NTSTATUS
PsCreateSystemThread(
OUT PHANDLE ThreadHandle,
IN ACCESS_MASK DesiredAccess,
IN POBJECT_ATTRIBUTES ObjectAttributes,/* optional */
IN HANDLE ProcessHandle,/* optional */
OUT PCLIENT_ID ClientId,/* optional */
IN PKSTART_ROUTINE StartRoutine,
IN PVOID StartContext
);
PsCreateSystemThread creates a system thread that executes in kernel mode and returns a handle for the thread.
Parameters
ThreadHandle
Points to a variable that will receive the handle.
DesiredAccess
Specifies the requested types of access to the created thread. This value can be THREAD_ALL_ACCESS or (ACCESS_MASK) 0L for a driver-created thread.
ObjectAttributes
Points to a structure that specifies the object’s attributes. OBJ_PERMANENT, OBJ_EXCLUSIVE, OBJ_OPEN_IF, and OBJ_OPEN_LINK are not valid attributes for a thread object. This value should be NULL for a driver-created thread.
ProcessHandle
Specifies an open handle for the process in whose address space the thread is to be run. The caller’s thread must have PROCESS_CREATE_THREAD access to this process. If this parameter is not supplied, the thread will be created in the initial system process. This value should be NULL for a driver-created thread.
ClientId
Points to a structure that receives the client identifier of the new thread. This value should be NULL for a driver-created thread.
StartRoutine
Is the entry point for a driver thread.
StartContext
Supplies a single argument passed to the thread when it begins execution.
Return Value
PsCreateSystemThread returns STATUS_SUCCESS if the thread was created.
Comments
Drivers that create device-dedicated threads call this routine, either when they initialize or when I/O requests begin to come in to such a driver’s Dispatch routines. For example, a driver might create such a thread when it receives an asynchronous device control request.
PsCreateSystemThread creates a kernel-mode thread that begins a separate thread of execution within the system. Such a system thread has no TEB or user-mode context and runs only in kernel mode.
If the input ProcessHandle is NULL, the created thread is associated with the system process. Such a thread continues running until either the system is shut down or the thread terminates itself by calling PsTerminateSystemThread.
Callers of this routine must be running at IRQL PASSIVE_LEVEL.
See Also
KeSetBasePriorityThread, KeSetPriorityThread, PsTerminateSystemThread, ZwSetInformationThread