0

Under linux there is the ptrace syscall for that, is there any alternative for windows to read the cpu register values of another running thread?

I have found this thread, but this user wants to monitor syscalls in general and searched for a ptrace alternative under windows for this specific task, so the answer wouldn't help me for what i want to do.

Sbardila
  • 113
  • 6
  • Reading the CPU registers of a running thread produces meaningless results. By the time you get around to observing the returned values they have long become outdated. You'd have to suspend the target thread first to get anything meaningful. And suspending a thread in the same process is just begging for a deadlock. Whatever problem you are trying to solve this is not a solution. Maybe you should ask about [the problem](http://xyproblem.info). – IInspectable Oct 01 '20 at 11:46
  • they wouldnt be meaningless for my goal, i would save the register states after each instruction and compare them later to an existing set of register states. – Sbardila Oct 01 '20 at 12:01
  • In other words: You want to observe the register file of a thread that's **not** running. I.e. you want to suspend a thread and only allow it to make forward progress, one instruction at a time. As noted previously, you cannot safely suspend a thread from within the same process. – IInspectable Oct 01 '20 at 12:07
  • but the gdb debugger allows you to do so and it uses ptrace for that. you can step an instruction and get the register values after each instruction – Sbardila Oct 01 '20 at 12:12
  • You don't need GDB or ptrace for that. Windows has a debugger built into the system. The debugger can control an external process' threads and read registers of a suspended thread. That's not what the question is asking for. – IInspectable Oct 01 '20 at 14:20

0 Answers0