maybe unrelated to x64dbg, but in windows "context" structures have all the same information (like registers and stuff)? because alot of structures have a "context" field and i never know what the data means
I did a stream on recreating undocumented structs on Windows using IDA Pro. One of the reasons I bring this up is that during that stream, I had to deal with the context structure for a given thread during an exception handler. The thread caused an access violation to a Guard Page, and the handler needed some of the register values at the moment in time when the exception was triggered.. So, think of the context as a snapshot of the state of the processor registers at a given moment in time. Same thing when you context switch out of a process and to another one (e.g. Notepad to Calc). In order to continue where you left off, the state of all registers and such are stored in something called the Process Control Block (PCB).
You actually inspired me to create a short video, as this question has been asked quite a few times. Hope it helps... ruclips.net/video/dz8CSaQRfzE/видео.html
Thank you very much Sir!!!!
Man... can't believe I got caught up at work and missed it!
I love you Stephen. You are my daily motivation
epic stream!
thanks a lot
can't believe I missed the stream.
Duncan, for the "trace coverage", what is the difference between bit/byte/word?
maybe unrelated to x64dbg, but in windows "context" structures have all the same information (like registers and stuff)? because alot of structures have a "context" field and i never know what the data means
I did a stream on recreating undocumented structs on Windows using IDA Pro. One of the reasons I bring this up is that during that stream, I had to deal with the context structure for a given thread during an exception handler. The thread caused an access violation to a Guard Page, and the handler needed some of the register values at the moment in time when the exception was triggered.. So, think of the context as a snapshot of the state of the processor registers at a given moment in time. Same thing when you context switch out of a process and to another one (e.g. Notepad to Calc). In order to continue where you left off, the state of all registers and such are stored in something called the Process Control Block (PCB).
@@OffByOneSecurity i see, thanks alot
You actually inspired me to create a short video, as this question has been asked quite a few times. Hope it helps... ruclips.net/video/dz8CSaQRfzE/видео.html