```html Thread Information - Windows API Reference

Thread Information

Kernel-User Base | System Info

Thread Information

The NtQueryInformationThread function retrieves information about a thread. This function is used to obtain various attributes of a thread, such as its priority, state, and the stack pointer.

Function:
NtQueryInformationThread
Synopsis:
NTSTATUS NTAPI NtQueryInformationThread( HANDLE ThreadHandle, DWORD Level, PVOID Reference, SIZE_T Size, PVOID* Attributes)
Parameters:
  • ThreadHandle: A handle to the thread whose information is to be retrieved.
  • Level: Specifies the type of information to retrieve. See the following list for valid levels.
  • Reference: A pointer to a buffer where the retrieved information is stored.
  • Size: The size, in bytes, of the Reference buffer.
  • Attributes: A pointer to a pointer to a buffer where the thread's attributes are stored.
Return Value:
The function returns an NTSTATUS value indicating the success or failure of the operation.
Valid Levels:
  • ThreadState (0) - Retrieves the thread's state.
  • ThreadPriority (1) - Retrieves the thread's priority.
  • ThreadContext (2) - Retrieves the thread's context.
  • ThreadYieldValue (3) - Retrieves the thread's yield value.
  • ThreadWaitReason (4) - Retrieves the thread's wait reason.
  • ThreadInformationFee (5) - Retrieves the thread's information fee.
  • ThreadPoppedStackPointer (6) - Retrieves the thread's popped stack pointer.
Related Functions:
  • NtCreateThreadEx
  • NtTerminateThread

Example Usage:


      DWORD dwThreadAttributes[THREAD_ATTRIBUTE_MAX];
      NTSTATUS ntStatus = NtQueryInformationThread(
          ThreadHandle,
          ThreadState,
          &dwThreadAttributes,
          sizeof(dwThreadAttributes),
          NULL);

      if (ntStatus == STATUS_SUCCESS) {
          // Process thread state information
      }

For further information, please refer to the official documentation.

```