CONTEXT Structure (Datatype)

[NmpAy]

#cs
BOOL WINAPI GetThreadContext(__in HANDLE hThread, __inout LPCONTEXT lpContext);
#ce
DllCall($iKernel, "BOOL", "GetThreadContext", "HANDLE", $hThread[0], "LPCONTEXT ????????", "?????????")
#cs
BOOL WINAPI SetThreadContext(__in HANDLE hThread, __in const CONTEXT *lpContext);
#ce
DllCall($iKernel, "BOOL", "SetThreadContext", "HANDLE", $hThread[0], "const CONTEXT* ???????", "?????????")

http://msdn.microsoft.com/en-us/library/windows/desktop/ms679284(v=vs.85).aspx

I require this datatype, especially Eip and ContextFlags for CONTEXT_CONTROL.

I want to be able to GetThreadContext() as well as SetThreadContext().

Is there any easy way of cloning this? What part of WinNT.h would I need to do so? Could anyone give a quick explanation on it? I have read the DllCreateStruct, and DllStructSetData functions, but I still cannot manage to find an easy way, or any way for that matter.

In C++

CONTEXT ctx;
ctx.ContextFlags=CONTEXT_CONTROL;
GetThreadContext(hThread,&ctx);

ctx.Eip = (DWORD)stub;

ctx.ContextFlags=CONTEXT_CONTROL;
SetThreadContext(hThread, &ctx);

Help is very much appreciated.

Edited January 7, 2012 by NmpAy

[jaberwacky]

I imagine you'd want something along these lines. That is if I understood correctly.

Global Const $SIZE_OF_80376_REGISTERS = 80

Global Const $tFLOATING_SAVE_AREA = "DWORD ControlWord; DWORD StatusWord; DWORD TagWord; DWORD ErrorOffset; DWORD ErrorSelector; DWORD DataOffset; DWORD DataSelector; BYTE RegisterArea[" & $SIZE_OF_80376_REGISTERS & "]; DWORD Cr0NpxState"
Global Const $sFLOATING_SAVE_AREA = DllStructCreate($tFLOATING_SAVE_AREA)
Global Const $pFLOATING_SAVE_AREA = DllStructGetPtr($sFLOATING_SAVE_AREA)

Global Const $MAXIMUM_SUPPORTED_EXTENSION = 512

Global Const $tCONTEXT = "DWORD ContextFlags; DWORD Dr0; DWORD Dr1; DWORD Dr2; DWORD Dr3; DWORD Dr6; DWORD Dr7; FLOATING_SAVE_AREA " & $pFLOATING_SAVE_AREA & "; DWORD SegGs; DWORD SegFs; DWORD SegEs; DWORD SegDs; DWORD Edi; DWORD Esi; DWORD Ebx; DWORD Edx; DWORD Ecx; DWORD Eax; DWORD Ebp; DWORD Eip; DWORD SegCs; DWORD EFlags; DWORD Esp; DWORD SegSs; BYTE ExtendedRegisters[" & $MAXIMUM_SUPPORTED_EXTENSION & ']'
Global Const $sCONTEXT = DllStructCreate($tCONTEXT)
Global Const $pCONTEXT = DllStructGetPtr($sCONTEXT)

DllCall($iKernel, "BOOL", "GetThreadContext", "hwnd", $hThread[0], "ptr", $pCONTEXT)

DllCall($iKernel, "BOOL", "SetThreadContext", "hwnd", $hThread[0], "ptr", $pCONTEXT)

Edited January 8, 2012 by LaCastiglione

[NmpAy]

I imagine you'd want something along these lines. That is if I understood correctly.

Global Const $SIZE_OF_80376_REGISTERS = 80

Global Const $tFLOATING_SAVE_AREA = "DWORD ControlWord; DWORD StatusWord; DWORD TagWord; DWORD ErrorOffset; DWORD ErrorSelector; DWORD DataOffset; DWORD DataSelector; BYTE RegisterArea[" & $SIZE_OF_80376_REGISTERS & "]; DWORD Cr0NpxState"
Global Const $sFLOATING_SAVE_AREA = DllStructCreate($tFLOATING_SAVE_AREA)
Global Const $pFLOATING_SAVE_AREA = DllStructGetPtr($sFLOATING_SAVE_AREA)

Global Const $MAXIMUM_SUPPORTED_EXTENSION = 512

Global Const $tCONTEXT = "DWORD ContextFlags; DWORD Dr0; DWORD Dr1; DWORD Dr2; DWORD Dr3; DWORD Dr6; DWORD Dr7; FLOATING_SAVE_AREA " & $pFLOATING_SAVE_AREA & "; DWORD SegGs; DWORD SegFs; DWORD SegEs; DWORD SegDs; DWORD Edi; DWORD Esi; DWORD Ebx; DWORD Edx; DWORD Ecx; DWORD Eax; DWORD Ebp; DWORD Eip; DWORD SegCs; DWORD EFlags; DWORD Esp; DWORD SegSs; BYTE ExtendedRegisters[" & $MAXIMUM_SUPPORTED_EXTENSION & ']'
Global Const $sCONTEXT = DllStructCreate($tCONTEXT)
Global Const $pCONTEXT = DllStructGetPtr($sCONTEXT)

DllCall($iKernel, "BOOL", "GetThreadContext", "hwnd", $hThread[0], "ptr", $pCONTEXT)

DllCall($iKernel, "BOOL", "SetThreadContext", "hwnd", $hThread[0], "ptr", $pCONTEXT)

I do, but from what source can you tell to use all that? Since I would like to do some extra research on it, I dont like to get spoonfed! Thank you!

[jaberwacky]

I found the struct definition on this page: http://source.winehq.org/source/include/winnt.h

Don't assume that I have anything correct, it's untested totally and may make your head asplode.

[trancexx]

I have given the definition for that structure for AutoIt, including an example of usage. You can find it both for 32bit and 64bit of AutoIt inside a file called RunBinary.au3. That file you can find in examples forum.