CONTEXT结构

CONTEXT结构包括以下部分：

 CONTEXT_CONTROL:包含CPU的控制寄存器,比如指今指针,堆栈指针,标志和函数返回地址..AX, BX, CX, DX, SI, D
  CONTEXT_INTEGER:用于标识CPU的整数寄存器.DS, ES, FS, GS
  CONTEXT_FLOATING_POINT:用于标识CPU的浮点寄存器.
  CONTEXT_SEGMENTS:用于标识CPU的段寄存器.SS:SP, CS:IP, FLAGS, BP
  CONTEXT_DEBUG_REGISTER:用于标识CPU的调试寄存器.  
 CONTEXT_EXTENDED_REGISTERS:用于标识CPU的扩展寄存器I
  CONTEXT_FULL:相当于CONTEXT_CONTROL or CONTEXT_INTEGER or   CONTEXT_SEGMENTS,即这三个标志的组合

typedef struct _CONTEXT { 

DWORD ContextFlags; DWORD Dr0; DWORD Dr1;DWORD Dr2;DWORD Dr3; DWORD Dr6; DWORD Dr7; FLOATING_SAVE_AREA FloatSave; DWORD SegGs; DWORD SegFs; DWORD SegEs; DWORD SegDs; DWORD Edi; DWORD Esi; DWORD Ebx; DWORD Edx; DWORD Ecx; DWORD Eax; DWORD Ebp; DWORD Eip; DWORD SegCs; DWORD EFlags; DWORD Esp; DWORD SegSs; } CONTEXT;

当用于 SEH 时，CONTEXT 结构体保存着发生异常时各寄存器的值。

对照CONTEXT结构:+0x08c SegGs+0x090 SegFs+0x094 SegEs+0x098 SegDs+0x09c Edi+0x0a0 Esi+0x0a4 Ebx+0x0a8 Edx+0x0ac Ecx+0x0b0 Eax+0x0b4 Ebp+0x0b8 Eip+0x0bc SegCs+0x0c0 EFlags+0x0c4 Esp+0x0c8 SegSs