Share via

From kernel mode is there an API which gives the value of RAX register given a KTHREAD object ?

Victor Mehta 176 Reputation points
2022-08-19T15:04:07.873+00:00

At the moment I'm able to retrieve a pointer to a KTHREAD object but I want to be able to obtain the value of RAX register or any of the 64 bit registers. Can this be done in 64 bit mode by way of some kernel mode API without having to traverse the KTHREAD struct ?

Thanks

Windows Hardware Performance
Windows Hardware Performance
Windows: A family of Microsoft operating systems that run across personal computers, tablets, laptops, phones, internet of things devices, self-contained mixed reality headsets, large collaboration screens, and other devices.Hardware Performance: Delivering / providing hardware or hardware systems or adjusting / adapting hardware or hardware systems.
1,579 questions
0 comments