public unsafe bool GetThreadContext(uint threadID, uint contextFlags, uint contextSize, byte[] context) { this.LoadThreads(); if (!_threadIDs.Contains(threadID) || contextSize != AMD64Context.Size) { return(false); } IntPtr ptrContext = Marshal.AllocHGlobal(sizeof(AMD64Context)); AMD64Context *ctx = (AMD64Context *)ptrContext; ctx->ContextFlags = contextFlags; IntPtr ptr = Marshal.AllocHGlobal(sizeof(RegSetX64)); try { ptrace(PTRACE_GETREGS, (int)threadID, IntPtr.Zero, ptr); RegSetX64 r = Marshal.PtrToStructure <RegSetX64>(ptr); CopyContext(ctx, ref r); Marshal.Copy(ptrContext, context, 0, sizeof(AMD64Context)); } finally { Marshal.FreeHGlobal(ptr); Marshal.FreeHGlobal(ptrContext); } return(true); }
public unsafe bool GetThreadContext(uint threadID, uint contextFlags, uint contextSize, IntPtr context) { this.LoadThreads(); if (!_threadIDs.Contains(threadID) || contextSize != AMD64Context.Size) { return(false); } AMD64Context *ctx = (AMD64Context *)context.ToPointer(); ctx->ContextFlags = (int)contextFlags; IntPtr ptr = Marshal.AllocHGlobal(sizeof(RegSetX64)); try { ulong ret = ptrace(PTRACE_GETREGS, (int)threadID, IntPtr.Zero, ptr); if (ret != 0) { //Console.WriteLine($"PTRACE_GETREGS returns {ret:x} for {threadID}"); } RegSetX64 r = Marshal.PtrToStructure <RegSetX64>(ptr); CopyContext(ctx, ref r); } finally { Marshal.FreeHGlobal(ptr); } return(true); }
private unsafe void CopyContext(AMD64Context *ctx, ref RegSetX64 registerSet) { ctx->R15 = registerSet.R15; ctx->R14 = registerSet.R14; ctx->R13 = registerSet.R13; ctx->R12 = registerSet.R12; ctx->Rbp = registerSet.Rbp; ctx->Rbx = registerSet.Rbx; ctx->R11 = registerSet.R11; ctx->R10 = registerSet.R10; ctx->R9 = registerSet.R9; ctx->R8 = registerSet.R8; ctx->Rax = registerSet.Rax; ctx->Rcx = registerSet.Rcx; ctx->Rdx = registerSet.Rdx; ctx->Rsi = registerSet.Rsi; ctx->Rdi = registerSet.Rdi; ctx->Rip = registerSet.Rip; ctx->Rsp = registerSet.Rsp; }