In kernel-mode debugging, the debugger engine will use the implicit thread to determine some of the target's registers. This includes the processor stack (see GetStackOffset), the frame offset (see GetFrameOffset), and the instruction offset (see GetInstructionOffset). When an event occurs, the implicit thread is set to the current thread.
The implicit thread may be changed by using SetImplicitThreadDataOffset. To determine the implicit thread, use GetImplicitThreadDataOffset.
Not all registers are determined by the implicit thread. Some registers will remain the same when the implicit thread is changed.
2. GetThreadIdByDataOffset also get the E_NOINTERFACE poor result.
沒有留言:
張貼留言