GetThreadContext 返回 EBP = 0
我正在尝试获取 windows7 64 位上另一个进程的 EBP 寄存器的值。
为此,我使用 GetThreadContext,如下所示:
static CONTEXT threadContext;
memset(&threadContext, 0, sizeof(CONTEXT));
threadContext.ContextFlags = CONTEXT_FULL;
bool contextOk = GetThreadContext(threadHandle, &threadContext);
EIP 值似乎没问题,但 EBP = 0。 我也尝试使用 WOW64_GetThreadContext 但没有帮助...... GetLastError() 返回 0 所以应该没问题。 我确实使用 SuspendThread 挂起该线程,并且每次采样该线程时都不会发生这种情况。
什么可能导致这种情况?
I'm trying to get the value of another process' EBP register on windows7 64 bits.
for this I'm using GetThreadContext like this:
static CONTEXT threadContext;
memset(&threadContext, 0, sizeof(CONTEXT));
threadContext.ContextFlags = CONTEXT_FULL;
bool contextOk = GetThreadContext(threadHandle, &threadContext);
The EIP value seems ok, but EBP = 0.
I tried using also WOW64_GetThreadContext but it didn't help...
GetLastError() returns 0 so it's supposed to be ok.
I do suspend this thread with SuspendThread and It DOESN'T happen every time I sample the thread.
What could cause this?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
一个可能的原因是,在您检查寄存器时,寄存器的值实际上为零。它是一个通用寄存器,因此程序可以将其设置为所需的任何值。
One possible cause is that the register's value really is zero at the time you inspect it. It's a general-purpose register, so the program can set it to whatever value it wants.