Home/ Questions/Q 833171
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-15T04:28:31+00:00

I’m confusing about opening different threads with OpenThread Function and examining them with NtQueryInformationThread

  • 0

I’m confusing about opening different threads with OpenThread Function and examining them with NtQueryInformationThread native function .
I have no problem with NtQueryInformationThread & I can examine them finely.
the problem is I don’t know how to loop through different number of threads using OpenThread
(with SetDebugPrivilege Consideration) .
suppose we have different threads from number 5100 to 5200 & we want to examine them sequentially : for example 5100, 5101, 5102, 5103, 5104, 5105 … 5200 … .
I don’t know how to use OpenThread Function in delphi in right way … .
I’m using this syntax & I found it wrong : 

OpenThread(THREAD_ALL_ACCESS,false,(DWORD)5100)

.
if anyone could guide me how to use OpenThread though different number of threads it would be great .

thanks alot .

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    I’m not sure how’d you get threads with stricly sequential IDs, cause Windows doesn’t (have to) assing thread IDs in any pattern.
    If you want to loop through a set of threads, you’ll have to use the Tool Help API:

    1. call CreateToolhelp32Snapshot(TH32CS_SNAPTHREAD, 0) to get system state snapshot
    2. loop through the threads with Thread32First and Thread32Next and select the threads you want to work with (eg. by its process’ ID)
    3. use OpenThread with an appropriate access mask, eg. THREAD_QUERY_INFORMATION

      do NOT use THREAD_ALL_ACCESS unless you created the thread in the current process and you know exactly what you’re doing
      (restrain yourself to read-only access, if you touch threads of another process)
    4. do what you want to, eg. call NtQueryInformationThread
    5. don’t forget CloseHandle

    You have to handle the possibility of any of the threads terminating (and being replaced with a new thread with the same ID) as long as you don’t hold the threads handle.

    Edit (further clarification by request)
    The CreateToolhelp32Snapshot with dwFlags == TH32CS_SNAPTHREAD gives you a system-wide snapshot (the th32ProcessID argument is ignored in this case) of all threads existing in the moment, regardless of their state, and the THREADENTRY32 structure subsequently returned by Thread32[First|Next] contains the th32ThreadID and th32OwnerProcessID fields, which you can use to identify the thread.

    • 0