private void updateContext(int threadId)
{
IntPtr hThread = getThreadHandle(threadId);
Win64.CONTEXT ctx = Context;
Win64.SetThreadContext(hThread, ref ctx);
}
public NIDebugger64 Execute(NIStartupOptions opts)
{
Win64.SECURITY_ATTRIBUTES sa1 = new Win64.SECURITY_ATTRIBUTES();
sa1.nLength = Marshal.SizeOf(sa1);
Win64.SECURITY_ATTRIBUTES sa2 = new Win64.SECURITY_ATTRIBUTES();
sa2.nLength = Marshal.SizeOf(sa2);
Win64.STARTUPINFO si = new Win64.STARTUPINFO();
debuggedProcessInfo = new Win64.PROCESS_INFORMATION();
int ret = Win64.CreateProcess(opts.executable, opts.commandLine, ref sa1, ref sa2, 0, 0x00000200 | Win64.CREATE_SUSPENDED, 0, null, ref si, ref debuggedProcessInfo);
debuggedProcess = Process.GetProcessById(debuggedProcessInfo.dwProcessId);
threadHandles.Add(debuggedProcessInfo.dwThreadId, debuggedProcessInfo.hThread);
if (opts.resumeOnCreate)
{
Win64.ResumeThread((IntPtr)debuggedProcessInfo.hThread);
}
else
{
Context = getContext(getCurrentThreadId());
ulong OEP = Context.Rcx;
SetBreakpoint(OEP);
Continue();
ClearBreakpoint(OEP);
Console.WriteLine("We should be at OEP");
}
return(this);
}
private Win64.CONTEXT getContext(int threadId)
{
IntPtr hThread = getThreadHandle(threadId);
Win64.CONTEXT ctx = new Win64.CONTEXT();
ctx.ContextFlags = (uint)Win64.CONTEXT_FLAGS.CONTEXT_ALL;
Win64.GetThreadContext(hThread, ref ctx);
int foo = Marshal.SizeOf(ctx);
Context = ctx;
return(ctx);
}