什么是PsCreateSystemThread介绍

PsCreateSystemThread routine \"创建系统线程\"例程

The PsCreateSystemThread routine creates a system thread that executes in kernel mode and returns a handle for the thread.

此PsCreateSystemThread 例程创建一个执行在内核模式的系统线程并返回此线程的句柄。

PsCreateSystemThreadSyntax 语法

C++

NTSTATUS PsCreateSystemThread(

_Out_PHANDLE ThreadHandle,

_In_ULONG DesiredAccess, //所需访问权限

_In_opt_POBJECT_ATTRIBUTES ObjectAttributes,

_In_opt_HANDLE ProcessHandle,

_Out_opt_PCLIENT_ID ClientId,

_In_PKSTART_ROUTINE StartRoutine,//线程中要执行的函数

_In_opt_PVOID StartContext//传递给上述要执行的函数的参数

);

PsCreateSystemThreadParameters

ThreadHandle线程句柄Points to a variable that will receive the handle. The driver must close the handle withZwCloseonce the handle is no longer in use. This handle is a kernel handle for WindowsVista and later versions of Windows. In earlier versions of Windows, the handle might not be a kernel handle.指向一个用于接收此句柄的变量。一旦此句柄 不再使用，驱动必须用ZwClose关闭此句柄。此句柄在WindowsVista 及以后版本的Windows系统中是内核句柄。在较早版本的Windows 里，此句柄不可以是内核句柄。

DesiredAccess所需访问权限Specifies theACCESS_MASKvalue that represents the requested types of access to the created thread.指定ACCESS_MASK值用于指明对所创建线程的存取权限要求。

ObjectAttributes对象属性Points to a structure that specifies the object\'s attributes. OBJ_PERMANENT, OBJ_EXCLUSIVE, and OBJ_OPENIF are not valid attributes for a thread object. On Windows XP and later versions of Windows, if the caller is not running in the system process context, it must set the OBJ_KERNEL_HANDLE attribute forObjectAttributes. Drivers for Microsoft Windows 2000 and Windows 98/Me must only callPsCreateSystemThreadfrom the system process context. For WindowsVista and later versions of Windows, the handle will be a kernel handle.指向一个结构，它指定对象的属性。OBJ_PERMANENT，OBJ_EXCLUSIVE，和OBJ_OPENIF不是线程对象的有效属性。在Windows XP和更高版本的Windows，如果对方不在系统进程的上下文中运行，它必须为ObjectAttributes设置OBJ_KERNEL_HANDLE属性。对微软的Windows 2000和Windows 98/Me的驱动必须只在系统进程上下文中调用PsCreateSystemThread。对于WindowsVista 及其后版本的WindowsVista，此句柄将是一个内核句柄。

ProcessHandle 进程句柄Specifies an open handle for the process in whose address space the thread is to be run. The caller\'s thread must have PROCESS_CREATE_THREAD access to this process. If this parameter is not supplied, the thread will be created in the initial system process. This value should beNULLfor a driver-created thread. Use theNtCurrentProcessmacro, defined in Ntddk.h, to specify the current process.指定“在其地址空间中运行线程的那个进程”的一个打开的句柄。调用者的线程必须对这个进程有process_create_thread访问权限。如果不提供此参数，则将在初始系统进程中创建线程。在为一个驱动程序创建的线程里，这个值应该是空的。可使用定义在ntddk.H中的NtCurrentProcess宏，来指定当前进程。

ClientId客户标识Points to a structure that receives the client identifier of the new thread. This value should beNULLfor a driver-created thread.指向用于“接收新线程的客户端标识符”的结构。在为一个驱动程序创建的线程里，这个值应该是空的。

StartRoutine开始例程The entry point for the newly created system thread. This parameter is a function pointer to aThreadStartroutine that receives a single argument, which is theStartContextparameter value supplied by the caller.新创建的系统线程的入口点。这个参数是一个函数指针，指向能接收一个参数的ThreadStart例程，参数值是由调用者提供的startcontext参数。

StartContext开始语境Supplies a single argument that is passed to the thread when it begins execution.当本函数（PsCreateSystemThread）开始执行时，提供一个单独的参数传递给所创建的线程。

PsCreateSystemThreadReturn value 返回值

PsCreateSystemThreadreturns STATUS_SUCCESS if the thread was created.

PsCreateSystemThread如果成功创建线程则返回STATUS_SUCCESS.

PsCreateSystemThreadRemarks 备注

Drivers that create device-dedicated threads call this routine, either when they initialize or when I/O requests begin to come in to such a driver\'s Dispatch routines. For example, a driver might create such a thread when it receives an asynchronous device control request.

创建设备专用线程的驱动程序调用这个例程，或者当它们初始化时或当I/O请求开始出现在诸如一个驱动程序的调度程序中时。例如，当接收到异步设备控制请求时，可能会创建这样一个线程。

PsCreateSystemThreadcreates a kernel-mode thread that begins a separate thread of execution within the system. Such a system thread has no TEB or user-mode context and runs only in kernel mode.

PsCreateSystemThread创建一个内核线程，在系统中以单独线程形式进行执行。这样的一个系统线程没有TEB或用户模式并且只在内核模式下运行。

If the inputProcessHandleisNULL, the created thread is associated with the system process. Such a thread continues running until either the system is shut down or the thread terminates itself by callingPsTerminateSystemThread.

如果输入ProcessHandle为NULL，则创建的线程与系统进程关联。这样的一个线程会持续运行，直到系统关闭或线程调用PsTerminateSystemThread终止自己。

Starting with Windows XP, driver routines that run in a process context other than that of the system process must set the OBJ_KERNEL_HANDLE attribute for theObjectAttributesparameter ofPsCreateSystemThread. This restricts the use of the handle returned byPsCreateSystemThreadto processes running in kernel mode. Otherwise, the thread handle can be accessed by the process in whose context the driver is running. Drivers can set the OBJ_KERNEL_HANDLE attribute as follows.

从Windows XP起，驱动程序在一个进程的上下文以外的系统过程中必须进行的PsCreateSystemThreadObjectAttributes中参数设置OBJ_KERNEL_HANDLE属性运行。由PsCreateSystemThread返回的此句柄限制仅使用于内核模式下。否则，线程句柄能被驱动运行的上下文环境中的进程所访问，。驱动程序可以设置OBJ_KERNEL_HANDLE属性如下。

InitializeObjectAttributes(&ObjectAttributes, NULL, OBJ_KERNEL_HANDLE, NULL, NULL);

Drivers for Windows 2000 and Windows 98/Me must callPsCreateSystemThreadonly from the system process context.

Windows 2000 and Windows 98/Me下的驱动必须只能在系统进程上下文环境中调用PsCreateSystemThread

For more information about theStartContextparameter, seeThreadStart.

关于StartContext参数的更多信息，见ThreadStart.。

The newly created system thread runs at PASSIVE_LEVEL inside a critical region withnormal kernel APCsdisabled.

新创建的系统线程以PASSIVE_LEVEL运行在临界区伴随着内核APC禁用。

PsCreateSystemThreadRequirements 要求

PsCreateSystemThreadSee also 请参阅

InitializeObjectAttributes

KeSetbasePriorityThread

KeSetPriorityThread

PsTerminateSystemThread

ThreadStart

ZwSetInformationThread