the SegCs is not initialized in allocated Contexts by initContexts.
at line 153: *contexts[i] = *contexts[11]; have no any sense - all records anyway not initialized at this point and all zero.
only after line 265: Status = pApi->ntdll.NtGetContextThread( WaitThd, Contexts[11] ); record 11 is init ( in particular SegCs).
after this, but not before, exist sense in *Contexts[i] = *Contexts[11] in loop.
in current code in other (i !=11) records, SegCs == 0 , despite it must be set to correct value if we set CONTEXT_CONTROL ( part of CONTEXT_FULL ). which effect this have ? on windows 10, begin from some version, this work ok, but before - first 10 versions, win 8.1 etc, after NtContinue code is crashing - the SegCs value is 0x23 instead 0x33, and Rip/Rsp is trancated to 32bit values
also instead N time allocate sizeof(CONTEXT) (and then free it N time) why not allocate 1 time N*sizeof(CONTEXT) and free it also only once
the
SegCsis not initialized in allocatedContextsbyinitContexts.at line 153:
*contexts[i] = *contexts[11];have no any sense - all records anyway not initialized at this point and all zero.only after line 265:
Status = pApi->ntdll.NtGetContextThread( WaitThd, Contexts[11] );record 11 is init ( in particular SegCs).after this, but not before, exist sense in
*Contexts[i] = *Contexts[11]in loop.in current code in other (i !=11) records,
SegCs == 0, despite it must be set to correct value if we setCONTEXT_CONTROL( part ofCONTEXT_FULL). which effect this have ? on windows 10, begin from some version, this work ok, but before - first 10 versions, win 8.1 etc, afterNtContinuecode is crashing - theSegCsvalue is0x23instead0x33, andRip/Rspis trancated to 32bit valuesalso instead
Ntime allocatesizeof(CONTEXT)(and then free itNtime) why not allocate 1 timeN*sizeof(CONTEXT)and free it also only once