Thread: x64dbg
View Single Post
  #69  
Old 03-31-2014, 06:21
mr.exodia mr.exodia is offline
Retired Moderator
 
Join Date: Nov 2011
Posts: 784
Rept. Given: 492
Rept. Rcvd 1,122 Times in 305 Posts
Thanks Given: 90
Thanks Rcvd at 711 Times in 333 Posts
mr.exodia Reputation: 1100-1299 mr.exodia Reputation: 1100-1299 mr.exodia Reputation: 1100-1299 mr.exodia Reputation: 1100-1299 mr.exodia Reputation: 1100-1299 mr.exodia Reputation: 1100-1299 mr.exodia Reputation: 1100-1299 mr.exodia Reputation: 1100-1299 mr.exodia Reputation: 1100-1299
Sorry, I could not edit my previous post anymore..

Attached an example plugin (DumpProcess), I tested it for a simple DLL + EXE and it appears to work fine. Feel free to (ab)use it however you like.

EDIT: @n00b, seems like I've misread your question. To get the RIP of any process, you should use the function GetThreadContext, enum the threads in a process using CreateToolhelp32Snapshot & Thread32Next and then get the RIP of the thread you're interested in...

Greetings,

Mr. eXoDia
Attached Files
File Type: rar testplugin_002.rar (249.7 KB, 32 views)
Reply With Quote
The Following 2 Users Gave Reputation+1 to mr.exodia For This Useful Post:
ali56s (04-02-2014), n00b (03-31-2014)
The Following User Says Thank You to mr.exodia For This Useful Post:
Indigo (07-19-2019)