What Uses ThreadHideFromDebugger/Thread_create_flags_hide_from_debugger?
Windows supports calling NtSetInformationThread with ThreadHideFromDebugger as an argument, and calling NtCreateThreadEx with THREAD_CREATE_FLAGS_HIDE_FROM_DEBUGGER as an argument. Doing either of those things will, as the name suggests, hide that thread from the debugger. Obviously, these are incredibly useful for malware authors to inhibit reverse engineering by security researchers. Is there any legitimate use for these during actual debugging, though? If so, what are they? If not, why would Microsoft give Windows a feature only useful to malware?
From what I can tell it does not hide anything. The flag controls if traps in a given thread are to be handled by the debugger. The debugger likely supports clearing this flag or setting as needed so that it need only show the user the traps from the threads that the user desires.
https://www.lodsb.com/ntsetinformationthread-disabling-threa...