I'm writing a debugger application of sorts, and I need to be able to get a 64-bit application's thread's context, and MSDN documentation is telling me that I should be using Wow64GetThreadContext.
Now, this is all fine and dandy, except when I try to use it on a 64-bit process from a 32-bit application, it fails with "The parameter is incorrect"(error 87). I am using it in the exact same way as I use the 32-bit equivalent to get the context of a 32-bit
thread, which works fine.
What is really strange is that when I look at the definition for WOW64_CONTEXT in WinNT.h, it is almost completely equivalent to the 32-bit version. It has no 64-bit registers, and the only difference is the last line:
In CONTEXT, but
Another thing that is really, really strange is that when I try to compile the application as 64-bit, the portion of my code that deals with 32-bit processes gives me this error:
error C2039: 'Eip' : is not a member of '_CONTEXT'
If I then proceed to find "Go to definition" of CONTEXT(which is _CONTEXT) the very first thing I see is the "Eip" member.
And one oddity on top of all the others is the fact that in WinNT.h there is actually a CONTEXT definition containing all the 64-bit registers that I need, but whatever #ifdef that seems to 'disable' it never seems to enable it regardless of whether I
compile as 64-bit or not.
The documentation suggests I can freely use the Wow64GetThreadContext to retrieve the context of a 64-bit application from a 32-bit application.
What is going on here? This really seems like a big bug in the SDK and I would really appreciate an explanation as I cannot continue onwards until I can resolve this problem.