Documentation
¶
Index ¶
- type AMD64Registers
- func (r *AMD64Registers) BP() uint64
- func (r *AMD64Registers) Copy() (proc.Registers, error)
- func (r *AMD64Registers) GAddr() (uint64, bool)
- func (r *AMD64Registers) Get(n int) (uint64, error)
- func (r *AMD64Registers) PC() uint64
- func (r *AMD64Registers) SP() uint64
- func (r *AMD64Registers) Slice(floatingPoint bool) ([]proc.Register, error)
- func (r *AMD64Registers) TLS() uint64
- type CONTEXT
- type M128A
- type XMM_SAVE_AREA32
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type AMD64Registers ¶
type AMD64Registers struct {
Context *CONTEXT
// contains filtered or unexported fields
}
AMD64Registers represents CPU registers on an AMD64 processor.
func NewAMD64Registers ¶
func NewAMD64Registers(context *CONTEXT, TebBaseAddress uint64) *AMD64Registers
NewAMD64Registers creates a new AMD64Registers struct from a CONTEXT struct and the TEB base address of the thread.
func (*AMD64Registers) BP ¶
func (r *AMD64Registers) BP() uint64
func (*AMD64Registers) Copy ¶
func (r *AMD64Registers) Copy() (proc.Registers, error)
Copy returns a copy of these registers that is guarenteed not to change.
func (*AMD64Registers) GAddr ¶
func (r *AMD64Registers) GAddr() (uint64, bool)
GAddr returns the address of the G variable if it is known, 0 and false otherwise.
func (*AMD64Registers) Get ¶
func (r *AMD64Registers) Get(n int) (uint64, error)
Get returns the value of the n-th register (in x86asm order).
func (*AMD64Registers) PC ¶
func (r *AMD64Registers) PC() uint64
PC returns the current program counter i.e. the RIP CPU register.
func (*AMD64Registers) SP ¶
func (r *AMD64Registers) SP() uint64
SP returns the stack pointer location, i.e. the RSP register.
func (*AMD64Registers) Slice ¶
func (r *AMD64Registers) Slice(floatingPoint bool) ([]proc.Register, error)
Slice returns the registers as a list of (name, value) pairs.
func (*AMD64Registers) TLS ¶
func (r *AMD64Registers) TLS() uint64
TLS returns the value of the register that contains the location of the thread local storage segment.
type CONTEXT ¶
type CONTEXT struct {
P1Home uint64
P2Home uint64
P3Home uint64
P4Home uint64
P5Home uint64
P6Home uint64
ContextFlags uint32
MxCsr uint32
SegCs uint16
SegDs uint16
SegEs uint16
SegFs uint16
SegGs uint16
SegSs uint16
EFlags uint32
Dr0 uint64
Dr1 uint64
Dr2 uint64
Dr3 uint64
Dr6 uint64
Dr7 uint64
Rax uint64
Rcx uint64
Rdx uint64
Rbx uint64
Rsp uint64
Rbp uint64
Rsi uint64
Rdi uint64
R8 uint64
R9 uint64
R10 uint64
R11 uint64
R12 uint64
R13 uint64
R14 uint64
R15 uint64
Rip uint64
FltSave XMM_SAVE_AREA32
VectorRegister [26]M128A
VectorControl uint64
DebugControl uint64
LastBranchToRip uint64
LastBranchFromRip uint64
LastExceptionToRip uint64
LastExceptionFromRip uint64
}
CONTEXT tracks the _CONTEXT of windows.
func NewCONTEXT ¶
func NewCONTEXT() *CONTEXT
NewCONTEXT allocates Windows CONTEXT structure aligned to 16 bytes.
type XMM_SAVE_AREA32 ¶
type XMM_SAVE_AREA32 struct {
ControlWord uint16
StatusWord uint16
TagWord byte
Reserved1 byte
ErrorOpcode uint16
ErrorOffset uint32
ErrorSelector uint16
Reserved2 uint16
DataOffset uint32
DataSelector uint16
Reserved3 uint16
MxCsr uint32
MxCsr_Mask uint32
FloatRegisters [8]M128A
XmmRegisters [256]byte
Reserved4 [96]byte
}
XMM_SAVE_AREA32 tracks the _XMM_SAVE_AREA32 windows struct.
Source Files