ulong GetReturnAddress(DkmThread thread) { // GetCurrentFrameInfo should provide the return address but the result is actually the current instruction address... so we have to go and lookup stack frame data at [ebp+4] var frameRegs = thread.GetCurrentRegisters(new DkmUnwoundRegister[0]); ulong address = 0; var x86Regs = frameRegs as DkmX86FrameRegisters; if (x86Regs != null) { byte[] ebpData = new byte[4]; if (x86Regs.GetRegisterValue(22, ebpData) == 4) { address = DebugHelpers.ReadPointerVariable(thread.Process, BitConverter.ToUInt32(ebpData, 0) + 4).GetValueOrDefault(0); } } if (address == 0) { thread.GetCurrentFrameInfo(out address, out _, out _); } return(address); }
internal static DkmInspectionSession CreateInspectionSession(DkmProcess process, DkmThread thread, SupportBreakpointHitMessage data, out DkmStackWalkFrame frame) { const int CV_ALLREG_VFRAME = 0x00007536; var vFrameRegister = DkmUnwoundRegister.Create(CV_ALLREG_VFRAME, new ReadOnlyCollection <byte>(BitConverter.GetBytes(data.vframe))); var registers = thread.GetCurrentRegisters(new[] { vFrameRegister }); var instructionAddress = process.CreateNativeInstructionAddress(registers.GetInstructionPointer()); frame = DkmStackWalkFrame.Create(thread, instructionAddress, data.frameBase, 0, DkmStackWalkFrameFlags.None, null, registers, null); return(DkmInspectionSession.Create(process, null)); }
public CppExpressionEvaluator(DkmThread thread, ulong frameBase, ulong vframe) { _process = thread.Process; var inspectionSession = DkmInspectionSession.Create(_process, null); _cppInspectionContext = DkmInspectionContext.Create(inspectionSession, _process.GetNativeRuntimeInstance(), thread, Timeout, DkmEvaluationFlags.TreatAsExpression | DkmEvaluationFlags.NoSideEffects, DkmFuncEvalFlags.None, 10, CppLanguage, null); const int CV_ALLREG_VFRAME = 0x00007536; var vframeReg = DkmUnwoundRegister.Create(CV_ALLREG_VFRAME, new ReadOnlyCollection<byte>(BitConverter.GetBytes(vframe))); var regs = thread.GetCurrentRegisters(new[] { vframeReg }); var iaddr = _process.CreateNativeInstructionAddress(regs.GetInstructionPointer()); _nativeFrame = DkmStackWalkFrame.Create(thread, iaddr, frameBase, 0, DkmStackWalkFrameFlags.None, null, regs, null); }
public CppExpressionEvaluator(DkmThread thread, ulong frameBase, ulong vframe) { _process = thread.Process; var inspectionSession = DkmInspectionSession.Create(_process, null); _cppInspectionContext = DkmInspectionContext.Create(inspectionSession, _process.GetNativeRuntimeInstance(), thread, Timeout, DkmEvaluationFlags.TreatAsExpression | DkmEvaluationFlags.NoSideEffects, DkmFuncEvalFlags.None, 10, CppLanguage, null); const int CV_ALLREG_VFRAME = 0x00007536; var vframeReg = DkmUnwoundRegister.Create(CV_ALLREG_VFRAME, new ReadOnlyCollection <byte>(BitConverter.GetBytes(vframe))); var regs = thread.GetCurrentRegisters(new[] { vframeReg }); var iaddr = _process.CreateNativeInstructionAddress(regs.GetInstructionPointer()); _nativeFrame = DkmStackWalkFrame.Create(thread, iaddr, frameBase, 0, DkmStackWalkFrameFlags.None, null, regs, null); }