[求助]OD是怎么知道cpu栈的栈底的-软件逆向-看雪论坛-安全社区|非营利性质技术交流社区

最新回复 (2)
魔之幻灵雪币： 678 活跃值： (12) 能力值： ( LV2，RANK：10 ) 在线值：发帖 1 回帖 34 粉丝 0 关注私信	魔之幻灵 2 楼 GetThreadContext The GetThreadContext function retrieves the context of the specified thread. BOOL GetThreadContext( HANDLE hThread, // handle to thread with context LPCONTEXT lpContext // context structure ); Parameters hThread [in] Handle to the thread whose context is to be retrieved. Windows NT/2000/XP: The handle must have THREAD_GET_CONTEXT access to the thread. For more information, see Thread Security and Access Rights. WOW64: The handle must also have THREAD_QUERY_INFORMATION access. lpContext [in/out] Pointer to the CONTEXT structure that receives the appropriate context of the specified thread. The value of the ContextFlags member of this structure specifies which portions of a thread's context are retrieved. The CONTEXT structure is highly computer specific. Currently, there are CONTEXT structures defined for Intel, MIPS, Alpha, and PowerPC processors. Refer to the WinNt.h header file for definitions of these structures. Return Values If the function succeeds, the return value is nonzero. If the function fails, the return value is zero. To get extended error information, call GetLastError. 2010-12-7 21:25 0
冷露无声雪币： 21 活跃值： (200) 能力值： ( LV2，RANK：10 ) 在线值：发帖 13 回帖 26 粉丝 0 关注私信	冷露无声 3 楼这个是用来获得断点的信息的。这个函数我已经在用了，但我希望能获得CPU调用的栈。也就是说，pe文件在运行的时候会把一段内存分配为栈空间。我想知道它的地址从多少到多少，OD是怎么实现的。 2010-12-8 11:57 0
	游客登录 \| 注册方可回帖回帖表情雪币赚取及消费高级回复

最新回复 (2)
魔之幻灵雪币： 678 活跃值： (12) 能力值： ( LV2，RANK：10 ) 在线值：发帖 1 回帖 34 粉丝 0 关注私信	魔之幻灵 2 楼 GetThreadContext The GetThreadContext function retrieves the context of the specified thread. BOOL GetThreadContext( HANDLE hThread, // handle to thread with context LPCONTEXT lpContext // context structure ); Parameters hThread [in] Handle to the thread whose context is to be retrieved. Windows NT/2000/XP: The handle must have THREAD_GET_CONTEXT access to the thread. For more information, see Thread Security and Access Rights. WOW64: The handle must also have THREAD_QUERY_INFORMATION access. lpContext [in/out] Pointer to the CONTEXT structure that receives the appropriate context of the specified thread. The value of the ContextFlags member of this structure specifies which portions of a thread's context are retrieved. The CONTEXT structure is highly computer specific. Currently, there are CONTEXT structures defined for Intel, MIPS, Alpha, and PowerPC processors. Refer to the WinNt.h header file for definitions of these structures. Return Values If the function succeeds, the return value is nonzero. If the function fails, the return value is zero. To get extended error information, call GetLastError. 2010-12-7 21:25 0
冷露无声雪币： 21 活跃值： (200) 能力值： ( LV2，RANK：10 ) 在线值：发帖 13 回帖 26 粉丝 0 关注私信	冷露无声 3 楼这个是用来获得断点的信息的。这个函数我已经在用了，但我希望能获得CPU调用的栈。也就是说，pe文件在运行的时候会把一段内存分配为栈空间。我想知道它的地址从多少到多少，OD是怎么实现的。 2010-12-8 11:57 0
	游客登录 \| 注册方可回帖回帖表情雪币赚取及消费高级回复