Hello all, Could anyone tell me which command I can use to get the context of a particular thread. Also, When I open a remote process, it stops at ntdll!DbgBreakPoint so how I can know the first of the target process which will be executed.
Thanks.
Hi Vladmir,
Use .thread to change the current context to a given thread.
Regards,
Fernando Roberto da Silva
DriverEntry Kernel Development
http://www.driverentry.com.br
Hi, thanks for reply but the .thread command doesnt do what I want
My scenary is this >
My application has several threads so want to know how to get the context of one ( to read the register values )
also, When I open a remote process it stops at ntdll!DbgBreakPoint (win7) so how can I know the address of the first instructions which will be executed. sorry for rewrite but I realized that I did not write completely.
So, I still think it does what you need.
From WinDbg help: “The .thread command specifies which thread will be used for the register context.”
The help page for this command shows how to pick a process, enumerate its threads and set the context to one of them to read its respective registers.
— OR —
You’re talking about user-mode debug and I’m answering about kernel-mode debug.
For user-mode debug you must use ~s command.
Regards,
Fernando Roberto da Silva
DriverEntry Kernel Development
http://www.driverentry.com.br
Yes, many thanks fernando.