获取第一个堆栈帧的帧指针偏移量

Question

我需要获取所有堆栈帧的基址和顶层地址，以获取我为windbg编写的扩展。举个例子，这就是我得到的：

(0) ip= 0x779e5604, ret= 0x779cda0d, frame= 0x23c79c, stack= 0x23c79c
(1) ip= 0x779cda0d, ret= 0x779b19f5, frame= 0x23c7b4, stack= 0x23c7a4
(2) ip= 0x779b19f5, ret= 0x779e665f, frame= 0x23c7d4, stack= 0x23c7bc
(3) ip= 0x779e665f, ret= 0x779aa0aa, frame= 0x23c81c, stack= 0x23c7dc
(4) ip= 0x779aa0aa, ret= 0x779765a6, frame= 0x23c910, stack= 0x23c824
(5) ip= 0x779765a6, ret= 0x7679bbe4, frame= 0x23c930, stack= 0x23c918
(6) ip= 0x7679bbe4, ret= 0x57cd4c39, frame= 0x23c944, stack= 0x23c938
(7) ip= 0x57cd4c39, ret= 0x53c6c74e, frame= 0x23c990, stack= 0x23c94c
(8) ip= 0x53c6c74e, ret= 0x53dc42d7, frame= 0x23d5a4, stack= 0x23c998
(9) ip= 0x53dc42d7, ret= 0x53bc17b0, frame= 0x23d658, stack= 0x23d5ac
(10) ip= 0x53bc17b0, ret= 0x57cf9321, frame= 0x23d85c, stack= 0x23d660
(11) ip= 0x57cf9321, ret= 0x53daf2da, frame= 0x23d9a4, stack= 0x23d864
(12) ip= 0x53daf2da, ret= 0x53d9bce5, frame= 0x23da3c, stack= 0x23d9ac
(13) ip= 0x53d9bce5, ret= 0x53cc427c, frame= 0x23dacc, stack= 0x23da44
(14) ip= 0x53cc427c, ret= 0x53ebd9e1, frame= 0x23db14, stack= 0x23dad4
(15) ip= 0x53ebd9e1, ret= 0x53d8b86f, frame= 0x23db30, stack= 0x23db1c
(16) ip= 0x53d8b86f, ret= 0x53cc439d, frame= 0x23db4c, stack= 0x23db38
(17) ip= 0x53cc439d, ret= 0x53d8b86f, frame= 0x23db94, stack= 0x23db54
(18) ip= 0x53d8b86f, ret= 0x53cc439d, frame= 0x23dbb0, stack= 0x23db9c
(19) ip= 0x53cc439d, ret= 0x53d8e4b6, frame= 0x23dbf8, stack= 0x23dbb8
(20) ip= 0x53d8e4b6, ret= 0x53d8f815, frame= 0x23dc40, stack= 0x23dc00
(21) ip= 0x53d8f815, ret= 0x53cc68f5, frame= 0x23dd00, stack= 0x23dc48
(22) ip= 0x53cc68f5, ret= 0x53ff9c4c, frame= 0x23dd5c, stack= 0x23dd08
(23) ip= 0x53ff9c4c, ret= 0x53cc98e8, frame= 0x23dddc, stack= 0x23dd64
(24) ip= 0x53cc98e8, ret= 0x53e6556e, frame= 0x23de14, stack= 0x23dde4
(25) ip= 0x53e6556e, ret= 0x53ccfe4b, frame= 0x23df50, stack= 0x23de1c
(26) ip= 0x53ccfe4b, ret= 0x0, frame= 0x0, stack= 0x23df58

  

ESP = 0023c79c EBP = 0023c79c

好的，所以根据这里的msdn文档，如果FrameOffset为零，则应使用当前帧指针，如果StackOffset为零，则应使用当前堆栈指针：

http://msdn.microsoft.com/en-us/library/windows/hardware/ff548425%28v=vs.85%29.aspx

现在对于上面示例中的第一帧或帧＃26，它将帧偏移显示为零，但是当前帧偏移EBP是0023c79c，它指的是堆栈的顶部，因此不能对应帧＃26的帧偏移。那么我究竟应该如何找到堆栈帧的基础＃26？

另一个问题是，在windbg中运行!teb会给我以下堆栈范围：

StackBase:            00240000
StackLimit:           0022e000

现在，在第26个堆栈帧指针和堆栈基址之间的8360字节（240000 - 23df58）中究竟是什么？它全部由第26个堆栈框架本身组成，还是之间还有其他东西？ （除了ret和ebp）