Structure that keeps the values of all relevant 80x86 registers. Note that length of this structure in version 1.10 is increased by 4 bytes. This may lead to incompatibilities with previous versions.
typedef struct t_reg { // Excerpt from context
int modified; // Some regs modified, update context
int modifiedbyuser; // Among modified, some modified by user
int singlestep; // Type of single step, SS_xxx
ulong r[8]; // EAX,ECX,EDX,EBX,ESP,EBP,ESI,EDI
ulong ip; // Instruction pointer (EIP)
ulong flags; // Flags
int top; // Index of top-of-stack
long double f[8]; // Float registers, f[top] - top of stack
uchar tag[8]; // Float tags (0x3 - empty register)
ulong fst; // FPU status word
ulong fcw; // FPU control word
ulong s[6]; // Segment registers ES,CS,SS,DS,FS,GS
ulong base[6]; // Segment bases
ulong limit[6]; // Segment limits
uchar big[6]; // Default size (0-16, 1-32 bit)
ulong dr6; // Debug register DR6
ulong threadid; // ID of thread that owns registers
ulong lasterror; // Last thread error or 0xFFFFFFFF
int ssevalid; // Whether SSE registers valid
int ssemodified; // Whether SSE registers modified
char ssereg[8][16]; // SSE registers
ulong mxcsr; // SSE control and status register
int selected; // Reports selected register to plugin
ulong drlin[4]; // Debug registers DR0..DR3
ulong dr7; // Debug register DR7
} t_reg;
Members:
modified - non-zero value indicates that some registers were modified and OllyDbg should update CONTEXT structure of the corresponding thread before continuing execution;
modifiedbyuser - among modified registers, some registers were modified by user;
singlestep - used internally by OllyDbg, do not modify directly!
r - 32-bit general-purpose registers EAX,ECX,EDX,EBX,ESP,EBP,ESI,EDI (in the listed order, use constants REG_xxx to access);
ip - 32-bit Instruction Pointer (EIP register);
flags - 32-bit EFLAGS register, do not modify single-step trap bit!
top - index of the register that is the top of the FPU stack;
f - 80-bit floating-point/MMX/3DNow! registers;
tag - two-bit tags associated with floating point registers;
fst - 16-bit FPU status word;
fcw - 16-bit FPU control word;
s - segment registers ES,CS,SS,DS,FS,GS (in the listed order, use constants SEG_xxx to access);
base - base addresses of segment descroptors;
limit - limits of segment descriptors;
big - default segment size (0 - 16-bit segment, seldom in flat mode; 1 - 32-bit segment);
dr6 - debug register dr6, please do not modify!
threadid - identifier of the thread that owns registers;
lasterror - last error in the thread as returned by call to GetlastError, or -1 (0xFFFFFFFF) if exact value of the error is unknown;
ssevalid - non-zero if ssereg contain valid data;
ssereg - 16-byte SSE registers;
mxcsr - SSE control and status register;
selected - currently selected register, defined only if t_reg is passed to one of ODBG_Plugin... callback functions, otherwise undefined. AND this value with RS_GROUP to obtain the group of registers RS_xxx; to get index of register within the group, AND it with RS_INDEX. For example, code 0013 is a general-purpose register EBX (0013 & RS_GROUP = RS_INT, 0013 & RS_INDEX = REG_EBX);
drlin - debug registers dr0..dr3, please do not modify!
dr7 - debug register dr7, please do not modify!