Contains processor-specific register data. 包含了特定处理器的寄存器数据。The system uses CONTEXT structures to perform various internal operations.系统使用CONTEXT结构体执行各种中间操作。 Refer to the header file WinNT.h for definitions of this structure for each processor architecture.参考WinNT.h文件中各种处理器架构的所对应的本结构体。
大致的看下下面的三个结构体:
typedef struct DECLSPEC_ALIGN(16) _CONTEXT {
//
// Register parameter home addresses.
//
// N.B. These fields are for convience - they could be used to extend the
// context record in the future.
//
DWORD64 P1Home;
DWORD64 P2Home;
DWORD64 P3Home;
DWORD64 P4Home;
DWORD64 P5Home;
DWORD64 P6Home;
//
// Control flags.
//
DWORD ContextFlags;
DWORD MxCsr;
//
// Segment Registers and processor flags.
//
WORD SegCs;
WORD SegDs;
WORD SegEs;
WORD SegFs;
WORD SegGs;
WORD SegSs;
DWORD EFlags;
//
// Debug registers
//
DWORD64 Dr0;
DWORD64 Dr1;
DWORD64 Dr2;
DWORD64 Dr3;
DWORD64 Dr6;
DWORD64 Dr7;
//
// Integer registers.
//
DWORD64 Rax;
DWORD64 Rcx;
DWORD64 Rdx;
DWORD64 Rbx;
DWORD64 Rsp;
DWORD64 Rbp;
DWORD64 Rsi;
DWORD64 Rdi;
DWORD64 R8;
DWORD64 R9;
DWORD64 R10;
DWORD64 R11;
DWORD64 R12;
DWORD64 R13;
DWORD64 R14;
DWORD64 R15;
//
// Program counter.
//
DWORD64 Rip;
//
// Floating point state.
//
union {
XMM_SAVE_AREA32 FltSave;
struct {
M128A Header[2];
M128A Legacy[8];
M128A Xmm0;
M128A Xmm1;
M128A Xmm2;
M128A Xmm3;
M128A Xmm4;
M128A Xmm5;
M128A Xmm6;
M128A Xmm7;
M128A Xmm8;
M128A Xmm9;
M128A Xmm10;
M128A Xmm11;
M128A Xmm12;
M128A Xmm13;
M128A Xmm14;
M128A Xmm15;
} DUMMYSTRUCTNAME;
} DUMMYUNIONNAME;
//
// Vector registers.
//
M128A VectorRegister[26];
DWORD64 VectorControl;
//
// Special debug control registers.
//
DWORD64 DebugControl;
DWORD64 LastBranchToRip;
DWORD64 LastBranchFromRip;
DWORD64 LastExceptionToRip;
DWORD64 LastExceptionFromRip;
} CONTEXT, *PCONTEXT;
typedef struct _CONTEXT {
//
// The flags values within this flag control the contents of
// a CONTEXT record.
//
// If the context record is used as an input parameter, then
// for each portion of the context record controlled by a flag
// whose value is set, it is assumed that that portion of the
// context record contains valid context. If the context record
// is being used to modify a threads context, then only that
// portion of the threads context will be modified.
//
// If the context record is used as an IN OUT parameter to capture
// the context of a thread, then only those portions of the thread's
// context corresponding to set flags will be returned.
//
// The context record is never used as an OUT only parameter.
//
DWORD ContextFlags;
//
// This section is specified/returned if CONTEXT_DEBUG_REGISTERS is
// set in ContextFlags. Note that CONTEXT_DEBUG_REGISTERS is NOT
// included in CONTEXT_FULL.
//
DWORD Dr0;
DWORD Dr1;
DWORD Dr2;
DWORD Dr3;
DWORD Dr6;
DWORD Dr7;
//
// This section is specified/returned if the
// ContextFlags word contians the flag CONTEXT_FLOATING_POINT.
//
FLOATING_SAVE_AREA FloatSave;
//
// This section is specified/returned if the
// ContextFlags word contians the flag CONTEXT_SEGMENTS.
//
DWORD SegGs;
DWORD SegFs;
DWORD SegEs;
DWORD SegDs;
//
// This section is specified/returned if the
// ContextFlags word contians the flag CONTEXT_INTEGER.
//
DWORD Edi;
DWORD Esi;
DWORD Ebx;
DWORD Edx;
DWORD Ecx;
DWORD Eax;
//
// This section is specified/returned if the
// ContextFlags word contians the flag CONTEXT_CONTROL.
//
DWORD Ebp;
DWORD Eip;
DWORD SegCs; // MUST BE SANITIZED
DWORD EFlags; // MUST BE SANITIZED
DWORD Esp;
DWORD SegSs;
//
// This section is specified/returned if the ContextFlags word
// contains the flag CONTEXT_EXTENDED_REGISTERS.
// The format and contexts are processor specific
//
BYTE ExtendedRegisters[MAXIMUM_SUPPORTED_EXTENSION];
} CONTEXT;
typedef struct _CONTEXT {
//
// The flags values within this flag control the contents of
// a CONTEXT record.
//
// If the context record is used as an input parameter, then
// for each portion of the context record controlled by a flag
// whose value is set, it is assumed that that portion of the
// context record contains valid context. If the context record
// is being used to modify a thread's context, then only that
// portion of the threads context will be modified.
//
// If the context record is used as an __inout parameter to capture
// the context of a thread, then only those portions of the thread's
// context corresponding to set flags will be returned.
//
// The context record is never used as an __out only parameter.
//
DWORD ContextFlags;
DWORD Fill1[3]; // for alignment of following on 16-byte boundary
//
// This section is specified/returned if the ContextFlags word contains
// the flag CONTEXT_DEBUG.
//
// N.B. CONTEXT_DEBUG is *not* part of CONTEXT_FULL.
//
ULONGLONG DbI0;
ULONGLONG DbI1;
ULONGLONG DbI2;
ULONGLONG DbI3;
ULONGLONG DbI4;
ULONGLONG DbI5;
ULONGLONG DbI6;
ULONGLONG DbI7;
ULONGLONG DbD0;
ULONGLONG DbD1;
ULONGLONG DbD2;
ULONGLONG DbD3;
ULONGLONG DbD4;
ULONGLONG DbD5;
ULONGLONG DbD6;
ULONGLONG DbD7;
//
// This section is specified/returned if the ContextFlags word contains
// the flag CONTEXT_LOWER_FLOATING_POINT.
//
FLOAT128 FltS0;
FLOAT128 FltS1;
FLOAT128 FltS2;
FLOAT128 FltS3;
FLOAT128 FltT0;
FLOAT128 FltT1;
FLOAT128 FltT2;
FLOAT128 FltT3;
FLOAT128 FltT4;
FLOAT128 FltT5;
FLOAT128 FltT6;
FLOAT128 FltT7;
FLOAT128 FltT8;
FLOAT128 FltT9;
//
// This section is specified/returned if the ContextFlags word contains
// the flag CONTEXT_HIGHER_FLOATING_POINT.
//
FLOAT128 FltS4;
FLOAT128 FltS5;
FLOAT128 FltS6;
FLOAT128 FltS7;
FLOAT128 FltS8;
FLOAT128 FltS9;
FLOAT128 FltS10;
FLOAT128 FltS11;
FLOAT128 FltS12;
FLOAT128 FltS13;
FLOAT128 FltS14;
FLOAT128 FltS15;
FLOAT128 FltS16;
FLOAT128 FltS17;
FLOAT128 FltS18;
FLOAT128 FltS19;
FLOAT128 FltF32;
FLOAT128 FltF33;
FLOAT128 FltF34;
FLOAT128 FltF35;
FLOAT128 FltF36;
FLOAT128 FltF37;
FLOAT128 FltF38;
FLOAT128 FltF39;
FLOAT128 FltF40;
FLOAT128 FltF41;
FLOAT128 FltF42;
FLOAT128 FltF43;
FLOAT128 FltF44;
FLOAT128 FltF45;
FLOAT128 FltF46;
FLOAT128 FltF47;
FLOAT128 FltF48;
FLOAT128 FltF49;
FLOAT128 FltF50;
FLOAT128 FltF51;
FLOAT128 FltF52;
FLOAT128 FltF53;
FLOAT128 FltF54;
FLOAT128 FltF55;
FLOAT128 FltF56;
FLOAT128 FltF57;
FLOAT128 FltF58;
FLOAT128 FltF59;
FLOAT128 FltF60;
FLOAT128 FltF61;
FLOAT128 FltF62;
FLOAT128 FltF63;
FLOAT128 FltF64;
FLOAT128 FltF65;
FLOAT128 FltF66;
FLOAT128 FltF67;
FLOAT128 FltF68;
FLOAT128 FltF69;
FLOAT128 FltF70;
FLOAT128 FltF71;
FLOAT128 FltF72;
FLOAT128 FltF73;
FLOAT128 FltF74;
FLOAT128 FltF75;
FLOAT128 FltF76;
FLOAT128 FltF77;
FLOAT128 FltF78;
FLOAT128 FltF79;
FLOAT128 FltF80;
FLOAT128 FltF81;
FLOAT128 FltF82;
FLOAT128 FltF83;
FLOAT128 FltF84;
FLOAT128 FltF85;
FLOAT128 FltF86;
FLOAT128 FltF87;
FLOAT128 FltF88;
FLOAT128 FltF89;
FLOAT128 FltF90;
FLOAT128 FltF91;
FLOAT128 FltF92;
FLOAT128 FltF93;
FLOAT128 FltF94;
FLOAT128 FltF95;
FLOAT128 FltF96;
FLOAT128 FltF97;
FLOAT128 FltF98;
FLOAT128 FltF99;
FLOAT128 FltF100;
FLOAT128 FltF101;
FLOAT128 FltF102;
FLOAT128 FltF103;
FLOAT128 FltF104;
FLOAT128 FltF105;
FLOAT128 FltF106;
FLOAT128 FltF107;
FLOAT128 FltF108;
FLOAT128 FltF109;
FLOAT128 FltF110;
FLOAT128 FltF111;
FLOAT128 FltF112;
FLOAT128 FltF113;
FLOAT128 FltF114;
FLOAT128 FltF115;
FLOAT128 FltF116;
FLOAT128 FltF117;
FLOAT128 FltF118;
FLOAT128 FltF119;
FLOAT128 FltF120;
FLOAT128 FltF121;
FLOAT128 FltF122;
FLOAT128 FltF123;
FLOAT128 FltF124;
FLOAT128 FltF125;
FLOAT128 FltF126;
FLOAT128 FltF127;
//
// This section is specified/returned if the ContextFlags word contains
// the flag CONTEXT_LOWER_FLOATING_POINT | CONTEXT_HIGHER_FLOATING_POINT | CONTEXT_CONTROL.
//
ULONGLONG StFPSR; // FP status
//
// This section is specified/returned if the ContextFlags word contains
// the flag CONTEXT_INTEGER.
//
// N.B. The registers gp, sp, rp are part of the control context
//
ULONGLONG IntGp; // r1, volatile
ULONGLONG IntT0; // r2-r3, volatile
ULONGLONG IntT1; //
ULONGLONG IntS0; // r4-r7, preserved
ULONGLONG IntS1;
ULONGLONG IntS2;
ULONGLONG IntS3;
ULONGLONG IntV0; // r8, volatile
ULONGLONG IntT2; // r9-r11, volatile
ULONGLONG IntT3;
ULONGLONG IntT4;
ULONGLONG IntSp; // stack pointer (r12), special
ULONGLONG IntTeb; // teb (r13), special
ULONGLONG IntT5; // r14-r31, volatile
ULONGLONG IntT6;
ULONGLONG IntT7;
ULONGLONG IntT8;
ULONGLONG IntT9;
ULONGLONG IntT10;
ULONGLONG IntT11;
ULONGLONG IntT12;
ULONGLONG IntT13;
ULONGLONG IntT14;
ULONGLONG IntT15;
ULONGLONG IntT16;
ULONGLONG IntT17;
ULONGLONG IntT18;
ULONGLONG IntT19;
ULONGLONG IntT20;
ULONGLONG IntT21;
ULONGLONG IntT22;
ULONGLONG IntNats; // Nat bits for r1-r31
// r1-r31 in bits 1 thru 31.
ULONGLONG Preds; // predicates, preserved
ULONGLONG BrRp; // return pointer, b0, preserved
ULONGLONG BrS0; // b1-b5, preserved
ULONGLONG BrS1;
ULONGLONG BrS2;
ULONGLONG BrS3;
ULONGLONG BrS4;
ULONGLONG BrT0; // b6-b7, volatile
ULONGLONG BrT1;
//
// This section is specified/returned if the ContextFlags word contains
// the flag CONTEXT_CONTROL.
//
// Other application registers
ULONGLONG ApUNAT; // User Nat collection register, preserved
ULONGLONG ApLC; // Loop counter register, preserved
ULONGLONG ApEC; // Epilog counter register, preserved
ULONGLONG ApCCV; // CMPXCHG value register, volatile
ULONGLONG ApDCR; // Default control register (TBD)
// Register stack info
ULONGLONG RsPFS; // Previous function state, preserved
ULONGLONG RsBSP; // Backing store pointer, preserved
ULONGLONG RsBSPSTORE;
ULONGLONG RsRSC; // RSE configuration, volatile
ULONGLONG RsRNAT; // RSE Nat collection register, preserved
// Trap Status Information
ULONGLONG StIPSR; // Interruption Processor Status
ULONGLONG StIIP; // Interruption IP
ULONGLONG StIFS; // Interruption Function State
// iA32 related control registers
ULONGLONG StFCR; // copy of Ar21
ULONGLONG Eflag; // Eflag copy of Ar24
ULONGLONG SegCSD; // iA32 CSDescriptor (Ar25)
ULONGLONG SegSSD; // iA32 SSDescriptor (Ar26)
ULONGLONG Cflag; // Cr0+Cr4 copy of Ar27
ULONGLONG StFSR; // x86 FP status (copy of AR28)
ULONGLONG StFIR; // x86 FP status (copy of AR29)
ULONGLONG StFDR; // x86 FP status (copy of AR30)
ULONGLONG UNUSEDPACK; // added to pack StFDR to 16-bytes
} CONTEXT, *PCONTEXT;
219
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
