RIPs and RSPs of threads

Bare metal programming in PureBasic, for experienced users
juergenkulow
Enthusiast
Enthusiast
Posts: 556
Joined: Wed Sep 25, 2019 10:18 am

RIPs and RSPs of threads

Post by juergenkulow »

x64dbg:
Image
I want to output the current RIPs and RSPs of all threads of my program in PureBasic like x64dbg does. How do I do that?

Code: Select all

; How to get rip and rsp of each Thread without changing the Thread?
Structure ThreadType
  ID.i
  RIP.i
  RSP.i
EndStructure
NewList ThreadList.ThreadType()
#Anzahl=10

Procedure myThread(*t.ThreadType)
  Protected i
  Repeat
    ; *t\RIP=?Label13 : Label13:  ; without doing this every code line. 
    Delay(1)
    For i=1 To 1000000 
    Next
  ForEver
EndProcedure

For i=1 To #Anzahl
  AddElement(Threadlist())
  Threadlist()\ID=CreateThread(@myThread(),@Threadlist())
Next 

Window=OpenWindow(#PB_Any,0,0,300,#Anzahl*20,"List Thread RIP, RSP",#PB_Window_SystemMenu)
AddWindowTimer(Window,123,1600)
TextGadget(0,0,0,300,#Anzahl*20,"RIP                              RSP")
Repeat
  Event=WaitWindowEvent(16)
  Select Event
    Case #PB_Event_Timer
      Select EventTimer()
          Case 123
            s.s="RIP"+#CRLF$
            ForEach Threadlist()
              Threadlist()\RIP=$13DA111B+Random(50)  ; ???
              s+RSet(Hex(ThreadList()\RIP,#PB_Quad),16,"0")+#CRLF$
            Next
            SetGadgetText(0,s)
      EndSelect      
  EndSelect    
Until Event=#PB_Event_CloseWindow

CompilerIf #PB_Compiler_Thread=0 
  CompilerError "Please switch Thread save on."
CompilerEndIf 
Please ask your questions, because switch on the cognition apparatus decides on the only known life in the universe.Wersten :DDüsseldorf NRW Germany Europe Earth Solar System Flake Bubble Orionarm
Milky Way Local_Group Virgo Supercluster Laniakea Universe
User avatar
idle
Always Here
Always Here
Posts: 5093
Joined: Fri Sep 21, 2007 5:52 am
Location: New Zealand

Re: RIPs and RSPs of threads

Post by idle »

isn't RIP global only, I don't think I understand the question?
lea reg [rip+0] or lea reg, [global]
juergenkulow
Enthusiast
Enthusiast
Posts: 556
Joined: Wed Sep 25, 2019 10:18 am

Re: RIPs and RSPs of threads

Post by juergenkulow »

The main program has an instruction pointer and each thread has an instruction pointer, i.e. 11 in my example. The main program has a stack and each thread has a stack, i.e. 11 stack pointers. I want to output or evaluate all these pointers with PureBasic, like x64dbg does on the thread view.
DarkDragon
Addict
Addict
Posts: 2228
Joined: Mon Jun 02, 2003 9:16 am
Location: Germany
Contact:

Re: RIPs and RSPs of threads

Post by DarkDragon »

Probably you need something like this combined:

https://learn.microsoft.com/en-us/windo ... hread-list
https://learn.microsoft.com/en-us/windo ... dfrom=MSDN

The CONTEXT structure contains the addresses. Pc and Sp. If you want the stack frame you can also use the STACKFRAME64 structure.
bye,
Daniel
juergenkulow
Enthusiast
Enthusiast
Posts: 556
Joined: Wed Sep 25, 2019 10:18 am

Re: RIPs and RSPs of threads

Post by juergenkulow »

Code: Select all

; Threads rip and rsp - Windows x64
Structure ThreadType
  ID.i
  RIP.i
  RSP.i
  RIPLine.i 
EndStructure

CompilerIf #PB_Compiler_OS<>#PB_OS_Windows Or #PB_Compiler_Processor<>#PB_Processor_x64 
  CompilerError "Windows x64 only."
CompilerEndIf

NewList ThreadList.ThreadType()
#Anzahl=10

Procedure myThread(*t.ThreadType)
  Protected i
  Repeat
    *t\RIPLine=?Label14 : Label14:  
    Delay(1)
    For i=1 To 100000000
    Next
    Delay(1)
  ForEver
EndProcedure

Procedure myThread2(*t.ThreadType)
  Protected i
  *t\RIPLine=?Label24 : Label24:
  Repeat
    i+1
  ForEver
EndProcedure

; Start Threads
For i=1 To #Anzahl
  AddElement(Threadlist())
  Threadlist()\ID=CreateThread(@myThread(),@Threadlist())
Next 
AddElement(Threadlist())
Threadlist()\ID=CreateThread(@myThread2(),@Threadlist())

Window=OpenWindow(#PB_Any,0,0,400,#Anzahl*22+25,"Threads Instruction Pointer and Stack Pointer ",#PB_Window_SystemMenu)
AddWindowTimer(Window,123,16) ; 60 times per second
ListIconGadget(0,  10,  5, 380, #Anzahl*22, "RIP", 120)
AddGadgetColumn(0, 2, "RIPLine ", 120)
AddGadgetColumn(0, 3, "RSP ", 130)
Define *ctxfull = AllocateMemory(SizeOf(CONTEXT)+16) 
Define *ctx.CONTEXT = *ctxfull + (*ctxfull % 16)
Repeat
  Event=WaitWindowEvent(16)
  Select Event
    Case #PB_Event_Timer
      Select EventTimer()
          Case 123
            ClearGadgetItems(0)
            i=1
            ForEach Threadlist()
              *ctx\ContextFlags = #CONTEXT_FULL
              SuspendThread_(ThreadID(Threadlist()\ID))
              If GetThreadContext_(ThreadID(Threadlist()\ID), *ctx)
                Threadlist()\RIP=*ctx\Rip;
                Threadlist()\RSP=*ctx\Rsp;
              Else 
                Threadlist()\RIP=0
                Threadlist()\RSP=0
              EndIf 
              ResumeThread_(ThreadID(Threadlist()\ID))
              AddGadgetItem(0,i,RSet(Hex(ThreadList()\RIP,#PB_Quad),16,"0")+Chr(10)+
                                RSet(Hex(ThreadList()\RIPLine,#PB_Quad),16,"0")+Chr(10)+
                                RSet(Hex(ThreadList()\RSP,#PB_Quad),16,"0")+#CRLF$)
              i+1
            Next
        EndSelect      
  EndSelect    
Until Event=#PB_Event_CloseWindow

CompilerIf #PB_Compiler_Thread=0 
  CompilerError "Please switch Thread save on."
CompilerEndIf 
Under Linux, how can I access the RIPs and RSPs of the threads?
Post Reply