我试图走另一个进程的堆栈,但遗憾的是StackWalk64似乎并没有为某些功能工作。作为示例,下面的调用堆栈用于调用' getchar'在我的调试器中看起来像这样:
000000007388e492() Unknown
avcuf64.dll!00000000728da2f2() Unknown
avcuf64.dll!000000007288bd94() Unknown
0000000073880872() Unknown
KernelBase.dll!00007ffb604083a8() Unknown
msvcr120d.dll!00007ffb40261188() Unknown
msvcr120d.dll!00007ffb4026052c() Unknown
msvcr120d.dll!00007ffb4017348e() Unknown
msvcr120d.dll!00007ffb401711f9() Unknown
msvcr120d.dll!00007ffb4017123d() Unknown
msvcr120d.dll!00007ffb40171259() Unknown (This is getchar)
Performance.exe!main() Line 54 C++
Performance.exe!__tmainCRTStartup() Line 626 C
Performance.exe!mainCRTStartup() Line 466 C
kernel32.dll!00007ffb62db13d2() Unknown
ntdll.dll!00007ffb631a03c4() Unknown
然而,StackWalk64在0000000073880872函数处失败,因为我没有有效的debugHlp,因为这段代码不在加载的模块中。我认为这与我的防病毒软件&avcuf64.dll'生成代码。
所以无论如何我决定尝试手动执行此操作但是使用RtlLookupFunctionEntry和RtlVirtualUnwind手动执行堆栈的标准方法似乎对于处理不同进程中的线程无效。有没有人知道这是否属实,如果是,你可以做什么而不是获取不同进程的展开元数据?
这是在不同的Win7机器上面看起来的样子(上面是Win8.1)没有键盘记录保护和符号解决(一旦我有机会我用符号解决上述问题):< / p>
ntdll.dll!ZwRequestWaitReplyPort() Unknown
kernel32.dll!ConsoleClientCallServer() Unknown
kernel32.dll!ReadConsoleInternal() Unknown
kernel32.dll!ReadConsoleA() Unknown
kernel32.dll!TlsGetValue() Unknown
msvcr110d.dll!_read_nolock(int fh, void * inputbuf, unsigned int cnt) Line 251 C
msvcr110d.dll!_read(int fh, void * buf, unsigned int cnt) Line 92 C
msvcr110d.dll!_filbuf(_iobuf * str) Line 136 C
msvcr110d.dll!getc(_iobuf * stream) Line 75 C
msvcr110d.dll!_fgetchar() Line 38 C
msvcr110d.dll!getchar() Line 47 C
Test.exe!main() Line 7 C++
Test.exe!__tmainCRTStartup() Line 536 C
Test.exe!mainCRTStartup() Line 377 C
kernel32.dll!BaseThreadInitThunk() Unknown
ntdll.dll!RtlUserThreadStart() Unknown