GetThreadContext fails after a successful SuspendT

2020-02-09 02:04发布

问题:

I'm encountering an odd issue on a sampling profiler in Windows 7 (no such issues AFAICT on previous Windows OSes, be they 32 or 64 bit).

The profiler works by periodically suspending a thread with SuspendThread, then looks at the context with GetThreadContext, before invoking ResumeThread to restart the process. All this is done from the context of the thread of a multimedia timer (for accuracy, at about 1kHZ, which on pre-Windows 7 OSes usually incurs a negligible performance penalty).

Under Windows 7, and Windows 7 only, even though the calls to SuspendThread (and ResumeThread) all succeed, the calls to GetThreadContext fail with error:

ERROR_NOACCESS
998 (0x3E6)
Invalid access to memory location.

with a very high likeliness, though not all the time.

By that I mean that for some profiling runs, everything will work as it does on other OSes (all the GetThreadContext calls will succeed), but for other runs, they will almost all fail (save a dozen maybe, out of tens of thousandths). It's happening with the exact same binaries, the same parameters.

I've tried suggestions on vaguely similar looking issues to repeat the GetThreadContext call, with no more success. I've also tried doing a Sleep between the SuspendThread and GetThreadContext, then the GetThreadContext succeeds more often, though it results in drastic slowdowns.

It suggests however that Windows 7 OS is returning from SuspendThread while the thread has probably not been suspended yet - though, if that's the case, I've no idea how or if to properly wait on the suspension, looping in the thread and pounding GetThreadContext doesn't do it.

Edit: 16 byte aligning the address of the CONTEXT structure for GetThreadContext as suggested by Dan Bartlett seems to be doing the trick!

回答1:

Looking at the GetThreadContext function, it mentions that

The CONTEXT structure is highly processor specific. Refer to the WinNt.h header file for processor-specific definitions of this structures and any alignment requirements.

And looking at this file, _CONTEXT is declared with

typedef struct DECLSPEC_ALIGN(16) _CONTEXT {
...

So it's possible it could be an alignment issue.