Process Hacker Discussion Forum

 
master131
New User
Posts: 2
Joined: 09 Oct 2012 05:37

Checking if a thread is alertable.

09 Oct 2012 05:49

I wanted to ask here since it specialises in Windows Internals and I couldn't find any information about this anywhere else. Anyway, I was wondering if it was possible to check if a thread is alertable in user-mode with its ID or handle. I've tried searching everywhere on the internet and was able to find a reference to a field named UserApcPending in some struct but I think that only exists in kernel mode. The reason for this is I want to queue a user-mode APC on a thread that can actually execute it.

Any ideas?
 
User avatar
wj32
Founder
Posts: 948
Joined: 17 Jan 2011 05:19
OS: Windows
Contact:

Re: Checking if a thread is alertable.

14 Oct 2012 00:29

I don't think there's any way of doing this. APCs are not supposed to be used in this way.
 
User avatar
dmex
Admin
Posts: 1681
Joined: 17 Jan 2011 05:43

Re: Checking if a thread is alertable.

14 Oct 2012 04:09

master131 wrote:
The reason for this is I want to queue a user-mode APC on a thread that can actually execute it.

Any ideas?
User-mode APCs require the target thread to be in an alertable wait state. A thread enters such a state by calling one of the system functions NtWaitForSingleObject, NtWaitForMultipleObjects or NtDelayExecution and specifying the wait as "alertable", Alternatively, a user thread can cause user-mode APCs to be delivered to it by calling the undocumented alert-test service NtAlertThread.

If you're trying to queue an APC into a separate process that doesn't have any alertable threads you'll have to CreateRemoteThread at the address of one of the above functions.
 
master131
New User
Posts: 2
Joined: 09 Oct 2012 05:37

Re: Checking if a thread is alertable.

15 Oct 2012 04:54

If you're trying to queue an APC into a separate process that doesn't have any alertable threads you'll have to CreateRemoteThread at the address of one of the above functions.
Yes, I'm aware of that. I was just trying to come up with an alternative to using CreateRemoteThread.