xfprintf(output, NEWLINE "State Dump for Thread Id 0x%x" NEWLINE NEWLINE, it->first);
const CONTEXT& ctx = it->second.Context;
- if (ctx.ContextFlags & CONTEXT_INTEGER)
+ if ((ctx.ContextFlags & CONTEXT_INTEGER) == CONTEXT_INTEGER)
+ {
+#if defined(_M_IX86)
xfprintf(output, "eax:%p ebx:%p ecx:%p edx:%p esi:%p edi:%p" NEWLINE,
ctx.Eax, ctx.Ebx, ctx.Ecx, ctx.Edx, ctx.Esi, ctx.Edi);
- if (ctx.ContextFlags & CONTEXT_CONTROL)
+#elif defined(_M_AMD64)
+ xfprintf(output, "rax:%p rbx:%p rcx:%p rdx:%p rsi:%p rdi:%p" NEWLINE,
+ ctx.Rax, ctx.Rbx, ctx.Rcx, ctx.Rdx, ctx.Rsi, ctx.Rdi);
+ xfprintf(output, "r8:%p r9:%p r10:%p r11:%p r12:%p r13:%p r14:%p r15:%p" NEWLINE,
+ ctx.R8, ctx.R9, ctx.R10, ctx.R11, ctx.R12, ctx.R13, ctx.R14, ctx.R15);
+#else
+#error Unknown architecture
+#endif
+ }
+ if ((ctx.ContextFlags & CONTEXT_CONTROL) == CONTEXT_CONTROL)
+ {
+#if defined(_M_IX86)
xfprintf(output, "eip:%p esp:%p ebp:%p" NEWLINE,
ctx.Eip, ctx.Esp, ctx.Ebp);
- if (ctx.ContextFlags & CONTEXT_DEBUG_REGISTERS)
+#elif defined(_M_AMD64)
+ xfprintf(output, "eip:%p esp:%p ebp:%p" NEWLINE,
+ ctx.Rip, ctx.Rsp, ctx.Rbp);
+#else
+#error Unknown architecture
+#endif
+ }
+ if ((ctx.ContextFlags & CONTEXT_DEBUG_REGISTERS) == CONTEXT_DEBUG_REGISTERS)
+ {
+#if defined(_M_IX86) || defined(_M_AMD64)
xfprintf(output, "dr0:%p dr1:%p dr2:%p dr3:%p dr6:%p dr7:%p" NEWLINE,
ctx.Dr0, ctx.Dr1, ctx.Dr2, ctx.Dr3, ctx.Dr6, ctx.Dr7);
+#else
+#error Unknown architecture
+#endif
+ }
PrintStackBacktrace(output, data, it->second);
}
}
UCHAR stackData[0x10 * 10];
- DWORD dwSizeRead;
- if (!ReadProcessMemory(data.ProcessHandle, (LPCVOID)thread.Context.Esp, stackData, sizeof(stackData), &dwSizeRead))
+ SIZE_T sizeRead;
+#if defined(_M_IX86)
+ ULONG_PTR stackPointer = thread.Context.Esp;
+#elif defined(_M_AMD64)
+ ULONG_PTR stackPointer = thread.Context.Rsp;
+#else
+#error Unknown architecture
+#endif
+ if (!ReadProcessMemory(data.ProcessHandle, (PVOID)stackPointer, stackData, sizeof(stackData), &sizeRead))
return;
xfprintf(output, NEWLINE "*----> Raw Stack Dump <----*" NEWLINE NEWLINE);
for (size_t j = 0; j < 8; ++j)
{
size_t idx = j + n;
- if (idx < dwSizeRead)
+ if (idx < sizeRead)
{
HexData1[j * 3] = ToChar(stackData[idx] >> 4);
HexData1[j * 3 + 1] = ToChar(stackData[idx] & 0xf);
AsciiData1[j] = isprint(stackData[idx]) ? stackData[idx] : '.';
}
idx += 8;
- if (idx < dwSizeRead)
+ if (idx < sizeRead)
{
HexData2[j * 3] = ToChar(stackData[idx] >> 4);
HexData2[j * 3 + 1] = ToChar(stackData[idx] & 0xf);
}
}
- xfprintf(output, "%p %s - %s %s%s" NEWLINE, thread.Context.Esp+n, HexData1, HexData2, AsciiData1, AsciiData2);
+ xfprintf(output, "%p %s - %s %s%s" NEWLINE, stackPointer+n, HexData1, HexData2, AsciiData1, AsciiData2);
}
}