How to get the interrupted Processor Context / EIP in a Custom DPC?

Hi.

I recently bought Intel vtune, and for fun (and understanding) decided *to
try* to write a sampling profiler.

I have set up a custom DPC on a periodic (1 ms) timer, and my DPC gets
called happily.
I intend to capture a trace of the EIP over a number of seconds into a non
paged pool buffer.

I can get the current KPCR, KPRCB & KTHREAD pointers using the FS register
/ KeGetCurrentThread() respectively.
I have coded up the ETHREAD structure from the output of WinDBG !ethread
command (c.f. Inside Win2k, Solomon & Russinovich).

Therefore, I can see there are various states the thread I have interrupted
might be in:
It is a user mode thread running in user mode (it has TEB set valid).
It is a user mode thread running in kernel mode (it has TEB & TrapFrame set
valid).
It is a system / kernel mode thread.

I can dump the kernel mode stack, and can sometimes see obvious user mode
addresses on it,
but only in the case of a trap frame being present can I reliably get the
interrupted EIP/EBP Thread Context etc. (of the user mode stack).

So I was wondering if someone could shed some light on how to get the
kernel mode trap frame / processor context when in a DPC?

Thanks in advance.

James Westland Cain, Ph.D.
Senior Engineer
Quantel Limited.

p.s. I realise that my DPC only runs at IRQL Dispatch and the OS profile
interrupt runs above the ISR IRQLs, but I was parking that in the denial
bucket!