t_reg
Structure that contains working copy of registers of the thread of the debugging application
typedef
struct t_reg
{
// Excerpt from context
ulong
status;
// Status of registers, set of RV_xxx
ulong
threadid;
// ID of thread that owns registers
ulong
ip;
// Instruction pointer (EIP)
ulong
r[NREG];
// EAX,ECX,EDX,EBX,ESP,EBP,ESI,EDI
ulong
flags;
// Flags
ulong
s[NSEG];
// Segment registers ES,CS,SS,DS,FS,GS
ulong
base[NSEG];
// Segment bases
ulong
limit[NSEG]; //
Segment limits
uchar
big[NSEG];
// Default size (0-16, 1-32 bit)
uchar
dummy[2];
// Reserved, used for data alignment
int
top;
// Index of top-of-stack
long double
f[NREG];
// Float registers, f[top] - top of stack
uchar
tag[NREG];
// Float tags (0x3 - empty register)
ulong
fst;
// FPU status word
ulong
fcw;
// FPU control word
ulong
ferrseg;
// Selector of last detected FPU error
ulong
feroffs;
// Offset of last detected FPU error
ulong
dr[NREG];
// Debug registers
ulong
lasterror;
// Last thread error or 0xFFFFFFFF
uchar ssereg[NREG][16]; // SSE registers
ulong
mxcsr;
// SSE control and status register
t_memfield
mem[NMEMFIELD]; // Known memory
fields from run trace
} t_reg;
Members:
status
Status of the structure, a combination of zero or more of the following flags:
RV_MODIFIED - registers are modified, thread context must be updated before execution continues
RV_USERMOD - registers are modified by the user
RV_SSEVALID - SSE registers (ssereg, mxcsr) are valid
RV_SSEMOD - SSE registers are modified. RV_MODIFIED must also be set
RV_ERRVALID - lasterror is valid
RV_ERRMOD - lasterror is modified. RV_MODIFIED must also be set
RV_MEMVALID - mem is valid
RV_DBGMOD - debugging registers are modified. RV_MODIFIED must also be set
threadid
Identifier of the thread that owns registers
ip
Instruction pointer (EIP)
r
32-bit general purpose registers. EAX is kept in r[REG_EAX], and so on
flags
32-bit flags registers. Note that many high-order flags are hidden by Windows
s
16-bit segment registers. SS is kept in s[REG_SS} and so on
base
Bases
of the selectors chosen into the corresponding segment registers. In
the flat Win32 model, ES, CS, SS and DS have base 0 and FS points to
the Thread Information Block
limit
Bases of the selectors chosen into the corresponding segment registers. In the flat Win32 model, ES, CS, SS and DS allow access to the whole virtual memory
big
Default operand and address sizes associated with selectors
chosen into the corresponding segment registers (0 - 16 bit, 1 -32
bits). In the flat Win32 model, all selectors describe 32-bit segments
dummy
Reserved, used for alignment
top
Index of the floating point register that is currently on the top of the FPU stack
f
80-bit floating point registers. Also keep MMX and 3DNow! registers, in these cases top is ignored
tag
Tags
associated with the corresponding floating point registers. The only
really important thing is whether register is marked as empty (tag 0x3)
or not
fst
FPU status word. Among other things, lists of floating point exceptions
fcw
FPU control word
ferrseg
Selector
part of the address of command that caused last unmasked floating
point exception, ussually the same as the contents of CS.
Note that
floating point unit is physically integrated with the rest of CPU but
logically is still an independent asynchronous coprocessor. Exceptions
are usually reported to the OS on the next FWAIT or on the next FPU
command that uses results of the command that caused exception, and
there may be hundreds of integer commands inbetween. To locate the real
address of exception, use ferrseg:ferroffs
ferroffs
Offset part of the address of command that caused last unmasked floating point
exception, see discussion above
dr
Debug registers. Don't modify directly!
lasterror
Last thread error (for example, 0xC0000005 means ACCESS_VIOLATION), valid only if flag RV_ERRVALID is set. Note that lasterror has no associated register, its source is located in the Thread Information Block
ssereg
128-bit SSE registers, valid only if flag RV_SSEVALID is set
mxcsr
SSE control and status register, valid only if flag RV_SSEVALID is set
mem
For internal use
See
also: