On Tue, Apr 9, 2019 at 7:34 PM Zebediah Figura <z.figura12(a)gmail.com> wrote:
On 04/09/2019 02:29 PM, Derek Lesho wrote:
Signed-off-by: Derek Lesho <dereklesho52(a)Gmail.com> --- dlls/ntoskrnl.exe/ntoskrnl.c | 20 ++++++++++++++++++++ dlls/ntoskrnl.exe/ntoskrnl.exe.spec | 2 +- 2 files changed, 21 insertions(+), 1 deletion(-)
diff --git a/dlls/ntoskrnl.exe/ntoskrnl.c b/dlls/ntoskrnl.exe/ntoskrnl.c index f5dee07e2f..770bdfd4fa 100644 --- a/dlls/ntoskrnl.exe/ntoskrnl.c +++ b/dlls/ntoskrnl.exe/ntoskrnl.c @@ -3245,6 +3245,26 @@ NTSTATUS WINAPI PsLookupProcessByProcessId(HANDLE processid, PEPROCESS *process) }
+/***************************************************** + * PsLookupThreadByThreadId (NTOSKRNL.EXE.@) + */ +NTSTATUS WINAPI PsLookupThreadByThreadId(HANDLE threadid, PETHREAD *thread) +{ + NTSTATUS status; + HANDLE hThread = OpenThread( THREAD_ALL_ACCESS, FALSE, HandleToUlong(threadid) ); + + if (!hThread) + return STATUS_INVALID_PARAMETER; + + status = kernel_object_from_handle( hThread, PsThreadType, (void**)thread ); + + ObReferenceObject( *thread ); + + NtClose( hThread ); + return status; +} + + /***************************************************** * IoSetThreadHardErrorMode (NTOSKRNL.EXE.@) */ diff --git a/dlls/ntoskrnl.exe/ntoskrnl.exe.spec b/dlls/ntoskrnl.exe/ntoskrnl.exe.spec index 43f47470a9..601506246e 100644 --- a/dlls/ntoskrnl.exe/ntoskrnl.exe.spec +++ b/dlls/ntoskrnl.exe/ntoskrnl.exe.spec @@ -913,7 +913,7 @@ @ stub PsJobType @ stdcall PsLookupProcessByProcessId(ptr ptr) @ stub PsLookupProcessThreadByCid -@ stub PsLookupThreadByThreadId +@ stdcall PsLookupThreadByThreadId(ptr ptr) @ extern PsProcessType @ stub PsReferenceImpersonationToken @ stub PsReferencePrimaryToken
Can we have tests for this function?
And while you're at it, can you add it to the public header?
Sure, will do. I Just based the return value on the MSDN, but I guess it doesn't hurt to check.