Obtain thread handle from thread id of ANOTHER process

Question

First off, I'm quite surprised that Google showed absolutely nothing about this specific question, despite it being necessary to implement even a bare-bones Win32 debugger using the Win32 debugging functions as documented in here: https://msdn.microsoft.com/en-us/library/windows/desktop/ms679303%28v=vs.85%29.aspx?f=255&MSPPError=-2147217396

The necessity of what I am asking for arises when a debugger process returns from WaitForDebugEvent, gets any event, and in the DEBUG_EVENT structure is a DWORD dwThreadId member, which of course is a thread ID of the debuggee process. Now, I want to manipulate this debuggee thread using Get/SetThreadContext, which only accepts HANDLE hThread. So, I need some way to get a HANDLE from a thread ID, but there does not seem to be a way to do this for another process (OpenThread only works for the current process).

But the reason why this is necessary to implement a bare-bones debugger is when the debugger is to handle an INT3 breakpoint, the debuggee has already executed the INT3 instruction, and the EIP needs to be decremented to account for that, hence the need for SetThreadContext. So if I can't do this, I can't even implement something as rudimentary as INT3 breakpoints!

Bottom line is, there has to be a way, some undocumented way (not even anything popping up in Google!), because of all of the existing, working debuggers out there, perhaps some undocumented function in ntdll.dll?

All of the information I could find on Google about the Win32 implementation of INT3 breakpoints simply use the hThread retrieved from the initial call to CreateProcess, and this works perfectly when the debuggee only has one thread, but that is a severe limitation obviously.

Answer 1

Whoops, I'm an idiot. OpenThread works for all processes apparently, I thought it didn't because it doesn't accept a process ID/handle. So I was looking and thinking in all the wrong places.