Type of thread descriptor.
typedef struct t_thread { // Information about active threads
ulong threadid; // Thread identifier
ulong dummy; // Always 1
ulong type; // Service information, TY_xxx
HANDLE thread; // Thread handle
ulong datablock; // Per-thread data block
ulong entry; // Thread entry point
ulong stacktop; // Working variable of Listmemory()
ulong stackbottom; // Working variable of Listmemory()
CONTEXT context; // Actual context of the thread
t_reg reg; // Actual contents of registers
int regvalid; // Whether reg is valid
t_reg oldreg; // Previous contents of registers
int oldregvalid; // Whether oldreg is valid
int suspendcount; // Suspension count (may be negative)
long usertime; // Time in user mode, 1/10th ms, or -1
long systime; // Time in system mode, 1/10th ms, or -1
ulong reserved[16]; // Reserved for future compatibility
} t_thread;
Members:
threadid - thread identifier;
dummy - size of thread in space of thread identifiers, must be 1. See Sorted data functions for explanation;
type - type of thread, combination of bits TY_xxx. If bit TY_MAIN is set, this is the main thread;
thread - thread handle. After application started and before OllyDbg received CREATE_PROCESS_DEBUG_EVENT event, thread's handle is unavailable;
datablock - base address of per-thread data block;
entry - address of thread entry point;
context - actual context of the thread. Do not modify context directly, or you risk to crash debugged application!
reg - excerpt from context that contains CPU registers sorted in a natural way. Valid only when regvalid is non-zero. If you need to modify register, stop application if necessary, check that regvalid is non-zero, apply your changes and set reg.modified to 1. Do not change single step flag or debugging register DR6;
regvalid - flag indicating that reg contains actual contents of thread's registers;
oldreg - previous contents of registers, don't modify. If reg.modifiedbyuser is 0, this is a copy of registers on a previous step, otherwise copy of original registers;
oldregvalid - flag indicating that contents of oldreg is valid;
suspendcount - number of times this thread was suspended by OllyDbg. May be negative in case when thread was suspended by user or program and resumed by OllyDbg. Do not modify directly!
usertime - time the thread spent in user mode, in 100-microsecond units, or -1 if unavailable;
systime - time the thread spent in system mode, in 100-microsecond units, or -1 if unavailable;
reserved - reserved for future use exclusively by OllyDbg.
See also: Findthread, Plugingetvalue