ntdll/NtQueryInformationThread.ps1
|
function NtQueryInformationThread { <# .SYNOPSIS Retrieves information about the specified thread. .DESCRIPTION .PARAMETER ThreadHandle .NOTES Author: Jared Atkinson (@jaredcatkinson) License: BSD 3-Clause Required Dependencies: None Optional Dependencies: None (func ntdll NtQueryInformationThread ([Int32]) @( [IntPtr], #_In_ HANDLE ThreadHandle, [Int32], #_In_ THREADINFOCLASS ThreadInformationClass, [IntPtr], #_Inout_ PVOID ThreadInformation, [Int32], #_In_ ULONG ThreadInformationLength, [IntPtr] #_Out_opt_ PULONG ReturnLength ) -EntryPoint NtQueryInformationThread) .LINK .EXAMPLE #> param ( [Parameter(Mandatory = $true)] [IntPtr] $ThreadHandle ) $buf = [System.Runtime.InteropServices.Marshal]::AllocHGlobal([IntPtr]::Size) $Success = $Ntdll::NtQueryInformationThread($ThreadHandle, 9, $buf, [IntPtr]::Size, [IntPtr]::Zero); $LastError = [Runtime.InteropServices.Marshal]::GetLastWin32Error() if(-not $Success) { Write-Debug "NtQueryInformationThread Error: $(([ComponentModel.Win32Exception] $LastError).Message)" } Write-Output ([System.Runtime.InteropServices.Marshal]::ReadIntPtr($buf)) } |