.. / Thread

Description:

It is an identity within a process that Windows schedules to run. These identities share the same virtual address space and resources as the process to which they belong. Executable code typically resides here. For instance, if you are a malware developer, you can use the CreateThread function to create a thread within the self process and execute a payload there. Alternatively, you can use CreateRemoteThread to create a thread in a remote process. Both functions ultimately call CreateRemoteThreadEx.



Thread Image

Functions:

Kernel32.dll

CreateThread

CreateRemoteThread

CreateRemoteThreadEx

WaitForSingleObject

SuspendThread

ResumeThread

ExitThread

GetThreadId

GetThreadInformation

GetThreadContext

Ntdll.dll

NtCreateThread

NtOpenThread

NtImpersonateThread

WaitForSingleObject

NtAlertThread

NtAlertResumeThread

NtContinue

NtCurrentTeb

NtResumeThread

NtSetInformationThread

NtSuspendThread

NtTerminateThread

NtYieldExecution

RtlCreateUserThread


References: