.......
it still calls getthreadcontext to obtain the current value of eip but instead of overwriting the "jmp $" instruction, it increments the value of regeip by 2 to "skip over" the instruction. the result is that when the debuggee regains control , it resumes execution at the next instruction after "jmp $".
