When I try to get a thread object pointer by means of using
PslookupThreadByThreadID I get an error (0xC000000D) when the thread is
just being created.
The error is a default default error prepared by PsLookupThreadByThreadID
and it happens whenever there is something wrong with the thread ID (for
example if the handle is not from a thread).
When a thread is just being created the error happens because the field
located at address 0x244 on the thread object is zero. It seems that it
wants to find there something that is other than zero.
I would tell that this address contains access flags or something. If it is
zero the request is invalid.
This happens for example when one is called on a ThreadNotificationRoutine,
an optional function that you can set to be called after a thread is created.
Ironically the thread object do exist but you cannot get the pointer using
PsLookupThreadByThreadID because that field is zero.
What is the meaning of that field ? On the other hand, is there other way
to get the thread object pointer that might work in this case ?
in what version of windows are you seeing this fault?
-p
-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Inaki Castillo
Sent: Thursday, October 23, 2003 8:43 AM
To: Windows System Software Devs Interest List
Subject: [ntdev] What is at Kernel Thread Object - Offset 0x244
When I try to get a thread object pointer by means of using
PslookupThreadByThreadID I get an error (0xC000000D) when the thread is
just being created.
The error is a default default error prepared by
PsLookupThreadByThreadID and it happens whenever there is something
wrong with the thread ID (for example if the handle is not from a
thread).
When a thread is just being created the error happens because the field
located at address 0x244 on the thread object is zero. It seems that it
wants to find there something that is other than zero.
I would tell that this address contains access flags or something. If it
is zero the request is invalid.
This happens for example when one is called on a
ThreadNotificationRoutine, an optional function that you can set to be
called after a thread is created.
Ironically the thread object do exist but you cannot get the pointer
using PsLookupThreadByThreadID because that field is zero.
What is the meaning of that field ? On the other hand, is there other
way to get the thread object pointer that might work in this case ?
Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256
You are currently subscribed to ntdev as: xxxxx@microsoft.com
To unsubscribe send a blank email to xxxxx@lists.osr.com
The error happens under Windows XP(SP1).
At 09:13 23/10/2003 -0700, you wrote:
in what version of windows are you seeing this fault?
-p
-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Inaki Castillo
Sent: Thursday, October 23, 2003 8:43 AM
To: Windows System Software Devs Interest List
Subject: [ntdev] What is at Kernel Thread Object - Offset 0x244
When I try to get a thread object pointer by means of using
PslookupThreadByThreadID I get an error (0xC000000D) when the thread is
just being created.
The error is a default default error prepared by
PsLookupThreadByThreadID and it happens whenever there is something
wrong with the thread ID (for example if the handle is not from a
thread).
When a thread is just being created the error happens because the field
located at address 0x244 on the thread object is zero. It seems that it
wants to find there something that is other than zero.
I would tell that this address contains access flags or something. If it
is zero the request is invalid.
This happens for example when one is called on a
ThreadNotificationRoutine, an optional function that you can set to be
called after a thread is created.
Ironically the thread object do exist but you cannot get the pointer
using PsLookupThreadByThreadID because that field is zero.
What is the meaning of that field ? On the other hand, is there other
way to get the thread object pointer that might work in this case ?
Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256
You are currently subscribed to ntdev as: xxxxx@microsoft.com
To unsubscribe send a blank email to xxxxx@lists.osr.com
Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256
You are currently subscribed to ntdev as: xxxxx@inakicastillo.com
To unsubscribe send a blank email to xxxxx@lists.osr.com
By the way, the behaviour is the same under W2000 except the offset is
0x228 instead of 0x244.
At 18:54 23/10/2003 +0200, you wrote:
The error happens under Windows XP(SP1).
At 09:13 23/10/2003 -0700, you wrote:
>in what version of windows are you seeing this fault?
>
>-p
>
>-----Original Message-----
>From: xxxxx@lists.osr.com
>[mailto:xxxxx@lists.osr.com] On Behalf Of Inaki Castillo
>Sent: Thursday, October 23, 2003 8:43 AM
>To: Windows System Software Devs Interest List
>Subject: [ntdev] What is at Kernel Thread Object - Offset 0x244
>
>
>When I try to get a thread object pointer by means of using
>PslookupThreadByThreadID I get an error (0xC000000D) when the thread is
>just being created.
>
>The error is a default default error prepared by
>PsLookupThreadByThreadID and it happens whenever there is something
>wrong with the thread ID (for example if the handle is not from a
>thread).
>When a thread is just being created the error happens because the field
>located at address 0x244 on the thread object is zero. It seems that it
>wants to find there something that is other than zero.
>I would tell that this address contains access flags or something. If it
>is zero the request is invalid.
>
>This happens for example when one is called on a
>ThreadNotificationRoutine, an optional function that you can set to be
>called after a thread is created.
>Ironically the thread object do exist but you cannot get the pointer
>using PsLookupThreadByThreadID because that field is zero.
>
>What is the meaning of that field ? On the other hand, is there other
>way to get the thread object pointer that might work in this case ?
>
>
>
>
>—
>Questions? First check the Kernel Driver FAQ at
>http://www.osronline.com/article.cfm?id=256
>
>You are currently subscribed to ntdev as: xxxxx@microsoft.com
>To unsubscribe send a blank email to xxxxx@lists.osr.com
>
>—
>Questions? First check the Kernel Driver FAQ at
>http://www.osronline.com/article.cfm?id=256
>
>You are currently subscribed to ntdev as: xxxxx@inakicastillo.com
>To unsubscribe send a blank email to xxxxx@lists.osr.com
Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256
You are currently subscribed to ntdev as: xxxxx@inakicastillo.com
To unsubscribe send a blank email to xxxxx@lists.osr.com