suspending non driver thread

#10059 by madaboo
Thu Dec 01, 2011 1:34 pm

Hi,

Assuming that one driver has created its own thread: (two variants : work item and by psCreateSystemThread) is it possible to suspend this thread from another driver?

Thanks

Username

madaboo

Posts

41

Joined

Sun Aug 21, 2011 8:32 am

Re: suspending non driver thread

#10063 by Cr4sh
Thu Dec 01, 2011 4:47 pm

Don't really shure, but you can try to send APC to your thread.

madaboo wrote:Hi,

Assuming that one driver has created its own thread: (two variants : work item and by psCreateSystemThread) is it possible to suspend this thread from another driver?

Thanks

http://blog.cr4.sh/

Username

Cr4sh

Posts

77

Joined

Sun Mar 14, 2010 6:07 pm

Re: suspending non driver thread

#10065 by Dmitry Varshavsky
Thu Dec 01, 2011 7:41 pm

madaboo wrote:Hi,

Assuming that one driver has created its own thread: (two variants : work item and by psCreateSystemThread) is it possible to suspend this thread from another driver?

Thanks

There is no documented solution for this, but it's still possible:
1) NtSuspendThread - non-exported, but present in SSDT
2) PsSuspendThread / KeSuspendThread - lower level, also non-exported
3) Manual scheduling of ETHREAD.SuspendAPC with respect to system synchronization primitives

Username

Dmitry Varshavsky

Posts

42

Joined

Fri Jul 15, 2011 1:49 pm