Windows x64堆栈走

时间:2015-02-01 23:29:14

标签: c++ windows stack stack-trace

我试图走另一个进程的堆栈,但遗憾的是StackWalk64似乎并没有为某些功能工作。作为示例,下面的调用堆栈用于调用' getchar'在我的调试器中看起来像这样:

000000007388e492()  Unknown
avcuf64.dll!00000000728da2f2()  Unknown
avcuf64.dll!000000007288bd94()  Unknown
0000000073880872()  Unknown
KernelBase.dll!00007ffb604083a8()   Unknown
msvcr120d.dll!00007ffb40261188()    Unknown
msvcr120d.dll!00007ffb4026052c()    Unknown
msvcr120d.dll!00007ffb4017348e()    Unknown
msvcr120d.dll!00007ffb401711f9()    Unknown
msvcr120d.dll!00007ffb4017123d()    Unknown
msvcr120d.dll!00007ffb40171259()    Unknown  (This is getchar)
Performance.exe!main() Line 54  C++
Performance.exe!__tmainCRTStartup() Line 626    C
Performance.exe!mainCRTStartup() Line 466   C
kernel32.dll!00007ffb62db13d2() Unknown
ntdll.dll!00007ffb631a03c4()    Unknown

然而,StackWalk64在0000000073880872函数处失败,因为我没有有效的debugHlp,因为这段代码不在加载的模块中。我认为这与我的防病毒软件&avcuf64.dll'生成代码。

所以无论如何我决定尝试手动执行此操作但是使用RtlLookupFunctionEntry和RtlVirtualUnwind手动执行堆栈的标准方法似乎对于处理不同进程中的线程无效。有没有人知道这是否属实,如果是,你可以做什么而不是获取不同进程的展开元数据?

这是在不同的Win7机器上面看起来的样子(上面是Win8.1)没有键盘记录保护和符号解决(一旦我有机会我用符号解决上述问题):< / p>

ntdll.dll!ZwRequestWaitReplyPort()  Unknown
kernel32.dll!ConsoleClientCallServer()  Unknown
kernel32.dll!ReadConsoleInternal()  Unknown
kernel32.dll!ReadConsoleA() Unknown
kernel32.dll!TlsGetValue()  Unknown
msvcr110d.dll!_read_nolock(int fh, void * inputbuf, unsigned int cnt) Line 251  C
msvcr110d.dll!_read(int fh, void * buf, unsigned int cnt) Line 92   C
msvcr110d.dll!_filbuf(_iobuf * str) Line 136    C
msvcr110d.dll!getc(_iobuf * stream) Line 75 C
msvcr110d.dll!_fgetchar() Line 38   C
msvcr110d.dll!getchar() Line 47 C
Test.exe!main() Line 7  C++
Test.exe!__tmainCRTStartup() Line 536   C
Test.exe!mainCRTStartup() Line 377  C
kernel32.dll!BaseThreadInitThunk()  Unknown
ntdll.dll!RtlUserThreadStart()  Unknown

0 个答案:

没有答案