[Code] [Kernel] Enum thread which in process

EnumProcessThread

// Enum thread which in process

struct Thread_t {
	ULONG64 tid;
	ULONG64 base;
}

NTSTATUS EnumProcessThread( HANDLE pid, std::vector<Thread_t> & list )
{
	PSYSTEM_PROCESS_INFORMATION	pProcess;
	ULONG				needSize;
	PEPROCESS			pEProcess;
	NTSTATUS			status = PsLookupProcessByProcessId( pid, &pEProcess );
	if ( !NT_SUCCESS( status ) )
	{
		returnstatus;
	}
	ObReferenceObject( pEProcess );
	ZwQuerySystemInformation( 5, NULL, 0, &needSize );
	std::vector<char> tmpBuf;
	tmpBuf.resize( needSize );
	ZwQuerySystemInformation( 5, tmpBuf.data(), needSize, &needSize );
	pProcess	= (PSYSTEM_PROCESS_INFORMATION) tmpBuf.data();
	status		= STATUS_NOT_FOUND;
	do
	{
		if ( pProcess->ProcessId == PsGetProcessId( pEProcess ) )
		{
			status = STATUS_SUCCESS;
			break;
		}
		pProcess = (PSYSTEM_PROCESS_INFORMATION) ( (PUCHAR) pProcess + pProcess->NextEntryOffset);
	}
	while ( pProcess->NextEntryOffset != 0 );
	if ( !NT_SUCCESS( status ) )
	{
		ObDereferenceObject( pEProcess );
		return status;
	}
	for ( ULONGi = 0; i < pProcess->NumberOfThreads; i++ )
	{
		list.push_back( {
					(ULONG64) pProcess->Threads[i].ClientId.UniqueThread,
					(ULONG64) pProcess->Threads[i].StartAddress
				} );
	}
	ObDereferenceObject( pEProcess );
	return status;
}