76 #endif // _WINTHREAD_H_
INTSTATUS IntWinThrGetCurrentStackBaseAndLimit(QWORD *TibBase, QWORD *StackBase, QWORD *StackLimit)
Obtains the stack base, stack limit and TIB address of the current thread.
INTSTATUS IntWinThrGetCurrentTib(IG_CS_RING CurrentRing, IG_CS_TYPE CsType, QWORD *Tib)
Obtain the TIB (Thread Information Block) of the thread running on the current CPU.
INTSTATUS IntWinThrGetCurrentThread(DWORD CpuNumber, QWORD *EthreadAddress)
Get the ETHREAD structure address of the thread currently running on the given CPU.
INTSTATUS IntWinThrHandleQueueApc(void *Detour)
Handles a NtQueueApcThreadEx call - blocking process injections.Asynchronous Procedure Call (APC) inj...
int INTSTATUS
The status data type.
IG_CS_RING
The current protection level.
INTSTATUS IntWinThrHandleThreadHijack(void *Detour)
Handles a SetContextThread call - blocking thread hijacking.Thread hijacking (amongst others) is an a...
IG_CS_TYPE
The type of the code segment.
INTSTATUS IntWinThrPatchThreadHijackHandler(QWORD FunctionAddress, void *Handler, QWORD HandlerAddress)
This functions is responsible for patching the detour that handles the "PspSetContextThreadInternal"...
QWORD Cr3
Process PDBR. Includes PCID.
INTSTATUS(* PFUNC_IterateListCallback)(QWORD Node, QWORD Aux)
INTSTATUS IntWinThrGetUmStackBaseAndLimitFromTib(QWORD Tib, IG_CS_TYPE CsType, QWORD Cr3, QWORD *StackBase, QWORD *StackLimit)
Obtains the user mode stack base and stack limit values.
INTSTATUS IntWinThrIterateThreads(QWORD Eprocess, PFUNC_IterateListCallback Callback, QWORD Aux)
Iterate all the threads of the given process and invoke the callback for each one of them...
INTSTATUS IntWinThrPrepareApcHandler(QWORD FunctionAddress, void *Handler, QWORD HandlerAddress)
This functions is responsible for patching the detour that handles the "NtQueueApcThreadEx".This function is invoked every time "NtQueueApcThreadEx" is called (and APC has been queued) but before the actual handler IntWinThrHandleQueueApc, its purpose being to modify the hook code (see winhkhnd.h).
1.8.13