Getting the EBP of a thread in a different process

I was wondering if there's a way to obtain the EBP of a thread in a different process (in C++ on windows) other than using "GetThreadContext". I susp开发者_JS百科ect that this method takes too much time (I use it a lot) and if I could get just the EBP and not all the values of CONTEXT, it would be faster.

I was thinking of using "ReadProcessMemory" and then getting the EBP with the rest of the callstack, but I don't where the stack should be and from where should I get it.

If anybody knows a better way, I'd be happy to hear about it.

thanks :)

The running value of EBP of another thread is, of course, in the EBP register if the thread is running. If it's not running, it's saved away by the scheduler in the kernel. GetThreadContext is retrieving what's in the kernel; nothing else will be faster.

The performance situation is worse than I understood when I wrote this. If the thread is running, the kernel uses the APC mechanism to grab an up-to-date value for you. This is not speedy, but there's no other alternative API.

GetThreadContext is going to be the only way, because EBP is a register; the processor saves it away when it does a context switch. The only way to read the registers of a thread are with GetThreadContext.

Of course, there's no guarantee that EBP has the value you want in it... functions compiled with frame pointer omission won't reliably have EBP set to the frame pointer of the current call frame.

If you're just looking for a stack trace (the most common reason to want an EBP to start with), might I suggest StackWalk64?