Search
Module:
Directory
Constants
Delegates
Enums
Interfaces
Structures

   Desktop Functions:
advapi32
avifil32
cards
cfgmgr32
comctl32
comdlg32
credui
crypt32
dbghelp
dbghlp
dbghlp32
dhcpsapi
difxapi
dmcl40
dnsapi
dtl
dwmapi
faultrep
fbwflib
fltlib
fwpuclnt
gdi32
gdiplus
getuname
glu32
glut32
gsapi
hhctrl
hid
hlink
httpapi
icmp
imm32
iphlpapi
iprop
irprops
kernel32
mapi32
MinCore
mpr
mqrt
mscorsn
msdelta
msdrm
msi
msports
msvcrt
ncrypt
netapi32
ntdll
ntdsapi
odbc32
odbccp32
ole32
oleacc
oleaut32
opengl32
pdh
powrprof
printui
propsys
psapi
pstorec
query
quickusb
rasapi32
rpcrt4
scarddlg
secur32
setupapi
shell32
shlwapi
twain_32
unicows
urlmon
user32
userenv
uxtheme
version
wer
wevtapi
winfax
winhttp
wininet
winmm
winscard
winspool
wintrust
winusb
wlanapi
ws2_32
wtsapi32
xolehlp
xpsprint

   Smart Device Functions:
aygshell
coredll
ipaqutil
rapi


Show Recent Changes
Subscribe (RSS)
Misc. Pages
Comments
FAQ
Helpful Tools
Playground
Suggested Reading
Website TODO List
Download Visual Studio Add-In
ZwCreateThreadEx (ntdll)
 
.
Summary
Undocumented API to create a thread in a the current or remote process

C# Signature:

[DllImport("ntdll.dll", SetLastError=true)]
static extern void ZwCreateThreadEx(ref IntPtr threadHandle, AccessMask desiredAccess, IntPtr objectAttributes, IntPtr processHandle, IntPtr startAddress, IntPtr parameter, bool inCreateSuspended, Int32 stackZeroBits, Int32 sizeOfStack, Int32 maximumStackSize, IntPtr attributeList);

Boo Signature:

[DllImport("ntdll.dll", SetLastError : true)]
def ZwCreateThreadEx(ref threadHandle as IntPtr, desiredAccess as AccessMask, objectAttributes as IntPtr, processHandle as IntPtr, startAddress as IntPtr, parameter as IntPtr, inCreateSuspended as bool, stackZeroBits as Int32, sizeOfStack as Int32, maximumStackSize as Int32, attributeList as IntPtr):
     pass

User-Defined Types:

enum AccessMask:
     DELETE = 0x00010000
     READ_CONTROL = 0x00020000
     WRITE_DAC = 0x00040000
     WRITE_OWNER = 0x00080000
     SYNCHRONIZE = 0x00100000

     STANDARD_RIGHTS_REQUIRED = 0x000F0000

     STANDARD_RIGHTS_READ = 0x00020000
     STANDARD_RIGHTS_WRITE = 0x00020000
     STANDARD_RIGHTS_EXECUTE = 0x00020000

     STANDARD_RIGHTS_ALL = 0x001F0000

     SPECIFIC_RIGHTS_ALL = 0x0000FFFF

     ACCESS_SYSTEM_SECURITY = 0x01000000

     MAXIMUM_ALLOWED = 0x02000000

     GENERIC_READ = 0x80000000
     GENERIC_WRITE = 0x40000000
     GENERIC_EXECUTE = 0x20000000
     GENERIC_ALL = 0x10000000

     DESKTOP_READOBJECTS = 0x00000001
     DESKTOP_CREATEWINDOW = 0x00000002
     DESKTOP_CREATEMENU = 0x00000004
     DESKTOP_HOOKCONTROL = 0x00000008
     DESKTOP_JOURNALRECORD = 0x00000010
     DESKTOP_JOURNALPLAYBACK = 0x00000020
     DESKTOP_ENUMERATE = 0x00000040
     DESKTOP_WRITEOBJECTS = 0x00000080
     DESKTOP_SWITCHDESKTOP = 0x00000100

     WINSTA_ENUMDESKTOPS = 0x00000001
     WINSTA_READATTRIBUTES = 0x00000002
     WINSTA_ACCESSCLIPBOARD = 0x00000004
     WINSTA_CREATEDESKTOP = 0x00000008
     WINSTA_WRITEATTRIBUTES = 0x00000010
     WINSTA_ACCESSGLOBALATOMS = 0x00000020
     WINSTA_EXITWINDOWS = 0x00000040
     WINSTA_ENUMERATE = 0x00000100
     WINSTA_READSCREEN = 0x00000200

     WINSTA_ALL_ACCESS = 0x0000037F

Alternative Managed API:

Do you know one? Please contribute it!

Notes:

None.

Tips & Tricks:

Please add some!

Sample Code:

Please add some!

Documentation
ZwCreateThreadEx on MSDN

Please edit this page!

Do you have...

  • helpful tips or sample code to share for using this API in managed code?
  • corrections to the existing content?
  • variations of the signature you want to share?
  • additional languages you want to include?

Select "Edit This Page" on the right hand toolbar and edit it! Or add new pages containing supporting types needed for this API (structures, delegates, and more).

 
Access PInvoke.net directly from VS:
Terms of Use
Edit This Page
Find References
Show Printable Version
Revisions