There isn't much information about the native API NtAlertResumeThread. According to the documentation on NTInternals:
http://undocumented.ntinternals.net/Use ... hread.html
Does it mean that the subject thread will be preempted immediately and unconditionally to executed all queued user APCs?Difference between AlertResumeThread and ResumeThread it's the first one sets Thread Object to alerted state (so before thread will continue execution, all APC will be executed).
I am looking for a *hack* to preempt a remote thread (in another process) to execute its queued user APCs immedately. I perfectly understand that the APC is not designed to be used in this way.
I run across the source code of ReactOS. I understand that ReactOS isn't a clone of Windows, but at least it behaves like a Windows. I'm interested in how NtAlertResumeThread is implemented in ReactOS. Maybe it help me understand how it works in Windows.
Here is my bare understanding of the source code.
In ReactOS, there isn't much work done in NtAlertResumeThread. Rather, it looks up the thread object from the handle, and passes it to KeAlertResumeThread. KeAlertResumeThread acquires the lock of the APC queue (not sure it's a kmode o umode APC queue), but I don't find the code which executes all the queued APCs.
Any idea?
Source of NtAlertResumeThread:
http://www.reactos.org/generated/doxyge ... te_8c.html
Source of KeAlertResumeThread:
http://www.reactos.org/generated/doxyge ... c.html#a28