There's padding in the struct which you are not allowing for that, hence the STATUS_INFO_LENGTH_MISMATCH
error.
The easiest and most reliable way to find out the size of the struct is to get the compiler to work it out:
sizeof(THREAD_BASIC_INFORMATION)
Anyway, you can work it out by hand readily enough:
Type Name Offset Size ---- ---- ------ ---- NTSTATUS ExitStatus; 0 4 Padding 4 4 PVOID TebBaseAddress; 8 8 CLIENT_ID ClientId; 16 16 KAFFINITY AffinityMask; 32 8 KPRIORITY Priority; 40 4 KPRIORITY BasePriority; 44 4
So that would make the total size of the struct 48 bytes, or 0x30
.
The padding is to ensure that TebBaseAddress
is 8 byte aligned.