Structure that contains working copy of registers of the thread of the debugging application
typedef struct t_reg { // Excerpt from context
ulong status; // Status of registers, set of RV_xxx
ulong threadid; // ID of thread that owns registers
ulong ip; // Instruction pointer (EIP)
ulong r[NREG]; // EAX,ECX,EDX,EBX,ESP,EBP,ESI,EDI
ulong flags; // Flags
ulong s[NSEG]; // Segment registers ES,CS,SS,DS,FS,GS
ulong base[NSEG]; // Segment bases
ulong limit[NSEG]; // Segment limits
uchar big[NSEG]; // Default size (0-16, 1-32 bit)
uchar dummy[2]; // Reserved, used for data alignment
int top; // Index of top-of-stack
long double f[NREG]; // Float registers, f[top] - top of stack
uchar tag[NREG]; // Float tags (0x3 - empty register)
ulong fst; // FPU status word
ulong fcw; // FPU control word
ulong ferrseg; // Selector of last detected FPU error
ulong feroffs; // Offset of last detected FPU error
ulong dr[NREG]; // Debug registers
ulong lasterror; // Last thread error or 0xFFFFFFFF
uchar ssereg[NREG][16]; // SSE registers
ulong mxcsr; // SSE control and status register
t_memfield mem[NMEMFIELD]; // Known memory fields from run trace
} t_reg;
Members:
status
Status of the structure, a combination of zero or more of the following flags:
RV_MODIFIED - registers are modified, thread context must be updated before execution continues
RV_USERMOD - registers are modified by the user
RV_SSEVALID - SSE registers (ssereg, mxcsr) are valid
RV_SSEMOD - SSE registers are modified. RV_MODIFIED must also be set
RV_ERRVALID - lasterror is valid
RV_ERRMOD - lasterror is modified. RV_MODIFIED must also be set
RV_MEMVALID - mem is valid
RV_DBGMOD - debugging registers are modified. RV_MODIFIED must also be set
threadid
RV_MODIFIED - registers are modified, thread context must be updated before execution continues
RV_USERMOD - registers are modified by the user
RV_SSEVALID - SSE registers (ssereg, mxcsr) are valid
RV_SSEMOD - SSE registers are modified. RV_MODIFIED must also be set
RV_ERRVALID - lasterror is valid
RV_ERRMOD - lasterror is modified. RV_MODIFIED must also be set
RV_MEMVALID - mem is valid
RV_DBGMOD - debugging registers are modified. RV_MODIFIED must also be set
Identifier of the thread that owns registers
ip
Instruction pointer (EIP)
r
32-bit general purpose registers. EAX is kept in r[REG_EAX], and so on
flags
32-bit flags registers. Note that many high-order flags are hidden by Windows
s
16-bit segment registers. SS is kept in s[REG_SS} and so on
base
Bases
of the selectors chosen into the corresponding segment registers. In
the flat Win32 model, ES, CS, SS and DS have base 0 and FS points to
the Thread Information Block
limit
Bases of the selectors chosen into the corresponding segment registers. In the flat Win32 model, ES, CS, SS and DS allow access to the whole virtual memory
big
Default operand and address sizes associated with selectors
chosen into the corresponding segment registers (0 - 16 bit, 1 -32
bits). In the flat Win32 model, all selectors describe 32-bit segments
dummy
Reserved, used for alignment
top
Index of the floating point register that is currently on the top of the FPU stack
f
80-bit floating point registers. Also keep MMX and 3DNow! registers, in these cases top is ignored
tag
Tags
associated with the corresponding floating point registers. The only
really important thing is whether register is marked as empty (tag 0x3)
or not
fst
FPU status word. Among other things, lists of floating point exceptions
fcw
FPU control word
ferrseg
Selector
part of the address of command that caused last unmasked floating
point exception, ussually the same as the contents of CS.
Note that floating point unit is physically integrated with the rest of CPU but logically is still an independent asynchronous coprocessor. Exceptions are usually reported to the OS on the next FWAIT or on the next FPU command that uses results of the command that caused exception, and there may be hundreds of integer commands inbetween. To locate the real address of exception, use ferrseg:ferroffs
ferroffs
Note that floating point unit is physically integrated with the rest of CPU but logically is still an independent asynchronous coprocessor. Exceptions are usually reported to the OS on the next FWAIT or on the next FPU command that uses results of the command that caused exception, and there may be hundreds of integer commands inbetween. To locate the real address of exception, use ferrseg:ferroffs
Offset part of the address of command that caused last unmasked floating point
exception, see discussion above
dr
Debug registers. Don't modify directly!
lasterror
Last thread error (for example, 0xC0000005 means ACCESS_VIOLATION), valid only if flag RV_ERRVALID is set. Note that lasterror has no associated register, its source is located in the Thread Information Block
ssereg
128-bit SSE registers, valid only if flag RV_SSEVALID is set
mxcsr
SSE control and status register, valid only if flag RV_SSEVALID is set
mem
For internal use
See also: