Hello
I'm currently trying to protect some processes by hooks, and I'm trying to forbid the OpenThread API with THREAD_TERMINATE for certain PIDs
Does anyone knows how I can retrieve the PID owner of a Thread (for filtering)?
I only got the TID (in ClientID) or the ETHREAD (with PsLookupThreadbyThreadID : http://msdn.microsoft.com/en-us/library ... 85%29.aspx)
NtOpenThread:
I'm currently trying to protect some processes by hooks, and I'm trying to forbid the OpenThread API with THREAD_TERMINATE for certain PIDs
Does anyone knows how I can retrieve the PID owner of a Thread (for filtering)?
I only got the TID (in ClientID) or the ETHREAD (with PsLookupThreadbyThreadID : http://msdn.microsoft.com/en-us/library ... 85%29.aspx)
NtOpenThread:
NTSTATUS NtOpenThread(
__out PHANDLE ThreadHandle,
__in ACCESS_MASK DesiredAccess,
__in POBJECT_ATTRIBUTES ObjectAttributes,
__in PCLIENT_ID ClientId
);
