Undocumented functions of NTDLL

2OO2, 18 March


Gridstore - NonStop Storage

SYSTEM_THREAD
SYSTEM_THREAD

typedef struct _SYSTEM_THREAD {


  LARGE_INTEGER           KernelTime;
  LARGE_INTEGER           UserTime;
  LARGE_INTEGER           CreateTime;
  ULONG                   WaitTime;
  PVOID                   StartAddress;
  CLIENT_ID               ClientId;
  KPRIORITY               Priority;
  LONG                    BasePriority;
  ULONG                   ContextSwitchCount;
  ULONG                   State;
  KWAIT_REASON            WaitReason;


} SYSTEM_THREAD, *PSYSTEM_THREAD;



Structure SYSTEM_THREAD is a part of SYSTEM_PROCESS_INFORMATION structure avaiable by NtQuerySystemInformation with SystemProcessInformation enumeration type.



  • KernelTime
    •      Sum of thread's execution time in KernelMode, in native format.
  • UserTime
    •      Sum of thread's execution time in UserMode, in native format.
  • CreateTime
    •      Time of thread creation, in native format.
  • WaitTime
    •      Sum of thread's waiting time, in native format.
  • StartAddress
    •      Thread start address.
  • ClientId
    •      Process and thread identyficators.
  • Priority
    •      Thread prioryty.
  • BasePriority
    •      Thread base prioryty.
  • ContextSwitchCount
    •      Number of context switches executed by thread.
  • State
    •      Current thread's state.
  • WaitReason
    •      Reason for waiting (if any).


    Documented by:
    Tomasz Nowak



    Requirements:
    Library: ntdll.lib


    See also:
    NtQuerySystemInformation
    SYSTEM_PROCESS_INFORMATION