waliedassar

ZwQueryInformationThread(ThreadAmILastThread)

Dec 14th, 2012
284
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. //http://waleedassar.blogspot.com
  2. //http://www.twitter.com/waleedassar
  3. //You can use this system call to determine if the running thread is the only thread in the current
  4. // or remote process.
  5. //I found the parameter being called "ThreadAmILastThread", but i prefer to call it "ThreadAmIOnlyThread"
  6. //since the function call returns TRUE if the thread is the only thread in its process.
  7. #include "stdafx.h"
  8. #include "windows.h"
  9. #include "stdio.h"
  10.  
  11.  
  12. #define ThreadAmILastThread    0xC
  13. #define ThreadAmIOnlyThread    0xC
  14.  
  15.  
  16. extern "C"
  17. {
  18. int __stdcall ZwSetInformationThread(HANDLE,unsigned long,unsigned long*,unsigned long);
  19. int __stdcall ZwQueryInformationThread(HANDLE,unsigned long,unsigned long*,unsigned long,unsigned long*);
  20. }
  21.  
  22.  
  23. void Wait()
  24. {
  25.     MessageBox(0,"Waliedassar","waliedassar",0);
  26.     //Sleep(INFINITE);
  27.     return;
  28. }
  29.  
  30.  
  31.  
  32. int main()
  33. {
  34.         //You can comment-out the following to see the difference.
  35.     /*unsigned long tid=0;
  36.     HANDLE hT=CreateThread(0,0x1000,(LPTHREAD_START_ROUTINE)(&Wait),0,0,&tid);
  37.     if(hT==0) return 0;
  38.     Sleep(1000);*/
  39.     unsigned long OnlyThread=0;
  40.     int ret=ZwQueryInformationThread(GetCurrentThread(),
  41.         ThreadAmILastThread,(unsigned long*)(&OnlyThread),0x4,0);
  42.     if(ret>=0) printf("Okay\r\n");
  43.     else       printf("Error %x\r\n",ret);
  44.     printf("Only Thread: is %s\r\n",(OnlyThread?"TRUE":"FALSE"));
  45.     return 0;
  46. }
RAW Paste Data