From 2164b35683005d70eab467cb978cc0714eec6eee Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Herm=C3=A8s=20B=C3=A9lusca-Ma=C3=AFto?= Date: Tue, 19 Aug 2025 14:04:27 +0200 Subject: [PATCH] [NTOS:PS] Implement NtQueryInformationThread(ThreadBreakOnTermination) Invoked by `RtlSetThreadIsCritical()` for returning the previous flag value, and fixes the following error: ``` (ntoskrnl/ps/query.c:3155) Not implemented: 18 ``` The implementation is "identical" to that of NtQueryInformationProcess() `ProcessBreakOnTermination`, with the necessary adaptations, of course. --- ntoskrnl/ps/query.c | 35 +++++++++++++++++++++++++++++++++++ 1 file changed, 35 insertions(+) diff --git a/ntoskrnl/ps/query.c b/ntoskrnl/ps/query.c index a33fb840a14..ff5267dd649 100644 --- a/ntoskrnl/ps/query.c +++ b/ntoskrnl/ps/query.c @@ -3112,6 +3112,41 @@ NtQueryInformationThread(IN HANDLE ThreadHandle, ObDereferenceObject(Thread); break; + case ThreadBreakOnTermination: + + /* Set the return length */ + Length = sizeof(ULONG); + + if (ThreadInformationLength != Length) + { + Status = STATUS_INFO_LENGTH_MISMATCH; + break; + } + + /* Reference the thread */ + Status = ObReferenceObjectByHandle(ThreadHandle, + Access, + PsThreadType, + PreviousMode, + (PVOID*)&Thread, + NULL); + if (!NT_SUCCESS(Status)) + break; + + _SEH2_TRY + { + *(PULONG)ThreadInformation = Thread->BreakOnTermination; + } + _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER) + { + Status = _SEH2_GetExceptionCode(); + } + _SEH2_END; + + /* Dereference the thread */ + ObDereferenceObject(Thread); + break; + case ThreadIsTerminated: /* Set the return length*/