Windows thread information

NtQuerySystemInformation (SystemProcessesAndThreadsInformation...) works, GetThreadStartAddress working not as expected/named. NtQueryInformationThread is too. As the bottom of the stack in pre-Vista systems is kernel32!BaseProcessStart or kernel32!BaseThreadStart, one can usually look up one frame in the stack to find the module containing the "ThreadProc".