diff --git a/ghost-core/src/lib.rs b/ghost-core/src/lib.rs
index cf39b36..dea59bc 100644
--- a/ghost-core/src/lib.rs
+++ b/ghost-core/src/lib.rs
@@ -1,7 +1,9 @@
 pub mod detection;
 pub mod memory;
 pub mod process;
+pub mod thread;
 
 pub use detection::{DetectionEngine, DetectionResult, ThreatLevel};
 pub use memory::{MemoryProtection, MemoryRegion};
 pub use process::ProcessInfo;
+pub use thread::ThreadInfo;
diff --git a/ghost-core/src/thread.rs b/ghost-core/src/thread.rs
new file mode 100644
index 0000000..4ba91b7
--- /dev/null
+++ b/ghost-core/src/thread.rs
@@ -0,0 +1,76 @@
+use std::fmt;
+
+#[derive(Debug, Clone)]
+pub struct ThreadInfo {
+    pub tid: u32,
+    pub owner_pid: u32,
+    pub start_address: usize,
+}
+
+impl fmt::Display for ThreadInfo {
+    fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
+        write!(
+            f,
+            "TID {} @ {:#x}",
+            self.tid, self.start_address
+        )
+    }
+}
+
+#[cfg(windows)]
+mod platform {
+    use super::ThreadInfo;
+    use anyhow::{Context, Result};
+    use windows::Win32::Foundation::CloseHandle;
+    use windows::Win32::System::Diagnostics::ToolHelp::{
+        CreateToolhelp32Snapshot, Thread32First, Thread32Next, THREADENTRY32, TH32CS_SNAPTHREAD,
+    };
+
+    pub fn enumerate_threads(pid: u32) -> Result<Vec<ThreadInfo>> {
+        let mut threads = Vec::new();
+
+        unsafe {
+            let snapshot = CreateToolhelp32Snapshot(TH32CS_SNAPTHREAD, 0)
+                .context("Failed to create thread snapshot")?;
+
+            let mut entry = THREADENTRY32 {
+                dwSize: std::mem::size_of::<THREADENTRY32>() as u32,
+                ..Default::default()
+            };
+
+            if Thread32First(snapshot, &mut entry).is_ok() {
+                loop {
+                    if entry.th32OwnerProcessID == pid {
+                        threads.push(ThreadInfo {
+                            tid: entry.th32ThreadID,
+                            owner_pid: entry.th32OwnerProcessID,
+                            start_address: 0, // TODO: Get actual start address
+                        });
+                    }
+
+                    if Thread32Next(snapshot, &mut entry).is_err() {
+                        break;
+                    }
+                }
+            }
+
+            let _ = CloseHandle(snapshot);
+        }
+
+        Ok(threads)
+    }
+}
+
+#[cfg(not(windows))]
+mod platform {
+    use super::ThreadInfo;
+    use anyhow::Result;
+
+    pub fn enumerate_threads(_pid: u32) -> Result<Vec<ThreadInfo>> {
+        Ok(Vec::new())
+    }
+}
+
+pub fn enumerate_threads(pid: u32) -> anyhow::Result<Vec<ThreadInfo>> {
+    platform::enumerate_threads(pid)
+}