i try to read stack context i.e parameters from wsarecv.
i have written a small plugin which sets a breakpoint at
wsarecv... but how did i then get the stack ???

void __declspec(dllexport) __cdecl ODBG_Pluginmainloop(DEBUG_EVENT *debugevent){


if(debugevent&&wsarecv)
if(debugevent->u.Exception.ExceptionRecord.ExceptionAddress==wsarecv ){
Addtolist(0, -1, " !!!!!!!!!!!breakpoint";
// test =GetExceptionInformation();
Setbreakpoint(wsarecv,TY_TEMP,0);
}

if(wsarecv)
if(TY_INVALID==Getbreakpointtype(wsarecv,NULL)){
Setbreakpoint(wsarecv,TY_TEMP,0);
}





}


i tried
LPEXCEPTION_POINTERS GetExceptionInformation(void);

but i think this function is only useable in a exception handler, right ??

thanks for help

Hi,

use the CONTEXT esp value to get access to stack data.

Example (in your exception handler):


CONTEXT* ctx = ep->ContextRecord;
// query page info for stack value
MEMORY_BASIC_INFORMATION mbi;
VirtualQueryEx( pi.hProcess, (LPVOID) ctx->Esp, &mbi, sizeof(mbi));

BYTE stack[1024] = {0};
DWORD size = mbi.RegionSize - ctx->Esp + (DWORD)mbi.BaseAddress;
if( size > sizeof(stack) )
size = sizeof(stack);
// make a copy of stack
ReadProcessMemory( pi.hProcess, (LPVOID) ctx->Esp, stack, size, 0);

// do something with copy: access stack params like "stack[ offset]"


Hope this helps...

Regards