public CppExpressionEvaluator(DkmThread thread, ulong frameBase, ulong vframe) {
_process = thread.Process;
var inspectionSession = DkmInspectionSession.Create(_process, null);
_cppInspectionContext = DkmInspectionContext.Create(inspectionSession, _process.GetNativeRuntimeInstance(), thread, Timeout,
DkmEvaluationFlags.TreatAsExpression | DkmEvaluationFlags.NoSideEffects, DkmFuncEvalFlags.None, 10, CppLanguage, null);
const int CV_ALLREG_VFRAME = 0x00007536;
var vframeReg = DkmUnwoundRegister.Create(CV_ALLREG_VFRAME, new ReadOnlyCollection<byte>(BitConverter.GetBytes(vframe)));
var regs = thread.GetCurrentRegisters(new[] { vframeReg });
var iaddr = _process.CreateNativeInstructionAddress(regs.GetInstructionPointer());
_nativeFrame = DkmStackWalkFrame.Create(thread, iaddr, frameBase, 0, DkmStackWalkFrameFlags.None, null, regs, null);
}
public CppExpressionEvaluator(DkmInspectionContext inspectionContext, DkmStackWalkFrame stackFrame) {
_process = stackFrame.Process;
var thread = stackFrame.Thread;
if (stackFrame.InstructionAddress is DkmNativeInstructionAddress) {
_nativeFrame = stackFrame;
} else {
var customAddr = stackFrame.InstructionAddress as DkmCustomInstructionAddress;
if (customAddr == null) {
throw new ArgumentException();
}
var loc = new SourceLocation(customAddr.AdditionalData, _process);
if (loc.NativeAddress == null) {
throw new ArgumentException();
}
_nativeFrame = DkmStackWalkFrame.Create(thread, loc.NativeAddress, stackFrame.FrameBase, stackFrame.FrameSize,
DkmStackWalkFrameFlags.None, null, stackFrame.Registers, null);
}
_cppInspectionContext = DkmInspectionContext.Create(inspectionContext.InspectionSession, _process.GetNativeRuntimeInstance(), thread, Timeout,
DkmEvaluationFlags.TreatAsExpression | DkmEvaluationFlags.NoSideEffects, DkmFuncEvalFlags.None, inspectionContext.Radix, CppLanguage, null);
}
