Get the start address of a Thread in windows

start_address.py

from ctypes import c_ulong, windll, byref, sizeof, c_void_p


ntdll = windll.ntdll

DWORD = c_ulong
HANDLE = c_void_p

# Defines THREADINFOCLASS enumeration
ThreadBasicInformation = 0
ThreadTimes = 1
ThreadPriority = 2
ThreadBasePriority = 3
ThreadAffinityMask = 4
ThreadImpersonationToken = 5
ThreadDescriptorTableEntry = 6
ThreadEnableAlignmentFaultFixup = 7
ThreadEventPair = 8
ThreadQuerySetWin32StartAddress = 9
ThreadZeroTlsCell = 10
ThreadPerformanceCount = 11
ThreadAmILastThread = 12
ThreadIdealProcessor = 13
ThreadPriorityBoost = 14
ThreadSetTlsArrayAddress = 15
ThreadIsIoPending = 16
ThreadHideFromDebugger = 17

STATUS_SUCCESS = 0


def start_address(thread_handle):
    """Return the start address of the thread_handle"""
    start_addr = DWORD(0)
    status = ntdll.NtQueryInformationThread(thread_handle,
                                            ThreadQuerySetWin32StartAddress,
                                            byref(start_addr),
                                            sizeof(DWORD),
                                            None)
    if status != STATUS_SUCCESS:
        return None

    return start_addr