#ifndef _NTPSAPI_H
//
// Threads
//
#if (PHNT_MODE != PHNT_MODE_KERNEL)

/**
 * Retrieves the context of the specified thread.
 *
 * \param ThreadHandle A handle to the thread.
 * \param ThreadContext A pointer to a CONTEXT structure that receives the thread context.
 * \return NTSTATUS Successful or errant status.
 */
NTSYSCALLAPI
NTSTATUS
NTAPI
NtGetContextThread(
    _In_ HANDLE ThreadHandle,
    _Inout_ PCONTEXT ThreadContext
    );

#endif
#endif
View code on GitHub

#ifndef _NTZWAPI_H

NTSYSCALLAPI
NTSTATUS
NTAPI
ZwGetContextThread(
    _In_ HANDLE ThreadHandle,
    _Inout_ PCONTEXT ThreadContext
    );

#endif
View code on GitHub

NtDoc

Retrieves the context (set of registers) of the specified thread.

Parameters

ThreadHandle - a handle to a thread granting THREAD_GET_CONTEXT access.
ThreadContext - a pointer to a CONTEXT structure that receives the state of registers. Note: make sure to initialize the ContextFlags field of the structure with the bit mask defining which portion of the context to query.

GetThreadContext

NTinternals.net (undocumented.ntinternals.net)

pContext

See <ntddk.h> for information about CONTEXT structure usage.

Documented by

Tomasz Nowak

NtGetContextThread - NtDoc

NtDoc

Parameters

See also

NTinternals.net (undocumented.ntinternals.net)

pContext

Documented by

See also

NtDoc

Parameters

Related Win32 API

See also

NTinternals.net (undocumented.ntinternals.net)

pContext

Documented by

See also