private void updateContext(int threadId) { IntPtr hThread = getThreadHandle(threadId); Win64.CONTEXT ctx = Context; Win64.SetThreadContext(hThread, ref ctx); }
public NIDebugger64 Execute(NIStartupOptions opts) { Win64.SECURITY_ATTRIBUTES sa1 = new Win64.SECURITY_ATTRIBUTES(); sa1.nLength = Marshal.SizeOf(sa1); Win64.SECURITY_ATTRIBUTES sa2 = new Win64.SECURITY_ATTRIBUTES(); sa2.nLength = Marshal.SizeOf(sa2); Win64.STARTUPINFO si = new Win64.STARTUPINFO(); debuggedProcessInfo = new Win64.PROCESS_INFORMATION(); int ret = Win64.CreateProcess(opts.executable, opts.commandLine, ref sa1, ref sa2, 0, 0x00000200 | Win64.CREATE_SUSPENDED, 0, null, ref si, ref debuggedProcessInfo); debuggedProcess = Process.GetProcessById(debuggedProcessInfo.dwProcessId); threadHandles.Add(debuggedProcessInfo.dwThreadId, debuggedProcessInfo.hThread); if (opts.resumeOnCreate) { Win64.ResumeThread((IntPtr)debuggedProcessInfo.hThread); } else { Context = getContext(getCurrentThreadId()); ulong OEP = Context.Rcx; SetBreakpoint(OEP); Continue(); ClearBreakpoint(OEP); Console.WriteLine("We should be at OEP"); } return(this); }
private Win64.CONTEXT getContext(int threadId) { IntPtr hThread = getThreadHandle(threadId); Win64.CONTEXT ctx = new Win64.CONTEXT(); ctx.ContextFlags = (uint)Win64.CONTEXT_FLAGS.CONTEXT_ALL; Win64.GetThreadContext(hThread, ref ctx); int foo = Marshal.SizeOf(ctx); Context = ctx; return(ctx); }