Get Main ThreadId Of A Process

//http://waleedassar.blogspot.com/
//http://www.twitter.com/waleedassar

//Use the following code to extract the thread id of the main thread
// of a given process.
//I'm using a very old compiler. In case you use a newer one, you should delete
//the already-defined structures.

#include "stdafx.h"
#include "windows.h"
#include "stdio.h"


#define SystemProcessesAndThreadsInformation 0x5
#define STATUS_INFO_LENGTH_MISMATCH          0xC0000004

extern "C"
{
    int __stdcall ZwQuerySystemInformation(unsigned long,void*,unsigned long,unsigned long*);
}

struct CLIENT_ID
{
     unsigned long UniqueProcess;
     unsigned long UniqueThread;
};

struct UNICODE_STRING
{
 unsigned short Length;
 unsigned short MaximumLength;
 wchar_t*  Buffer;
};

struct VM_COUNTERS
{
    unsigned long PeakVirtualSize;
    unsigned long VirtualSize;
    unsigned long PageFaultCount;
    unsigned long PeakWorkingSetSize;
    unsigned long WorkingSetSize;
    unsigned long QuotaPeakPagedPoolUsage;
    unsigned long QuotaPagedPoolUsage;
    unsigned long QuotaPeakNonPagedPoolUsage;
    unsigned long QuotaNonPagedPoolUsage;
    unsigned long PagefileUsage;
    unsigned long PeakPagefileUsage;
};

struct IO_COUNTERS
{
  ULONGLONG ReadOperationCount;
  ULONGLONG WriteOperationCount;
  ULONGLONG OtherOperationCount;
  ULONGLONG ReadTransferCount;
  ULONGLONG WriteTransferCount;
  ULONGLONG OtherTransferCount;
};

struct SYSTEM_THREAD_INFORMATION
{
    LARGE_INTEGER KernelTime;
    LARGE_INTEGER UserTime;
    LARGE_INTEGER CreateTime;
    unsigned long WaitTime;
    unsigned long StartAddress;
    CLIENT_ID ClientId;
    long Priority;
    long BasePriority;
    unsigned long ContextSwitchCount;
    long State;
    long WaitReason;
};


struct SYSTEM_PROCESS_INFORMATION
{
    unsigned long NextEntryDelta;
    unsigned long ThreadCount;
    unsigned long Reserved1[6];
    LARGE_INTEGER CreateTime;
    LARGE_INTEGER UserTime;
    LARGE_INTEGER KernelTime;
    UNICODE_STRING ProcessName;
    long BasePriority;
    unsigned long ProcessId;
    unsigned long InheritedFromProcessId;
    unsigned long HandleCount;
    unsigned long Reserved2[2];
    VM_COUNTERS VmCounters;
    IO_COUNTERS IoCounters;
    SYSTEM_THREAD_INFORMATION Threads[5]; //Here, 5 is a random number
};


unsigned long GetMainThreadId(unsigned long ProcessId)
{
    unsigned long cbBuffer=0x5000;  //Initial Buffer Size
    void* Buffer=(void*)LocalAlloc(0,cbBuffer);
    if(Buffer==0) return 0;
    bool x=false;
    bool error=false;
    while(x==false)
    {
        int ret=ZwQuerySystemInformation(SystemProcessesAndThreadsInformation,Buffer,cbBuffer,0);
        if(ret<0)
        {
            if(ret==STATUS_INFO_LENGTH_MISMATCH)
            {
                cbBuffer=cbBuffer+cbBuffer;
                LocalFree(Buffer);
                Buffer=(void*)LocalAlloc(0,cbBuffer);
                if(Buffer==0) return 0;
                x=false;
            }
            else
            {
                x=true;
                error=true;
            }
        }
        else x=true;
    }
    if(error==false)
    {
        SYSTEM_PROCESS_INFORMATION* p=(SYSTEM_PROCESS_INFORMATION*)Buffer;
        while(1)
        {
            if(p->ProcessId==ProcessId)
            {
                unsigned long ThreadId=p->Threads[0].ClientId.UniqueThread;
                        LocalFree(Buffer);
                return ThreadId;
            }
            if(p->NextEntryDelta==0) break;
            p=(SYSTEM_PROCESS_INFORMATION*)((unsigned char*)p+(p->NextEntryDelta));
        }
    }
    LocalFree(Buffer);
    return 0;
}

int main()
{
    unsigned long pid=0;
    printf("Enter Process Id ");
    scanf("%d",&pid);
    if(!pid) return printf("Error: Invalid Process Id\r\n");
    //------------------------------------------------------
    unsigned long ThreadId=GetMainThreadId(pid);
    printf("Main thread id of process %x is: %x\r\n",pid,ThreadId);
}