 0xfff range.
>
> Note I need it for debugging purposes only and don’t intend to use any
> assumption about TIDs in production code. Also, even debugging code won’t
> crash if the assumptions fails. What I need is something reasonable which
> works in about 90% of cases under normal conditions.
>
> Best regards,
>
> Michal Vodicka
> UPEK, Inc.
> [xxxxx@upek.com, http:://www.upek.com]
>
>
>
>
> —
> Questions? First check the Kernel Driver FAQ at http://www.osronline.com/article.cfm?id=256
>
> You are currently subscribed to ntdev as: xxxxx@upek.com
> To unsubscribe send a blank email to xxxxx@lists.osr.com
>