|
阅读:3965回复:1
关于 PsCreateSystemThread
PsCreateSystemThread 的功能是不是启动一个线程?
参数是什么呢? |
|
|
沙发#
发布于:2007-07-13 13:05
启动一个系统线程.
NTSTATUS PsCreateSystemThread( OUT PHANDLE ThreadHandle, IN ULONG DesiredAccess, IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL, IN HANDLE ProcessHandle OPTIONAL, OUT PCLIENT_ID ClientId OPTIONAL, IN PKSTART_ROUTINE StartRoutine, IN PVOID StartContext ); Parameters ThreadHandle Points to a variable that will receive the handle. The driver must close the handle with ZwClose once the handle is no longer in use. DesiredAccess Specifies the ACCESS_MASK value that represents the requested types of access to the created thread. This value can be THREAD_ALL_ACCESS or (ACCESS_MASK) 0L for a driver-created thread. ObjectAttributes Points to a structure that specifies the object’s attributes. OBJ_PERMANENT, OBJ_EXCLUSIVE, and OBJ_OPENIF are not valid attributes for a thread object. On Windows XP and later operating systems, if the caller is not running in the system process context, it must set the OBJ_KERNEL_HANDLE attribute for ObjectAttributes. Drivers for Windows 2000 and Windows 98/Me must only call PsCreateSystemThread from the system process context. ProcessHandle Specifies an open handle for the process in whose address space the thread is to be run. The caller’s thread must have PROCESS_CREATE_THREAD access to this process. If this parameter is not supplied, the thread will be created in the initial system process. This value should be NULL for a driver-created thread. Use the NtCurrentProcess macro to specify the current process. ClientId Points to a structure that receives the client identifier of the new thread. This value should be NULL for a driver-created thread. StartRoutine Is the entry point for a driver thread. StartContext Supplies a single argument passed to the thread when it begins execution. Return Value PsCreateSystemThread returns STATUS_SUCCESS if the thread was created. |
|
