1:CreateThread creates a user-mode stack for the thread in the process's
address space.
2:CreateThread initializes the thread's hardware context
(CPU architecture-specific). (For further information on the thread
context block, see the Win32 API referencedo
cumentation on the CONTEXT
structure.)
3:NtCreateThread is called to create the executive thread object in the
suspended state. The following steps execute in kernel mode inside the
Windows 2000 executive and kernel
4:CreateThread notifies the Win32 subsystem about the new thread, and the
subsystemdo
es some setup work for the new thread.
5:The thread handle and the thread ID (generated during step 3) are
returned to the caller.
6:Unless the caller created the thread with the CREATE_SUSPENDED flag set,
the thread is now resumed so that it can be scheduled for execution. When
the thread starts running, it executes the following additional steps (in
the context of the new thread) before calling the actual user's specified
start address.
