Jump to content

CONTEXT Structure (Datatype)


NmpAy
 Share

Recommended Posts

#cs
BOOL WINAPI GetThreadContext(__in HANDLE hThread, __inout LPCONTEXT lpContext);
#ce
DllCall($iKernel, "BOOL", "GetThreadContext", "HANDLE", $hThread[0], "LPCONTEXT ????????", "?????????")
#cs
BOOL WINAPI SetThreadContext(__in HANDLE hThread, __in const CONTEXT *lpContext);
#ce
DllCall($iKernel, "BOOL", "SetThreadContext", "HANDLE", $hThread[0], "const CONTEXT* ???????", "?????????")

http://msdn.microsoft.com/en-us/library/windows/desktop/ms679284(v=vs.85).aspx

I require this datatype, especially Eip and ContextFlags for CONTEXT_CONTROL.

I want to be able to GetThreadContext() as well as SetThreadContext().

Is there any easy way of cloning this? What part of WinNT.h would I need to do so? Could anyone give a quick explanation on it? I have read the DllCreateStruct, and DllStructSetData functions, but I still cannot manage to find an easy way, or any way for that matter.

In C++

CONTEXT ctx;
ctx.ContextFlags=CONTEXT_CONTROL;
GetThreadContext(hThread,&ctx);

ctx.Eip = (DWORD)stub;

ctx.ContextFlags=CONTEXT_CONTROL;
SetThreadContext(hThread, &ctx);

Help is very much appreciated. :)

Edited by NmpAy
Link to comment
Share on other sites

I imagine you'd want something along these lines. That is if I understood correctly.

Global Const $SIZE_OF_80376_REGISTERS = 80

Global Const $tFLOATING_SAVE_AREA = "DWORD ControlWord; DWORD StatusWord; DWORD TagWord; DWORD ErrorOffset; DWORD ErrorSelector; DWORD DataOffset; DWORD DataSelector; BYTE RegisterArea[" & $SIZE_OF_80376_REGISTERS & "]; DWORD Cr0NpxState"
Global Const $sFLOATING_SAVE_AREA = DllStructCreate($tFLOATING_SAVE_AREA)
Global Const $pFLOATING_SAVE_AREA = DllStructGetPtr($sFLOATING_SAVE_AREA)

Global Const $MAXIMUM_SUPPORTED_EXTENSION = 512

Global Const $tCONTEXT = "DWORD ContextFlags; DWORD Dr0; DWORD Dr1; DWORD Dr2; DWORD Dr3; DWORD Dr6; DWORD Dr7; FLOATING_SAVE_AREA " & $pFLOATING_SAVE_AREA & "; DWORD SegGs; DWORD SegFs; DWORD SegEs; DWORD SegDs; DWORD Edi; DWORD Esi; DWORD Ebx; DWORD Edx; DWORD Ecx; DWORD Eax; DWORD Ebp; DWORD Eip; DWORD SegCs; DWORD EFlags; DWORD Esp; DWORD SegSs; BYTE ExtendedRegisters[" & $MAXIMUM_SUPPORTED_EXTENSION & ']'
Global Const $sCONTEXT = DllStructCreate($tCONTEXT)
Global Const $pCONTEXT = DllStructGetPtr($sCONTEXT)

DllCall($iKernel, "BOOL", "GetThreadContext", "hwnd", $hThread[0], "ptr", $pCONTEXT)

DllCall($iKernel, "BOOL", "SetThreadContext", "hwnd", $hThread[0], "ptr", $pCONTEXT)

Edited by LaCastiglione
Link to comment
Share on other sites

I imagine you'd want something along these lines. That is if I understood correctly.

Global Const $SIZE_OF_80376_REGISTERS = 80

Global Const $tFLOATING_SAVE_AREA = "DWORD ControlWord; DWORD StatusWord; DWORD TagWord; DWORD ErrorOffset; DWORD ErrorSelector; DWORD DataOffset; DWORD DataSelector; BYTE RegisterArea[" & $SIZE_OF_80376_REGISTERS & "]; DWORD Cr0NpxState"
Global Const $sFLOATING_SAVE_AREA = DllStructCreate($tFLOATING_SAVE_AREA)
Global Const $pFLOATING_SAVE_AREA = DllStructGetPtr($sFLOATING_SAVE_AREA)

Global Const $MAXIMUM_SUPPORTED_EXTENSION = 512

Global Const $tCONTEXT = "DWORD ContextFlags; DWORD Dr0; DWORD Dr1; DWORD Dr2; DWORD Dr3; DWORD Dr6; DWORD Dr7; FLOATING_SAVE_AREA " & $pFLOATING_SAVE_AREA & "; DWORD SegGs; DWORD SegFs; DWORD SegEs; DWORD SegDs; DWORD Edi; DWORD Esi; DWORD Ebx; DWORD Edx; DWORD Ecx; DWORD Eax; DWORD Ebp; DWORD Eip; DWORD SegCs; DWORD EFlags; DWORD Esp; DWORD SegSs; BYTE ExtendedRegisters[" & $MAXIMUM_SUPPORTED_EXTENSION & ']'
Global Const $sCONTEXT = DllStructCreate($tCONTEXT)
Global Const $pCONTEXT = DllStructGetPtr($sCONTEXT)

DllCall($iKernel, "BOOL", "GetThreadContext", "hwnd", $hThread[0], "ptr", $pCONTEXT)

DllCall($iKernel, "BOOL", "SetThreadContext", "hwnd", $hThread[0], "ptr", $pCONTEXT)

I do, but from what source can you tell to use all that? Since I would like to do some extra research on it, I dont like to get spoonfed! Thank you!
Link to comment
Share on other sites

I found the struct definition on this page: http://source.winehq.org/source/include/winnt.h

Don't assume that I have anything correct, it's untested totally and may make your head asplode.

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...