Properly set the ref count of ethread, fixes Amped

src/core/kernel/common/types.h

@@ -1916,10 +1916,10 @@ KTHREAD, *PKTHREAD, *RESTRICTED_POINTER PRKTHREAD;
 typedef struct _ETHREAD
 {
     struct _KTHREAD    Tcb;
-    LARGE_INTEGER      CreateTime;
+    LARGE_INTEGER      CreateTime;     // 0x110
-    LARGE_INTEGER      ExitTime;
+    LARGE_INTEGER      ExitTime;       // 0x118
     ntstatus_xt        ExitStatus;     // 0x120
-    uchar_xt           UnknownB[0x8];  // 0x124
+    uchar_xt           Unknown[0x8];   // 0x124
     HANDLE             UniqueThread;   // 0x12C
 }
 ETHREAD, *PETHREAD;

src/core/kernel/exports/EmuKrnlPs.cpp

@@ -288,6 +288,11 @@ XBSYSAPI EXPORTNUM(255) xbox::ntstatus_xt NTAPI xbox::PsCreateSystemThreadEx
 			RETURN(X_STATUS_INSUFFICIENT_RESOURCES);
 		}
 
+		// Increment the ref count of the thread once more. This is to guard against the case the title closes the thread handle
+		// before this thread terminates with PsTerminateSystemThread
+		// Test case: Amped
+		ObfReferenceObject(eThread);
+
 		KeQuerySystemTime(&eThread->CreateTime);
 		KiUniqueProcess.StackCount++;
 		RegisterXboxHandle(*ThreadHandle, handle);
@@ -376,6 +381,8 @@ XBSYSAPI EXPORTNUM(258) xbox::void_xt NTAPI xbox::PsTerminateSystemThread
 	}
 
 	EmuKeFreeThread(ExitStatus);
+	// Don't do this in EmuKeFreeThread because we only increment the thread ref count in PsCreateSystemThreadEx
+	ObfDereferenceObject(eThread);
 	KiUniqueProcess.StackCount--;
 
 	_endthreadex(ExitStatus);