|
I got lost after some posts but if your aim is to stop execution at one point with a HWBP/SWBP and read the registers you can use this procedure:
1. Set a hardware/software breakpoint at the virtual address by patching the byte or using debug registers
2. Set a new top-level handler ( https://msdn.microsoft.com/en-us/library/windows/desktop/ms680634(v=vs.85).aspx )
3. You get a context structure when the breakpoint hits so in your callback just handle it by reading the structure passed to the callback which is of type (struct _EXCEPTION_POINTERS *ExceptionInfo)
4. If you overwrote the byte by patching then you should rewrite the original byte in the hook and then replace it again for another breakpoint (if you want)
If you have problems you can ask here again
|