View Full Version : how to get the point of the CONTEXT STRUCT
Limee AKA Lamer
August 26th, 2004, 14:00
in the stack, the data as follows
006ED5B0 006ED5B8 Pointer to next SEH record
006ED5B4 00D50217 SE handler
006ED5B8 006EFF68 Pointer to next SEH record
006ED5BC 00D50A6F SE handler
how to get the point of the CONTEXT STRUCT,
if the SE handler is 00D50217?
thx
Peres
August 26th, 2004, 14:15
The Context struct is built and passed to the exception handler by the system. You won't find it on the stack. However, since it contains a representation of the processor context, you can find the values by looking at the registers.
Peres
Limee AKA Lamer
August 27th, 2004, 11:48
what this mean?
where eax is a pointer to the thread context passed by the
system to the exception handler by [esp+0C].
I can't understand.Can you help me?
Quote:
[Originally Posted by Peres]The Context struct is built and passed to the exception handler by the system. You won't find it on the stack. However, since it contains a representation of the processor context, you can find the values by looking at the registers.
Peres |
Peres
August 27th, 2004, 16:30
As soon as you get inside an exception handler the dword at [ESP+0C] will point at the Context struct. This will be true until you push or pop something from the stack. You can use that pointer to gain access to the field of the structure you need.
doug
August 27th, 2004, 19:04
limee:
you get a CONTEXT structure under 2 circumstances:
- You are in an exception handler
- You called a thread-function like GetThreadContext
which one are you refering to and what are you trying to achieve?
Powered by vBulletin® Version 4.2.2 Copyright © 2018 vBulletin Solutions, Inc. All rights reserved.