Parent Proc ID Or Thread ID From Thread Handle

Parent Proc ID Or Thread ID From Thread Handle

Post by Sonic. » Wed, 17 Sep 2008 19:11:16


Hello,

I have been working on an application that hooks ZwSuspendThread And
ZwSuspendProcess to protect my module from being suspended by any
outer code.

Now in case of ZwSuspendThread, the ThreadHandle I'm receiving i need
to obtain the Thread ID for that handle. I tried using
NtQueryInformationThread with ThreadBasicnformationbut it returned me
ACCESS_DENIED.

This could possible be since the ThreadHandle might not be having
enough rights(THREAD_QUERY_INFORMATION) or is it for some other
reason.

Can anyone please suggest me where i'm going wrong.

Thanks in advance
Sonic