Skip to content

Commit 1fbc53b

Browse files
tyranidtyranid
committed
Added property to query the current Instruction Pointer value.
1 parent 3cf255f commit 1fbc53b

1 file changed

Lines changed: 10 additions & 11 deletions

File tree

NtApiDotNet/NtThread.cs

Lines changed: 10 additions & 11 deletions
Original file line numberDiff line numberDiff line change
@@ -1153,10 +1153,12 @@ public string Description
11531153
/// <summary>
11541154
/// Get the Win32 start address for the thread.
11551155
/// </summary>
1156-
public long Win32StartAddress
1157-
{
1158-
get { return Query<IntPtr>(ThreadInformationClass.ThreadQuerySetWin32StartAddress).ToInt64(); }
1159-
}
1156+
public long Win32StartAddress => Query<IntPtr>(ThreadInformationClass.ThreadQuerySetWin32StartAddress).ToInt64();
1157+
1158+
/// <summary>
1159+
/// Get the current Instruction Pointer for the thread.
1160+
/// </summary>
1161+
public long InstructionPointer => (long)GetContext(ContextFlags.Control).InstructionPointer;
11601162

11611163
/// <summary>
11621164
/// Get last system call on the thread.
@@ -1194,14 +1196,17 @@ public ThreadLastSystemCall LastSystemCall
11941196
/// Get the creation time of the thread.
11951197
/// </summary>
11961198
public DateTime CreateTime => DateTime.FromFileTime(Query<KernelUserTimes>(ThreadInformationClass.ThreadTimes).CreateTime.QuadPart);
1199+
11971200
/// <summary>
11981201
/// Get the exit time of the thread (0 if not exited)
11991202
/// </summary>
12001203
public DateTime ExitTime => DateTime.FromFileTime(Query<KernelUserTimes>(ThreadInformationClass.ThreadTimes).ExitTime.QuadPart);
1204+
12011205
/// <summary>
12021206
/// Get the time spent in the kernel.
12031207
/// </summary>
12041208
public long KernelTime => Query<KernelUserTimes>(ThreadInformationClass.ThreadTimes).KernelTime.QuadPart;
1209+
12051210
/// <summary>
12061211
/// Get the time spent in user mode.
12071212
/// </summary>
@@ -1210,13 +1215,7 @@ public ThreadLastSystemCall LastSystemCall
12101215
/// <summary>
12111216
/// Get thread information.
12121217
/// </summary>
1213-
public NtThreadInformation ThreadInformation
1214-
{
1215-
get
1216-
{
1217-
return new NtThreadInformation(ProcessName, Query<SystemThreadInformation>(ThreadInformationClass.ThreadSystemThreadInformation));
1218-
}
1219-
}
1218+
public NtThreadInformation ThreadInformation => new NtThreadInformation(ProcessName, Query<SystemThreadInformation>(ThreadInformationClass.ThreadSystemThreadInformation));
12201219

12211220
/// <summary>
12221221
/// Get thread exit status.

0 commit comments

Comments
 (0)