Extract current thread EP.

//http://waleedassar.blogspot.com
//http://www.twitter.com/waleedassar
//Code to get the entry point (StartAddress) of the current thread
#include "stdafx.h"
#include "iostream.h"
#include "windows.h"
#include "structs.h"

struct CLIENT_ID
{
     unsigned long UniqueProcess;
     unsigned long UniqueThread;
};

struct UNICODE_STRING
{
 unsigned short Length;
 unsigned short MaximumLength;
 wchar_t*  Buffer;
};

struct VM_COUNTERS
{
    unsigned long PeakVirtualSize;
    unsigned long VirtualSize;
    unsigned long PageFaultCount;
    unsigned long PeakWorkingSetSize;
    unsigned long WorkingSetSize;
    unsigned long QuotaPeakPagedPoolUsage;
    unsigned long QuotaPagedPoolUsage;
    unsigned long QuotaPeakNonPagedPoolUsage;
    unsigned long QuotaNonPagedPoolUsage;
    unsigned long PagefileUsage;
    unsigned long PeakPagefileUsage;
};

struct IO_COUNTERS
{
  ULONGLONG ReadOperationCount;
  ULONGLONG WriteOperationCount;
  ULONGLONG OtherOperationCount;
  ULONGLONG ReadTransferCount;
  ULONGLONG WriteTransferCount;
  ULONGLONG OtherTransferCount;
};

struct SYSTEM_THREAD_INFORMATION
{
    LARGE_INTEGER KernelTime;
    LARGE_INTEGER UserTime;
    LARGE_INTEGER CreateTime;
    unsigned long WaitTime;
    unsigned long StartAddress;
    CLIENT_ID ClientId;
    long Priority;
    long BasePriority;
    unsigned long ContextSwitchCount;
    long State;
    long WaitReason;
};


struct SYSTEM_PROCESS_INFORMATION {
unsigned long NextEntryDelta;
unsigned long ThreadCount;
unsigned long Reserved1[6];
LARGE_INTEGER CreateTime;
LARGE_INTEGER UserTime;
LARGE_INTEGER KernelTime;
UNICODE_STRING ProcessName;
long BasePriority;
unsigned long ProcessId;
unsigned long InheritedFromProcessId;
unsigned long HandleCount;
unsigned long Reserved2[2];
VM_COUNTERS VmCounters;
IO_COUNTERS IoCounters;
SYSTEM_THREAD_INFORMATION Threads[5]; //Here, 5 is a random number
};

#define SystemProcessesAndThreadsInformation 0x5
#define STATUS_INFO_LENGTH_MISMATCH 0xC0000004

#define CANT_ALLOCATE 0x333 //mine
#define DONE          0x111 //mine
extern "C"
{
   int __stdcall ZwQuerySystemInformation(int,void*,int,void*);
}


int main(int argc, char* argv[])
{
    unsigned long cbBuffer=0x5000;
    void* Buffer=(void*)LocalAlloc(0,cbBuffer);
    if(Buffer==0) return CANT_ALLOCATE;
    bool x=false;
    bool error=false;
    while(x==false)
    {
        int ret=ZwQuerySystemInformation(SystemProcessesAndThreadsInformation,Buffer,cbBuffer,0);
        if(ret<0)
        {
            if(ret==STATUS_INFO_LENGTH_MISMATCH)
            {
                cbBuffer=cbBuffer+cbBuffer;
                LocalFree(Buffer);
                Buffer=(void*)LocalAlloc(0,cbBuffer);
                if(Buffer==0) return CANT_ALLOCATE;
                x=false;
            }
            else
            {
                x=true;
                error=true;
            }
        }
        else x=true;
    }
    if(error==false)
    {
        SYSTEM_PROCESS_INFORMATION* p=(SYSTEM_PROCESS_INFORMATION*)Buffer;

        while(1)
        {
            cout<<(int*)GetCurrentProcessId()<<" "<<(int*)(p->ProcessId)<<endl;
            if(p->ProcessId==GetCurrentProcessId())
            {
                for(int i=0;i<p->ThreadCount;i++)
                {
                    if(GetCurrentThreadId()==p->Threads[i].ClientId .UniqueThread)
                    {
                        cout<<"found"<<endl;
                        cout<<(int*)(p->Threads[i].StartAddress)<<endl;
                        LocalFree(Buffer);
                        ExitProcess(DONE);
                    }
                }
            }
            if(p->NextEntryDelta==0) break;
            p=(SYSTEM_PROCESS_INFORMATION*)((unsigned char*)p+(p->NextEntryDelta));
        }
    }
    LocalFree(Buffer);
    return 0;
}