"Carroll Vance" ovencleaner@gmail.com wrote:

I have implemented PsCreateSystemThread in ntoskrnl.exe. This API i have found used by programs like nProtect gameguard, and is a pretty commonly used kernel api. This either ends up calling CreateThread or CreateRemoteThread depending on if a process handle was provided.

You can call CreateRemoteThread without any checks for the process handle.

This is my first patch, I read over the dev docs and patch format, I hope I did not miss anything. I have tested this with a driver I made and it seemed to work fine.

Your patch mixes tabs and spaces on the same line, that makes formatting messy. Also if you could add spaces around '!=' and '==' in if statements that would make the code slightly more readable.