當前位置: 首頁>>代碼示例>>C++>>正文


C++ GetThreadContext函數代碼示例

本文整理匯總了C++中GetThreadContext函數的典型用法代碼示例。如果您正苦於以下問題:C++ GetThreadContext函數的具體用法?C++ GetThreadContext怎麽用?C++ GetThreadContext使用的例子?那麽, 這裏精選的函數代碼示例或許可以為您提供幫助。


在下文中一共展示了GetThreadContext函數的15個代碼示例,這些例子默認根據受歡迎程度排序。您可以為喜歡或者感覺有用的代碼點讚,您的評價將有助於係統推薦出更棒的C++代碼示例。

示例1: log_branch

void log_branch(_In_ PVOID address, _In_ DWORD pid, _In_ DWORD thread_id)
{
    if (!((DWORD_PTR)address >= k32_base && (DWORD_PTR)address < k32_max))
    {
        return;
    }


    // exception address read
    PDEBUGGEE dbge = NULL;
    for (int i = 0; i < sizeof(_debuggees) / sizeof(DEBUGGEE); ++i)
    {
        if (_debuggees[i]._pid == pid)
        {
            dbge = &_debuggees[i];
        }
    }
    if (NULL == dbge) return;

    SIZE_T bytes_read = 0;
    unsigned char buf[4] = { 0 };
    ReadProcessMemory(dbge->_proc_handle,
                      address,
                      buf,
                      sizeof(buf),
                      &bytes_read);

    if (0xE8 == buf[0])
    {
        log("call at 0x%08x", address);
    }

    // single step 을 활성화

    ch_param param = { 0 };
    param.hthread = OpenThread(THREAD_ALL_ACCESS, FALSE, thread_id);
    if (NULL != param.hthread)
    {
        param.context.ContextFlags = CONTEXT_ALL;
        if (TRUE != GetThreadContext(param.hthread, &param.context))
        {
            _ASSERTE(!"oops!");
            return;
        }
        set_single_step(&param);
    }
}
開發者ID:somma,項目名稱:bob_dbg,代碼行數:47,代碼來源:bob_dbg.cpp

示例2: ReadCallstackX86

void ReadCallstackX86( HANDLE hProcess, HANDLE hThread, std::list<FrameX86>& stack )
{
    const int       MaxStackDepth = 10000;
    FrameX86        frame = { 0 };
#if _WIN64
    WOW64_CONTEXT   context = { 0 };
#else
    CONTEXT         context = { 0 };
#endif

#if _WIN64
    context.ContextFlags = WOW64_CONTEXT_CONTROL;
#else
    context.ContextFlags = CONTEXT_CONTROL;
#endif

#if _WIN64
    Wow64GetThreadContext( hThread, &context );
#else
    GetThreadContext( hThread, &context );
#endif

    DWORD   nextAddr = context.Ebp;
    DWORD   retAddr = context.Eip;

    for ( int i = 0; i < MaxStackDepth; i++ )
    {
        frame.Eip = retAddr;
        frame.Ebp = nextAddr;

        stack.push_back( frame );

        if ( nextAddr == 0 )
            break;

        BOOL    bRet = FALSE;
        SIZE_T  bytesRead = 0;

        bRet = ReadProcessMemory( hProcess, (void*) (nextAddr+sizeof nextAddr), &retAddr, sizeof retAddr, &bytesRead );
        if ( !bRet )
            break;

        bRet = ReadProcessMemory( hProcess, (void*) nextAddr, &nextAddr, sizeof nextAddr, &bytesRead );
        if ( !bRet )
            break;
    }
}
開發者ID:Kentorix,項目名稱:MagoWrapper,代碼行數:47,代碼來源:Utility.cpp

示例3: memset

ErrorCode Thread::readCPUState(Architecture::CPUState &state) {
  CONTEXT context;

  memset(&context, 0, sizeof(context));
  context.ContextFlags = CONTEXT_INTEGER |        // GP registers.
                         CONTEXT_CONTROL |        // Some more GP + CPSR.
                         CONTEXT_FLOATING_POINT | // FP registers.
                         CONTEXT_DEBUG_REGISTERS; // Debug registers.

  BOOL result = GetThreadContext(_handle, &context);
  if (!result) {
    return Platform::TranslateError();
  }

  // GP registers + CPSR.
  state.gp.r0 = context.R0;
  state.gp.r1 = context.R1;
  state.gp.r2 = context.R2;
  state.gp.r3 = context.R3;
  state.gp.r4 = context.R4;
  state.gp.r5 = context.R5;
  state.gp.r6 = context.R6;
  state.gp.r7 = context.R7;
  state.gp.r8 = context.R8;
  state.gp.r9 = context.R9;
  state.gp.r10 = context.R10;
  state.gp.r11 = context.R11;
  state.gp.ip = context.R12;
  state.gp.sp = context.Sp;
  state.gp.lr = context.Lr;
  state.gp.pc = context.Pc;
  state.gp.cpsr = context.Cpsr;

  if (state.isThumb()) {
    if (state.gp.pc & 1ULL) {
      DS2LOG(Debug, "removing thumb bit from pc and lr");
      state.gp.pc &= ~1ULL;
    } else {
      DS2LOG(Warning,
             "CPU is in thumb mode but doesn't have thumb bit set in pc");
    }
  }

  // TODO(sas): Handle floating point and debug registers.

  return kSuccess;
}
開發者ID:fjricci,項目名稱:ds2,代碼行數:47,代碼來源:ThreadARM.cpp

示例4: GetThreadContext

BOOL CDbgHook::OnExceptionDbgEvent(DEBUG_EVENT& de, IHookWorker& Work)
{
	PVOID lpAddr;
	hsOrgOpcode::iterator it;
	hsFuncName::iterator it2;
	BYTE Int3 = 0xCC;
	CONTEXT ctx;

	if (de.u.Exception.ExceptionRecord.ExceptionCode != EXCEPTION_BREAKPOINT)
		return FALSE;

	lpAddr = de.u.Exception.ExceptionRecord.ExceptionAddress;

	//Original Opcode를 구한다.
	it = OrgBytes.find(lpAddr);

	if (it == OrgBytes.end())
		return FALSE;

	//해당 함수명을 구한다.
	it2 = Funcs.find(lpAddr);

	if (it2 == Funcs.end())
		return FALSE;

	//할 일을 한다.
	Work.Worker(lpAddr, it2->second);

	//Eip조정
	ctx.ContextFlags = CONTEXT_CONTROL;
	GetThreadContext(m_cpdi.hThread, &ctx);

	ctx.Eip = (DWORD)lpAddr;
	SetThreadContext(m_cpdi.hThread, &ctx);


	//Unhook
	WriteProcessMemory(m_cpdi.hProcess, lpAddr, &it->second, sizeof(it->second), NULL);

	ContinueDebugEvent(de.dwProcessId, de.dwThreadId, DBG_CONTINUE);
	Sleep(0);

	//Hook
	WriteProcessMemory(m_cpdi.hProcess, lpAddr, &Int3, sizeof(Int3), NULL);

	return TRUE;
}
開發者ID:gkscndrl,項目名稱:GoldRushData,代碼行數:47,代碼來源:DbgHook.cpp

示例5: main

int
main(int argc, char *argv[])
{
  HANDLE thread;
  DWORD thread_id;
  CONTEXT context;

  context.ContextFlags=CONTEXT_CONTROL;

  z=0;
  thread=CreateThread(NULL,
                      0x1000,
                      (LPTHREAD_START_ROUTINE)thread_1,
                      NULL,
                      0,
                      &thread_id);

  if(!thread)
  {
    printf("Error: could not create thread ...\n");
    ExitProcess(0);
  }

  Sleep(1000);

  SuspendThread(thread);

  for(;;)
  {
    printf("%lx ", z);
    Sleep(100);x++;
    if(x>100 && GetThreadContext(thread, &context))
    {
#if defined(_M_IX86)
      printf("EIP: %lx\n", context.Eip);
#elif defined(_M_AMD64)
      printf("RIP: %p\n", context.Rip);
#endif
      printf("Calling resumethread ... \n");
      ResumeThread(thread);
    }
  }

  ExitProcess(0);
  return(0);
}
開發者ID:GYGit,項目名稱:reactos,代碼行數:46,代碼來源:suspend.c

示例6: GetCPUContext

bool CODebugger::GetCPUContext(HANDLE hhThread, DEBUGGER_CPU *cpu)
{
	CONTEXT		ctx;

	ctx.ContextFlags = CONTEXT_FULL;
	if (!GetThreadContext(hhThread, &ctx)) 
	{
		return false;
	}

	cpu->EAX = ctx.Eax;
	cpu->ECX = ctx.Ecx;
	cpu->EDX = ctx.Edx;
	cpu->EBX = ctx.Ebx;
	cpu->ESI = ctx.Esi;
	cpu->EDI = ctx.Edi;
	cpu->EBP = ctx.Ebp;
	cpu->ESP = ctx.Esp;
	cpu->EIP = ctx.Eip;
	cpu->CS = ctx.SegCs;
	cpu->DS = ctx.SegDs;
	cpu->ES = ctx.SegEs;
	cpu->FS = ctx.SegFs;
	cpu->GS = ctx.SegGs;
	cpu->SS = ctx.SegSs;
	cpu->EFlags = ctx.EFlags;

	memcpy(cpu->ST0,&ctx.FloatSave.RegisterArea[00],10);
	memcpy(cpu->ST1,&ctx.FloatSave.RegisterArea[10],10);
	memcpy(cpu->ST2,&ctx.FloatSave.RegisterArea[20],10);
	memcpy(cpu->ST3,&ctx.FloatSave.RegisterArea[30],10);
	memcpy(cpu->ST4,&ctx.FloatSave.RegisterArea[40],10);
	memcpy(cpu->ST5,&ctx.FloatSave.RegisterArea[50],10);
	memcpy(cpu->ST6,&ctx.FloatSave.RegisterArea[60],10);
	memcpy(cpu->ST7,&ctx.FloatSave.RegisterArea[70],10);
	
	/*cpu->XMM1 = ctx.Xmm1;
	cpu->XMM2 = ctx.Xmm2;
	cpu->XMM3 = ctx.Xmm3;
	cpu->XMM4 = ctx.Xmm4;
	cpu->XMM5 = ctx.Xmm5;
	cpu->XMM6 = ctx.Xmm6;
	cpu->XMM7 = ctx.Xmm7;*/

	return true;
}
開發者ID:professor-nishui,項目名稱:olanguage,代碼行數:46,代碼來源:ODebugger.cpp

示例7: SetDebugControlAndStatus

//--------------------------------------------------------------------------
ea_t wince_debmod_t::is_hwbpt_triggered(thid_t id, bool /*is_stepping*/)
{
  if ( is_xscale )
  {
    uint32 dcsr = SetDebugControlAndStatus(0, 0);
    int moe = (dcsr >> 2) & 7;  // method of entry (exception reason)
    //    msg("moe=%d\n", moe);
    switch ( moe )
    {
    case 1: // Instruction Breakpoint Hit
    case 2: // Data Breakpoint Hit
      {
        SetDebugControlAndStatus(0, 7<<2); // clean moe
        CONTEXT Context;
        Context.ContextFlags = CONTEXT_CONTROL;
        HANDLE h = get_thread_handle(id);
        if ( GetThreadContext(h, &Context) )
        {
          ea_t ea = s0tops(Context.Pc);
          if ( s0tops(codebpts[0]) == ea || s0tops(codebpts[1]) == ea )
          {
            //              msg("HARDWARE CODE BREAKPOINT!\n");
            return ea;
          }
          // This is a data breakpoint
          // Set PC to the next instruction since the data bpts always occur
          // AFTER the instruction
#define THUMB_STATE 0x0020
          Context.Pc += (Context.Psr & THUMB_STATE)? 2 : 4;
          SetThreadContext(h, &Context);
        }
        // FIXME: determine which data bpt really caused the exception
        // Currently we just return the first active bpt
        return databpts[0] != BADADDR ? databpts[0] : databpts[1];
      }
    case 0: // Processor Reset
    case 3: // BKPT Instruction Executed
    case 4: // External Debug Event (JTAG Debug Break or SOC Debug Break)
    case 5: // Vector Trap Occurred
    case 6: // Trace Buffer Full Break
    case 7: // Reserved
      break;
    }
  }
  return BADADDR;
}
開發者ID:nihilus,項目名稱:ida_objectivec_plugins,代碼行數:47,代碼來源:wince_debmod.cpp

示例8: DumpThreads

void DumpThreads(void)
{
	HANDLE	snapshot = CreateToolhelp32Snapshot(TH32CS_SNAPTHREAD, GetCurrentProcessId());
	if(snapshot != INVALID_HANDLE_VALUE)
	{
		THREADENTRY32	info;

		info.dwSize = sizeof(info);

		if(Thread32First(snapshot, &info))
		{
			do 
			{
				if(info.th32OwnerProcessID == GetCurrentProcessId())
				{
					UInt32	eip = 0xFFFFFFFF;

					HANDLE	thread = OpenThread(THREAD_GET_CONTEXT, FALSE, info.th32ThreadID);
					if(thread)
					{
						CONTEXT	ctx;

						ctx.ContextFlags = CONTEXT_CONTROL;

						GetThreadContext(thread, &ctx);

						eip = ctx.Eip;

						CloseHandle(thread);
					}

					_MESSAGE("thread %d pri %d eip %08X%s",
						info.th32ThreadID,
						info.tpBasePri,
						eip,
						(info.th32ThreadID == GetCurrentThreadId()) ? " current thread" : "");
				}

				info.dwSize = sizeof(info);
			}
			while(Thread32Next(snapshot, &info));
		}

		CloseHandle(snapshot);
	}
}
開發者ID:Alenett,項目名稱:TES-Reloaded-Source,代碼行數:46,代碼來源:main.cpp

示例9: BreakpointAction

/* BreakpointAction - Do work!
 * BreakpointAction sets the process into SINGLE_STEP mode so you can easily know when
 * the CPU finishes the instruction (Thanks to DarkStorm for this inspiration)
 * It then removes the Breakpoint and calls the callback, if present.
 */
void BreakpointAction(Breakpoint *BPX, HANDLE threadhandle)
{
   static CONTEXT context;
   memset(&context, 0, sizeof(context));

   context.ContextFlags=CONTEXT_FULL;
   GetThreadContext(threadhandle, &context);
   context.Eip=(DWORD)(LRESULT)BPX->Address;
   context.EFlags|= 0x0100; /* Single step */
   SetThreadContext(threadhandle, &context);

   RemoveBreakpoint(BPX);

   if(BPX->CallbackFunc)
      BPX->CallbackFunc(BPX->TargetProcess, BPX->dbgev, &context, BPX->type);
   return;
}
開發者ID:Skinny1001,項目名稱:UOLog_1.2,代碼行數:22,代碼來源:Breakpoint.c

示例10: set_step_threads

static void
set_step_threads (int threadId, int trace)
{
  int rv, tix;
  HANDLE thread = lookup_thread_id (threadId, &tix);

  rv = GetThreadContext (thread, &context);
  if (rv != -1)
    {
      thread_step_flags[tix] = trace;
      if (trace)
	context.EFlags |= 0x100; /* TRAP (single step) flag */
      else
	context.EFlags &= ~0x100; /* TRAP (single step) flag */
      SetThreadContext (thread, &context);
    }
}
開發者ID:anshus012,項目名稱:binutils,代碼行數:17,代碼來源:ssp.c

示例11: DbgProcessRequest

/**
*	Process session request
*
*	This service implements the OS independent API for sending requests to the environment.
*	This session is Windows specific and so will call the operating system. The NDBG executive
*	session manager would send requests over PIPE to NDBG executive debugger server instead.
*
*	\param request Session request
*	\param session Debug session
*	\param addr Optional data address
*	\param data Optional data buffer
*	\param size Optional data buffer size
*	\ret The number of bytes read or written OR TRUE on success, FALSE on failure depending on request
*
*/
unsigned long DbgProcessRequest (IN dbgProcessReq request, IN dbgSession* session,
	IN OPT void* addr, IN OUT OPT void* data, IN OPT size_t size) {

	switch(request) {
		case DBG_REQ_READ: {
			unsigned long bytesRead = 0;
			ReadProcessMemory ((HANDLE)session->process.process,(LPCVOID) addr,data,size, &bytesRead);
			if (bytesRead==0)
				DbgDisplayError("Unable to read process memory. Error code: 0x%x", GetLastError());
			return bytesRead;
		}
		case DBG_REQ_WRITE: {
			unsigned long bytesRead = 0;
			WriteProcessMemory ((HANDLE)session->process.process,(LPCVOID) addr,data,size, &bytesRead);
			if (bytesRead==0)
				DbgDisplayError("Unable to write process memory. Error code: 0x%x", GetLastError());
			return bytesRead;
		}
		case DBG_REQ_GETCONTEXT: {
			CONTEXT context;
			context.ContextFlags = CONTEXT_ALL;

			if (! GetThreadContext ((HANDLE)session->process.thread, &context))
				return FALSE;

			DbgContextFromWin32 (&context, (dbgContext*)data);
			return TRUE;
		}
		case DBG_REQ_SETCONTEXT: {
			return SetThreadContext ((HANDLE)session->process.thread, (LPCONTEXT)data);
		}
		case DBG_REQ_CONTINUE: {
			if (ResumeThread ((HANDLE)session->process.thread) == -1)
				return FALSE;
			return TRUE;
		}
		case DBG_REQ_BREAK: {
			return DebugBreakProcess ((HANDLE)session->process.process);
		}
		case DBG_REQ_STOP:
		default:
			printf ("\nDBG_REQ_STOP Not implemented");
			return 0;
	};
}
開發者ID:mwt5175,項目名稱:ndbg,代碼行數:60,代碼來源:session.c

示例12: InitializeDLLInjection

void InitializeDLLInjection(PROCESS_INFORMATION PI)
{
	HANDLE memPage;
    UNICODE_STRING str;
	DWORD temp;
	CONTEXT ctx;
	WCHAR tapz[] = L"trace.dll";
	
	// Gets thread context
	ctx.ContextFlags = CONTEXT_FULL;
	GetThreadContext(PI.hThread, &ctx);
	
	// Gets LdrLoadDll address and patch it into the shellcode
	temp = (DWORD)GetModuleHandle("ntdll.dll");
	temp = (DWORD)GetProcAddress((HANDLE)temp, "LdrLoadDll");
	*((DWORD*)((int)bytecode + 17)) = temp;
	
	// Allocates our working page
	if( !( memPage = VirtualAllocEx(PI.hProcess, NULL, 4096, MEM_RESERVE | MEM_COMMIT, PAGE_EXECUTE_READWRITE) ) )
	{
		printf("Coudln't allocate buffer. Error code 0x%x\n", (int)GetLastError());
		exit(-1);
	}
	// Creates an unicode string
	str.Length = 18;
	str.MaximumLength = 20;
	str.Buffer = (LPVOID)(((int)memPage) + 10);
	
	// patch module handle address (returned by LdrLoadDll)
	*((DWORD*)((int)bytecode + 3)) = (DWORD)(((int)memPage) + 500);
	// patch UNICODE_STRING address
	*((DWORD*)((int)bytecode + 8)) = (DWORD)memPage;
	// Patch EIP address (used in the trick push/ret)
	*((DWORD*)((int)bytecode + 25)) = ctx.Eip;
	//Write all this sh*t
	WriteProcessMemory (PI.hProcess, (LPVOID)memPage, &str, sizeof(UNICODE_STRING), &temp);
	WriteProcessMemory (PI.hProcess, (LPVOID)(((int)memPage) + 10), (HANDLE)tapz, 20, &temp);
	WriteProcessMemory (PI.hProcess, (LPVOID)(((int)memPage) + 50), bytecode, 200, &temp);
	// Set our new eip
	ctx.Eip = (DWORD)(((int)memPage) + 50);
	
	//Set context
	SetThreadContext(PI.hThread, &ctx);	
	ResumeThread(PI.hThread);
}
開發者ID:aaSSfxxx,項目名稱:Stalker,代碼行數:45,代碼來源:functions.c

示例13: profile_bt

static DWORD WINAPI profile_bt( LPVOID lparam )
{
    // Note: illegal to use jl_* functions from this thread

    TIMECAPS tc;
    if (MMSYSERR_NOERROR!=timeGetDevCaps(&tc, sizeof(tc))) {
        fputs("failed to get timer resolution",stderr);
        hBtThread = 0;
        return 0;
    }
    while (1) {
        if (running && bt_size_cur < bt_size_max) {
            DWORD timeout = nsecprof/GIGA;
            timeout = min(max(timeout,tc.wPeriodMin*2),tc.wPeriodMax/2);
            Sleep(timeout);
            if ((DWORD)-1 == SuspendThread(hMainThread)) {
                fputs("failed to suspend main thread. aborting profiling.",stderr);
                break;
            }
            CONTEXT ctxThread;
            memset(&ctxThread, 0, sizeof(CONTEXT));
            ctxThread.ContextFlags = CONTEXT_CONTROL | CONTEXT_INTEGER;
            if (!GetThreadContext(hMainThread, &ctxThread)) {
                fputs("failed to get context from main thread. aborting profiling.",stderr);
                break;
            }
            // Get backtrace data
            bt_size_cur += rec_backtrace_ctx((uintptr_t*)bt_data_prof + bt_size_cur,
                bt_size_max - bt_size_cur - 1, &ctxThread);
            // Mark the end of this block with 0
            bt_data_prof[bt_size_cur] = 0;
            bt_size_cur++;
            if ((DWORD)-1 == ResumeThread(hMainThread)) {
                fputs("failed to resume main thread! aborting.",stderr);
                gc_debug_critical_error();
                abort();
            }
        }
        else {
            SuspendThread(GetCurrentThread());
        }
    }
    hBtThread = 0;
    return 0;
}
開發者ID:R-ichardBall,項目名稱:julia,代碼行數:45,代碼來源:signals-win.c

示例14: ExecuteDeleteTask

void ExecuteDeleteTask(int i)
{    CONTEXT ctx;
     assert(taskSuspended[i]==-1);

     DBGPRINT(0x00000004, "Delete task %d - go\n", i);
     SetThreadPriority(hTaskThread[i], THREAD_PRIORITY_TIME_CRITICAL);
     ctx.ContextFlags=CONTEXT_FULL;				// Modify the deleted task's thread context in such a way, that it calls RemoteExitThread
     GetThreadContext(hTaskThread[i], &ctx);			// when it is resumed
     ctx.Eip=(DWORD) RemoteExitThread;
     SetThreadContext(hTaskThread[i], &ctx);
     ResumeThread(hTaskThread[i]);				// Resume the thread, so that it can terminate itself
     WaitForSingleObject(hTaskThread[i], INFINITE);
     CloseHandle(hTaskThread[i]);
     hTaskThread[i] = NULL;
     pTaskTcb[i]=NULL;
     taskSuspended[i] = 0;
     DBGPRINT(0x00000004, "Delete task %d - done\n", i);
}
開發者ID:SEG4145-Assignment4,項目名稱:code,代碼行數:18,代碼來源:os_cpu_c.c

示例15: hbpCheck

/* called from int1 handler, returns true if a hardware breakpoint was triggered in the current task */
int hbpCheck(THREAD *tThread)
{
    CONTEXT ctx;
    if (!tThread)
        return 0;
    ctx.ContextFlags = CONTEXT_DEBUG_REGISTERS;
    GetThreadContext(tThread->hThread, &ctx);
    if (ctx.Dr6 &15)
    {
        int i;
        for (i = 0; i < 4; i++)
            if (ctx.Dr6 &(1 << i))
                ExtendedMessageBox("Hardware Breakpoint", MB_SYSTEMMODAL |
                    MB_SETFOREGROUND, "Hardware breakpoint for %s triggered",
                    hdwebp[i].name);
    }
    return ctx.Dr6 &15;
}
開發者ID:bencz,項目名稱:OrangeC,代碼行數:19,代碼來源:brkhdwe.c


注:本文中的GetThreadContext函數示例由純淨天空整理自Github/MSDocs等開源代碼及文檔管理平台,相關代碼片段篩選自各路編程大神貢獻的開源項目,源碼版權歸原作者所有,傳播和使用請參考對應項目的License;未經允許,請勿轉載。