NtAlertResumeThread implementation

The place to bring up any design issues, or post your own creations

Moderator: Moderator Team

Post Reply
Posts: 1
Joined: Wed Jul 25, 2007 3:57 pm

NtAlertResumeThread implementation

Post by tcchiu »

Hello everyone:

There isn't much information about the native API NtAlertResumeThread. According to the documentation on NTInternals:

http://undocumented.ntinternals.net/Use ... hread.html
Difference between AlertResumeThread and ResumeThread it's the first one sets Thread Object to alerted state (so before thread will continue execution, all APC will be executed).
Does it mean that the subject thread will be preempted immediately and unconditionally to executed all queued user APCs?

I am looking for a *hack* to preempt a remote thread (in another process) to execute its queued user APCs immedately. I perfectly understand that the APC is not designed to be used in this way.

I run across the source code of ReactOS. I understand that ReactOS isn't a clone of Windows, but at least it behaves like a Windows. I'm interested in how NtAlertResumeThread is implemented in ReactOS. Maybe it help me understand how it works in Windows.

Here is my bare understanding of the source code.

In ReactOS, there isn't much work done in NtAlertResumeThread. Rather, it looks up the thread object from the handle, and passes it to KeAlertResumeThread. KeAlertResumeThread acquires the lock of the APC queue (not sure it's a kmode o umode APC queue), but I don't find the code which executes all the queued APCs.

Any idea?

Source of NtAlertResumeThread:
http://www.reactos.org/generated/doxyge ... te_8c.html

Source of KeAlertResumeThread:
http://www.reactos.org/generated/doxyge ... c.html#a28

Posts: 326
Joined: Tue Feb 06, 2007 9:57 pm
Location: Tornado Alley

Post by Reacter »

Kind of like tracing NtCreateProcess. I can't find PspCreateProcessEx, that is referenced from NtCreateProcessEx.
More ReactOS, please!

Post Reply

Who is online

Users browsing this forum: Semrush [Bot] and 1 guest