NtCreateThread – memory allocations in kernel mode

In this post we try to determine how much kernel memory is required when creating a new thread. This amount of memory is relevant for the upper bound of the number of possible threads in the system as investigated in detail by Mark Russinovich.

For a starting point we looked at the system service call implementation of NtCreateThread and followed every possible code path down to memory allocation functions such as ExAllocatePoolWithTag.

Read more