From d143a0633b64519831e5a7ceb0f02e399640e147 Mon Sep 17 00:00:00 2001
From: "SND\\kernelnet_cp"
 <SND\kernelnet_cp@9b283d60-5439-405e-af05-b73fd8c4d996>
Date: Thu, 20 Dec 2012 07:19:08 +0000
Subject: [PATCH] [0.2.x] fixed: getting wow64 context

git-svn-id: https://pykd.svn.codeplex.com/svn@81922 9b283d60-5439-405e-af05-b73fd8c4d996
---
 pykd/win/dbgeng.cpp | 47 ++++++++++++++++++++++++++++++++++++++++++---
 1 file changed, 44 insertions(+), 3 deletions(-)

diff --git a/pykd/win/dbgeng.cpp b/pykd/win/dbgeng.cpp
index feab142..48c387c 100644
--- a/pykd/win/dbgeng.cpp
+++ b/pykd/win/dbgeng.cpp
@@ -779,10 +779,51 @@ static void ReadWow64Context(WOW64_CONTEXT &Context)
     // http://www.nynaeve.net/Code/GetThreadWow64Context.cpp
     // 
 
+    HRESULT     hres;
+    ULONG       debugClass, debugQualifier;
+    
+    hres = g_dbgEng->control->GetDebuggeeType( &debugClass, &debugQualifier );
+    
+    if ( FAILED( hres ) )
+        throw DbgException( "IDebugControl::GetDebuggeeType  failed" );   
+         
     ULONG64 teb64Address;
-    HRESULT hres = g_dbgEng->system->GetCurrentThreadTeb(&teb64Address);
-    if (S_OK != hres)
-        throw DbgException( "IDebugSystemObjects::GetCurrentThreadTeb", hres);
+
+    if ( debugClass == DEBUG_CLASS_KERNEL )
+    {
+        DEBUG_VALUE  debugValue = {};
+        ULONG        remainderIndex = 0;
+
+        hres = g_dbgEng->control->EvaluateWide( 
+            L"@@C++(#FIELD_OFFSET(nt!_KTHREAD, Teb))",
+            DEBUG_VALUE_INT64,
+            &debugValue,
+            &remainderIndex );
+            
+        if ( FAILED( hres ) )
+            throw  DbgException( "IDebugControl::Evaluate  failed" );
+            
+        ULONG64 tebOffset = debugValue.I64;
+
+        hres = g_dbgEng->system->GetImplicitThreadDataOffset(&teb64Address);
+        if (S_OK != hres)
+            throw DbgException( "IDebugSystemObjects::GetImplicitThreadDataOffset", hres);
+
+        ULONG readedBytes;
+
+        readMemoryUnsafeNoSafe(
+            teb64Address + tebOffset,
+            &teb64Address,
+            sizeof(teb64Address),
+            false,
+            &readedBytes);
+    }
+    else
+    {
+        hres = g_dbgEng->system->GetImplicitThreadDataOffset(&teb64Address);
+        if (S_OK != hres)
+            throw DbgException( "IDebugSystemObjects::GetImplicitThreadDataOffset", hres);
+    }
 
     // ? @@C++(#FIELD_OFFSET(nt!_TEB64, TlsSlots))
     // hardcoded in !wow64exts.r (6.2.8250.0)