0a750820a3
32-bit processes on 64-bit Windows run in a layer called WoW64 (Windows-on-Windows64). If you capture a mini dump of such a process from a 32-bit debugger, you end up with a register context for the 64-bit WoW64 process rather than the 32-bit one you probably care about. This detects WoW64 by looking to see if there's a module named wow64.dll loaded. For such processes, it then looks in the 64-bit Thread Environment Block (TEB) to locate a copy of the 32-bit CONTEXT record that the plugin needs for the register context. Added some rudimentary tests. I'd like to improve these later once we figure out how to get the exception information from these mini dumps. Differential Revision: http://reviews.llvm.org/D17465 llvm-svn: 261808
33 lines
1.0 KiB
C++
33 lines
1.0 KiB
C++
//===-- NtStructures.h ------------------------------------------*- C++ -*-===//
|
|
//
|
|
// The LLVM Compiler Infrastructure
|
|
//
|
|
// This file is distributed under the University of Illinois Open Source
|
|
// License. See LICENSE.TXT for details.
|
|
//
|
|
//===----------------------------------------------------------------------===//
|
|
|
|
#ifndef liblldb_Plugins_Process_Windows_Common_NtStructures_h_
|
|
#define liblldb_Plugins_Process_Windows_Common_NtStructures_h_
|
|
|
|
#include "lldb/Host/windows/windows.h"
|
|
|
|
// This describes the layout of a TEB (Thread Environment Block) for a 64-bit
|
|
// process. It's adapted from the 32-bit TEB in winternl.h. Currently, we care
|
|
// only about the position of the TlsSlots.
|
|
struct TEB64
|
|
{
|
|
ULONG64 Reserved1[12];
|
|
ULONG64 ProcessEnvironmentBlock;
|
|
ULONG64 Reserved2[399];
|
|
BYTE Reserved3[1952];
|
|
ULONG64 TlsSlots[64];
|
|
BYTE Reserved4[8];
|
|
ULONG64 Reserved5[26];
|
|
ULONG64 ReservedForOle; // Windows 2000 only
|
|
ULONG64 Reserved6[4];
|
|
ULONG64 TlsExpansionSlots;
|
|
};
|
|
|
|
#endif
|