PsCreateSystemThread

NTSTATUS
    PsCreateSystemThread(
        OUT PHANDLE  ThreadHandle,
        IN ACCESS_MASK  DesiredAccess,
        IN POBJECT_ATTRIBUTES  ObjectAttributes,        /* optional */
        IN HANDLE  ProcessHandle,                /* optional */
        OUT PCLIENT_ID  ClientId,                    /* optional */
        IN PKSTART_ROUTINE  StartRoutine,
        IN PVOID  StartContext
        );

PsCreateSystemThread creates a system thread that executes in kernel mode and returns a handle for the thread.

Parameters

ThreadHandle

Points to a variable that will receive the handle.

DesiredAccess

Specifies the requested types of access to the created thread. This value can be THREAD_ALL_ACCESS or (ACCESS_MASK) 0L for a driver-created thread.

ObjectAttributes

Points to a structure that specifies the object’s attributes. OBJ_PERMANENT, OBJ_EXCLUSIVE, OBJ_OPEN_IF, and OBJ_OPEN_LINK are not valid attributes for a thread object. This value should be NULL for a driver-created thread.

ProcessHandle

Specifies an open handle for the process in whose address space the thread is to be run. The caller’s thread must have PROCESS_CREATE_THREAD access to this process. If this parameter is not supplied, the thread will be created in the initial system process. This value should be NULL for a driver-created thread.

ClientId

Points to a structure that receives the client identifier of the new thread. This value should be NULL for a driver-created thread.

StartRoutine

Is the entry point for a driver thread.

StartContext

Supplies a single argument passed to the thread when it begins execution.

Return Value

PsCreateSystemThread returns STATUS_SUCCESS if the thread was created.

Comments

Drivers that create device-dedicated threads call this routine, either when they initialize or when I/O requests begin to come in to such a driver’s Dispatch routines. For example, a driver might create such a thread when it receives an asynchronous device control request.

PsCreateSystemThread creates a kernel-mode thread that begins a separate thread of execution within the system. Such a system thread has no TEB or user-mode context and runs only in kernel mode.

If the input ProcessHandle is NULL, the created thread is associated with the system process. Such a thread continues running until either the system is shut down or the thread terminates itself by calling PsTerminateSystemThread.

Callers of this routine must be running at IRQL PASSIVE_LEVEL.

See Also

KeSetBasePriorityThread, KeSetPriorityThread, PsTerminateSystemThread, ZwSetInformationThread