L. Spiro
20 years ago
I would like my own debugger to display more register information.
Right now I have the 8 basic registers, the EIP, and the segment registers.
In OllyDbg, I see this:
Failed to load image: http://purge.us/lspiro/OllyDbg.gif
I put a blue square around the registers (and information) that my
disassembler already shows.
The CONTEXT structure does not seem to have a topic specifically about it in
the MSDN library.
When I use Visual Studio’s auto-suggest feature, this is a part of the list
I get:
Failed to load image: http://purge.us/lspiro/CONTEXT.gif
According to that, the CONTEXT structure has Fill, Fir, FltF(0-31), Fpcr,
IntA(0-5), IntAt, IntFp, etc.
The first thing I need to know is what are all these members? What do they
mean? How do they relate to the information shown in the OllyDbg picture I
posted?
Which CONTEXT member means what?
The second thing is that Visual Studio is NOT listing Eip, Eax, Esp, etc.,
as members of CONTEXT, yet they are (perhaps masked by a typedef?).
Also, these members of CONTEXT come from Borland files, which I hate.
I am having troubles making it show me the ones in winnt.h (non Borland),
but looking at it manually I see the Xmm(0-15) data sets (MMX registers).
These are the MMX registers shown in OllyDbg, but in OllyDbg there are only
8. Why are there 16 in this header file?
As I said, I squared the registers I am already showing.
Now I need to know how to get the C P A Z S T D O ones (under EIP in the
OllyDbg picture), EFL, ST(0-7), FST, FCW, the four items in Cond, the E S P U
O Z D I near the “Err” text, etc.
How do I get those out of a CONTEXT structure?
L. Spiro
Right now I have the 8 basic registers, the EIP, and the segment registers.
In OllyDbg, I see this:
Failed to load image: http://purge.us/lspiro/OllyDbg.gif
I put a blue square around the registers (and information) that my
disassembler already shows.
The CONTEXT structure does not seem to have a topic specifically about it in
the MSDN library.
When I use Visual Studio’s auto-suggest feature, this is a part of the list
I get:
Failed to load image: http://purge.us/lspiro/CONTEXT.gif
According to that, the CONTEXT structure has Fill, Fir, FltF(0-31), Fpcr,
IntA(0-5), IntAt, IntFp, etc.
The first thing I need to know is what are all these members? What do they
mean? How do they relate to the information shown in the OllyDbg picture I
posted?
Which CONTEXT member means what?
The second thing is that Visual Studio is NOT listing Eip, Eax, Esp, etc.,
as members of CONTEXT, yet they are (perhaps masked by a typedef?).
Also, these members of CONTEXT come from Borland files, which I hate.
I am having troubles making it show me the ones in winnt.h (non Borland),
but looking at it manually I see the Xmm(0-15) data sets (MMX registers).
These are the MMX registers shown in OllyDbg, but in OllyDbg there are only
8. Why are there 16 in this header file?
As I said, I squared the registers I am already showing.
Now I need to know how to get the C P A Z S T D O ones (under EIP in the
OllyDbg picture), EFL, ST(0-7), FST, FCW, the four items in Cond, the E S P U
O Z D I near the “Err” text, etc.
How do I get those out of a CONTEXT structure?
L. Spiro