NtGetContextThread - NtDoc

Native API online documentation, based on the System Informer (formerly Process Hacker) phnt headers

#ifndef _NTPSAPI_H
// Threads
#if (PHNT_MODE != PHNT_MODE_KERNEL)

NTSYSCALLAPI
NTSTATUS
NTAPI
NtGetContextThread(
    _In_ HANDLE ThreadHandle,
    _Inout_ PCONTEXT ThreadContext
    );

#endif
#endif
View code on GitHub

#ifndef _NTZWAPI_H

NTSYSCALLAPI
NTSTATUS
NTAPI
ZwGetContextThread(
    _In_ HANDLE ThreadHandle,
    _Inout_ PCONTEXT ThreadContext
    );

#endif
View code on GitHub

Retrieves the context (set of registers) of the specified thread.

Parameters

ThreadHandle - a handle to a thread granting THREAD_GET_CONTEXT access.
ThreadContext - a pointer to a CONTEXT structure that receives the state of registers. Note: make sure to initialize the ContextFlags field of the structure with the bit mask defining which portion of the context to query.

GetThreadContext

See also

Edit description on GitHub