Search This Blog

Thursday 28 August 2014

WinDbg : the k Command

WinDbg : k, kv, kn and many others

The k family of commands is to set the current stack trace.Various flags modify the output of the k command in various ways. 

kd> k
ChildEBP RetAddr  
91387b3c 92deb579 nt!KiTrap0E+0x2cf
WARNING: Stack unwind information not available. Following frames may be wrong.
91387bb8 92deb849 myfault+0x579
91387bc4 92deb8ac myfault+0x849
91387bfc 8263f593 myfault+0x8ac
91387c14 8283399f nt!IofCallDriver+0x63
91387c34 82836b71 nt!IopSynchronousServiceTail+0x1f8
91387cd0 8287d3f4 nt!IopXxxControlFile+0x6aa
91387d04 826461ea nt!NtDeviceIoControlFile+0x2a
91387d04 77be70b4 nt!KiFastCallEntry+0x12a
0012f930 77be5864 ntdll!KiFastSystemCallRet
0012f934 75d7989d ntdll!ZwDeviceIoControlFile+0xc
0012f994 7674a671 KERNELBASE!DeviceIoControl+0xf6
0012f9c0 00401bfb kernel32!DeviceIoControlImplementation+0x80
0012fa14 74b1e16e NotMyfault+0x1bfb
0012fa28 74b1e124 uxtheme!CPaintBuffer::PaintNextFrame+0x33
0012fa3c 74b10956 uxtheme!CPaintBufferPool::Impl::BufferedPaintRenderAnimation+0x33
0012fa54 74b10919 uxtheme!CPaintBufferPool::BufferedPaintRenderAnimation+0x27
0012fa74 74ca4df3 uxtheme!BufferedPaintRenderAnimation+0x2c
0012fad4 000201dc COMCTL32!Button_PaintDirectly+0x6e
0012fae4 74ca46ba 0x201dc
0012fb5c 7790c4e7 COMCTL32!Button_Paint+0x68
0012fb90 7790c4e7 USER32!InternalCallWinProc+0x23
0012fbbc 7790c5e7 USER32!InternalCallWinProc+0x23
0012fc34 77905294 USER32!UserCallWinProcCheckWow+0x14b
0012fc74 77905582 USER32!SendMessageWorker+0x4d0
0012fc94 74d24601 USER32!SendMessageW+0x7c
0012fcb4 74d24663 COMCTL32!Button_NotifyParent+0x3d
0012fcd0 74d244ed COMCTL32!Button_ReleaseCapture+0x113
0012fd30 7790c4e7 COMCTL32!Button_WndProc+0xa18
0012fd5c 7790c5e7 USER32!InternalCallWinProc+0x23
0012fdd4 7790cc19 USER32!UserCallWinProcCheckWow+0x14b
0012fe34 7790cc70 USER32!DispatchMessageWorker+0x35e
0012fe44 779041eb USER32!DispatchMessageW+0xf
0012fe68 77912073 USER32!IsDialogMessageW+0x588
0012fe88 00401f99 USER32!IsDialogMessageA+0x10c
0012fef8 004025bc NotMyfault+0x1f99
0012ff88 76753c45 NotMyfault+0x25bc
0012ff94 77c037f5 kernel32!BaseThreadInitThunk+0xe
0012ffd4 77c037c8 ntdll!__RtlUserThreadStart+0x70
0012ffec 00000000 ntdll!_RtlUserThreadStart+0x1b

Here is a list of flags which can be passed to the k command, and then the corresponding output of each of them for the same stack trace as above.

b Displays the first three parameters that are passed to each function in the stack trace.
c Displays a clean stack trace. Each display line includes only the module name and the function name.
p Displays all of the parameters for each function that is called in the stack trace. The parameter list includes each parameter's data type, name, and value. The p option is case sensitive. This parameter requires full symbol information.
P Displays all of the parameters for each function that is called in the stack trace, like the p parameter. However, for P, the function parameters are printed on a second line of the display, instead of on the same line as the rest of the data.
v Displays frame pointer omission (FPO) information. On x86-based processors, the display also includes calling convention information.
n Displays frame numbers.

f Displays the distance between adjacent frames. This distance is the number of bytes that separate the frames on the actual stack.

kd> kb
ChildEBP RetAddr  Args to Child              
91387b3c 92deb579 badb0d00 839a9240 940b3800 nt!KiTrap0E+0x2cf
WARNING: Stack unwind information not available. Following frames may be wrong.
91387bb8 92deb849 849bc610 91387bfc 92deb8ac myfault+0x579
91387bc4 92deb8ac 852540f0 00000001 00000000 myfault+0x849
91387bfc 8263f593 850bff08 849bc610 849bc610 myfault+0x8ac
91387c14 8283399f 852540f0 849bc610 849bc680 nt!IofCallDriver+0x63
91387c34 82836b71 850bff08 852540f0 00000000 nt!IopSynchronousServiceTail+0x1f8
91387cd0 8287d3f4 850bff08 849bc610 00000000 nt!IopXxxControlFile+0x6aa
91387d04 826461ea 000000bc 00000000 00000000 nt!NtDeviceIoControlFile+0x2a
91387d04 77be70b4 000000bc 00000000 00000000 nt!KiFastCallEntry+0x12a
0012f930 77be5864 75d7989d 000000bc 00000000 ntdll!KiFastSystemCallRet
0012f934 75d7989d 000000bc 00000000 00000000 ntdll!ZwDeviceIoControlFile+0xc
0012f994 7674a671 000000bc 83360018 00000000 KERNELBASE!DeviceIoControl+0xf6
0012f9c0 00401bfb 000000bc 83360018 00000000 kernel32!DeviceIoControlImplementation+0x80
0012fa14 74b1e16e 3501077e 0000003e 005aca20 NotMyfault+0x1bfb
0012fa28 74b1e124 3501077e 00000001 005aca20 uxtheme!CPaintBuffer::PaintNextFrame+0x33
0012fa3c 74b10956 000201be 3501077e 000201be uxtheme!CPaintBufferPool::Impl::BufferedPaintRenderAnimation+0x33
0012fa54 74b10919 00000001 74b10923 00619db8 uxtheme!CPaintBufferPool::BufferedPaintRenderAnimation+0x27
0012fa74 74ca4df3 000201be 3501077e 000201be uxtheme!BufferedPaintRenderAnimation+0x2c
0012fad4 000201dc 00000215 00000000 0012fad4 COMCTL32!Button_PaintDirectly+0x6e
0012fae4 74ca46ba 0012fbf0 7795629b 6935b60e 0x201dc
0012fb5c 7790c4e7 000201dc 00000215 00000000 COMCTL32!Button_Paint+0x68
0012fb90 7790c4e7 00030198 00000111 00000001 USER32!InternalCallWinProc+0x23
0012fbbc 7790c5e7 004019f0 00030198 00000111 USER32!InternalCallWinProc+0x23
0012fc34 77905294 00000000 004019f0 00030198 USER32!UserCallWinProcCheckWow+0x14b
0012fc74 77905582 0071a5a8 0071ad10 00000001 USER32!SendMessageWorker+0x4d0
0012fc94 74d24601 00030198 00000111 00000001 USER32!SendMessageW+0x7c
0012fcb4 74d24663 00619788 00000000 000201dc COMCTL32!Button_NotifyParent+0x3d
0012fcd0 74d244ed 50010001 00000001 0012fdac COMCTL32!Button_ReleaseCapture+0x113
0012fd30 7790c4e7 000201dc 00000202 00000000 COMCTL32!Button_WndProc+0xa18
0012fd5c 7790c5e7 74cab495 000201dc 00000202 USER32!InternalCallWinProc+0x23
0012fdd4 7790cc19 00000000 74cab495 000201dc USER32!UserCallWinProcCheckWow+0x14b
0012fe34 7790cc70 74cab495 00000000 0012fe68 USER32!DispatchMessageWorker+0x35e
0012fe44 779041eb 0012feb0 0012feb0 0012feb8 USER32!DispatchMessageW+0xf
0012fe68 77912073 00030198 00719588 77901899 USER32!IsDialogMessageW+0x588
0012fe88 00401f99 00030198 0012feb0 fffffffe USER32!IsDialogMessageA+0x10c
0012fef8 004025bc 00400000 00000000 00601f80 NotMyfault+0x1f99
0012ff88 76753c45 7ffd4000 0012ffd4 77c037f5 NotMyfault+0x25bc
0012ff94 77c037f5 7ffd4000 77d50676 00000000 kernel32!BaseThreadInitThunk+0xe
0012ffd4 77c037c8 00402627 7ffd4000 00000000 ntdll!__RtlUserThreadStart+0x70

0012ffec 00000000 00402627 7ffd4000 00000000 ntdll!_RtlUserThreadStart+0x1b

kd> kc

nt!KiTrap0E
WARNING: Stack unwind information not available. Following frames may be wrong.
myfault
myfault
myfault
nt!IofCallDriver
nt!IopSynchronousServiceTail
nt!IopXxxControlFile
nt!NtDeviceIoControlFile
nt!KiFastCallEntry
ntdll!KiFastSystemCallRet
ntdll!ZwDeviceIoControlFile
KERNELBASE!DeviceIoControl
kernel32!DeviceIoControlImplementation
NotMyfault
uxtheme!CPaintBuffer::PaintNextFrame
uxtheme!CPaintBufferPool::Impl::BufferedPaintRenderAnimation
uxtheme!CPaintBufferPool::BufferedPaintRenderAnimation
uxtheme!BufferedPaintRenderAnimation
COMCTL32!Button_PaintDirectly
0x0
COMCTL32!Button_Paint
USER32!InternalCallWinProc
USER32!InternalCallWinProc
USER32!UserCallWinProcCheckWow
USER32!SendMessageWorker
USER32!SendMessageW
COMCTL32!Button_NotifyParent
COMCTL32!Button_ReleaseCapture
COMCTL32!Button_WndProc
USER32!InternalCallWinProc
USER32!UserCallWinProcCheckWow
USER32!DispatchMessageWorker
USER32!DispatchMessageW
USER32!IsDialogMessageW
USER32!IsDialogMessageA
NotMyfault
NotMyfault
kernel32!BaseThreadInitThunk
ntdll!__RtlUserThreadStart

ntdll!_RtlUserThreadStart

kd> kp
ChildEBP RetAddr  
91387b3c 92deb579 nt!KiTrap0E+0x2cf
WARNING: Stack unwind information not available. Following frames may be wrong.
91387bb8 92deb849 myfault+0x579
91387bc4 92deb8ac myfault+0x849
91387bfc 8263f593 myfault+0x8ac
91387c14 8283399f nt!IofCallDriver+0x63
91387c34 82836b71 nt!IopSynchronousServiceTail+0x1f8
91387cd0 8287d3f4 nt!IopXxxControlFile+0x6aa
91387d04 826461ea nt!NtDeviceIoControlFile+0x2a
91387d04 77be70b4 nt!KiFastCallEntry+0x12a
0012f930 77be5864 ntdll!KiFastSystemCallRet
0012f934 75d7989d ntdll!ZwDeviceIoControlFile+0xc
0012f994 7674a671 KERNELBASE!DeviceIoControl+0xf6
0012f9c0 00401bfb kernel32!DeviceIoControlImplementation+0x80
0012fa14 74b1e16e NotMyfault+0x1bfb
0012fa28 74b1e124 uxtheme!CPaintBuffer::PaintNextFrame(struct HDC__ * hdc = 0x3501077e)+0x33
0012fa3c 74b10956 uxtheme!CPaintBufferPool::Impl::BufferedPaintRenderAnimation(struct HWND__ * hwnd = 0x000201be, struct HDC__ * hdc = 0x3501077e)+0x33
0012fa54 74b10919 uxtheme!CPaintBufferPool::BufferedPaintRenderAnimation(struct HWND__ * hwnd = 0x00000001, struct HDC__ * hdcTarget = 0x74b10923)+0x27
0012fa74 74ca4df3 uxtheme!BufferedPaintRenderAnimation(struct HWND__ * hwnd = 0x000201be, struct HDC__ * hdcTarget = 0x3501077e)+0x2c
0012fad4 000201dc COMCTL32!Button_PaintDirectly+0x6e
0012fae4 74ca46ba 0x201dc
0012fb5c 7790c4e7 COMCTL32!Button_Paint+0x68
0012fb90 7790c4e7 USER32!InternalCallWinProc+0x23
0012fbbc 7790c5e7 USER32!InternalCallWinProc+0x23
0012fc34 77905294 USER32!UserCallWinProcCheckWow+0x14b
0012fc74 77905582 USER32!SendMessageWorker+0x4d0
0012fc94 74d24601 USER32!SendMessageW+0x7c
0012fcb4 74d24663 COMCTL32!Button_NotifyParent+0x3d
0012fcd0 74d244ed COMCTL32!Button_ReleaseCapture+0x113
0012fd30 7790c4e7 COMCTL32!Button_WndProc+0xa18
0012fd5c 7790c5e7 USER32!InternalCallWinProc+0x23
0012fdd4 7790cc19 USER32!UserCallWinProcCheckWow+0x14b
0012fe34 7790cc70 USER32!DispatchMessageWorker+0x35e
0012fe44 779041eb USER32!DispatchMessageW+0xf
0012fe68 77912073 USER32!IsDialogMessageW+0x588
0012fe88 00401f99 USER32!IsDialogMessageA+0x10c
0012fef8 004025bc NotMyfault+0x1f99
0012ff88 76753c45 NotMyfault+0x25bc
0012ff94 77c037f5 kernel32!BaseThreadInitThunk+0xe
0012ffd4 77c037c8 ntdll!__RtlUserThreadStart+0x70

0012ffec 00000000 ntdll!_RtlUserThreadStart+0x1b

kd> kP
ChildEBP RetAddr  
91387b3c 92deb579 nt!KiTrap0E+0x2cf
WARNING: Stack unwind information not available. Following frames may be wrong.
91387bb8 92deb849 myfault+0x579
91387bc4 92deb8ac myfault+0x849
91387bfc 8263f593 myfault+0x8ac
91387c14 8283399f nt!IofCallDriver+0x63
91387c34 82836b71 nt!IopSynchronousServiceTail+0x1f8
91387cd0 8287d3f4 nt!IopXxxControlFile+0x6aa
91387d04 826461ea nt!NtDeviceIoControlFile+0x2a
91387d04 77be70b4 nt!KiFastCallEntry+0x12a
0012f930 77be5864 ntdll!KiFastSystemCallRet
0012f934 75d7989d ntdll!ZwDeviceIoControlFile+0xc
0012f994 7674a671 KERNELBASE!DeviceIoControl+0xf6
0012f9c0 00401bfb kernel32!DeviceIoControlImplementation+0x80
0012fa14 74b1e16e NotMyfault+0x1bfb
0012fa28 74b1e124 uxtheme!CPaintBuffer::PaintNextFrame(
struct HDC__ * hdc = 0x3501077e)+0x33
0012fa3c 74b10956 uxtheme!CPaintBufferPool::Impl::BufferedPaintRenderAnimation(
struct HWND__ * hwnd = 0x000201be, 
struct HDC__ * hdc = 0x3501077e)+0x33
0012fa54 74b10919 uxtheme!CPaintBufferPool::BufferedPaintRenderAnimation(
struct HWND__ * hwnd = 0x00000001, 
struct HDC__ * hdcTarget = 0x74b10923)+0x27
0012fa74 74ca4df3 uxtheme!BufferedPaintRenderAnimation(
struct HWND__ * hwnd = 0x000201be, 
struct HDC__ * hdcTarget = 0x3501077e)+0x2c
0012fad4 000201dc COMCTL32!Button_PaintDirectly+0x6e
0012fae4 74ca46ba 0x201dc
0012fb5c 7790c4e7 COMCTL32!Button_Paint+0x68
0012fb90 7790c4e7 USER32!InternalCallWinProc+0x23
0012fbbc 7790c5e7 USER32!InternalCallWinProc+0x23
0012fc34 77905294 USER32!UserCallWinProcCheckWow+0x14b
0012fc74 77905582 USER32!SendMessageWorker+0x4d0
0012fc94 74d24601 USER32!SendMessageW+0x7c
0012fcb4 74d24663 COMCTL32!Button_NotifyParent+0x3d
0012fcd0 74d244ed COMCTL32!Button_ReleaseCapture+0x113
0012fd30 7790c4e7 COMCTL32!Button_WndProc+0xa18
0012fd5c 7790c5e7 USER32!InternalCallWinProc+0x23
0012fdd4 7790cc19 USER32!UserCallWinProcCheckWow+0x14b
0012fe34 7790cc70 USER32!DispatchMessageWorker+0x35e
0012fe44 779041eb USER32!DispatchMessageW+0xf
0012fe68 77912073 USER32!IsDialogMessageW+0x588
0012fe88 00401f99 USER32!IsDialogMessageA+0x10c
0012fef8 004025bc NotMyfault+0x1f99
0012ff88 76753c45 NotMyfault+0x25bc
0012ff94 77c037f5 kernel32!BaseThreadInitThunk+0xe
0012ffd4 77c037c8 ntdll!__RtlUserThreadStart+0x70

0012ffec 00000000 ntdll!_RtlUserThreadStart+0x1b

kd> kv
ChildEBP RetAddr  Args to Child              
91387b3c 92deb579 badb0d00 839a9240 940b3800 nt!KiTrap0E+0x2cf (FPO: [0,0] TrapFrame @ 91387b3c)
WARNING: Stack unwind information not available. Following frames may be wrong.
91387bb8 92deb849 849bc610 91387bfc 92deb8ac myfault+0x579
91387bc4 92deb8ac 852540f0 00000001 00000000 myfault+0x849
91387bfc 8263f593 850bff08 849bc610 849bc610 myfault+0x8ac
91387c14 8283399f 852540f0 849bc610 849bc680 nt!IofCallDriver+0x63
91387c34 82836b71 850bff08 852540f0 00000000 nt!IopSynchronousServiceTail+0x1f8
91387cd0 8287d3f4 850bff08 849bc610 00000000 nt!IopXxxControlFile+0x6aa
91387d04 826461ea 000000bc 00000000 00000000 nt!NtDeviceIoControlFile+0x2a
91387d04 77be70b4 000000bc 00000000 00000000 nt!KiFastCallEntry+0x12a (FPO: [0,3] TrapFrame @ 91387d34)
0012f930 77be5864 75d7989d 000000bc 00000000 ntdll!KiFastSystemCallRet (FPO: [0,0,0])
0012f934 75d7989d 000000bc 00000000 00000000 ntdll!ZwDeviceIoControlFile+0xc (FPO: [10,0,0])
0012f994 7674a671 000000bc 83360018 00000000 KERNELBASE!DeviceIoControl+0xf6 (FPO: [Non-Fpo])
0012f9c0 00401bfb 000000bc 83360018 00000000 kernel32!DeviceIoControlImplementation+0x80 (FPO: [Non-Fpo])
0012fa14 74b1e16e 3501077e 0000003e 005aca20 NotMyfault+0x1bfb
0012fa28 74b1e124 3501077e 00000001 005aca20 uxtheme!CPaintBuffer::PaintNextFrame+0x33 (FPO: [Non-Fpo]) (CONV: thiscall)
0012fa3c 74b10956 000201be 3501077e 000201be uxtheme!CPaintBufferPool::Impl::BufferedPaintRenderAnimation+0x33 (FPO: [Non-Fpo]) (CONV: thiscall)
0012fa54 74b10919 00000001 74b10923 00619db8 uxtheme!CPaintBufferPool::BufferedPaintRenderAnimation+0x27 (FPO: [Non-Fpo]) (CONV: thiscall)
0012fa74 74ca4df3 000201be 3501077e 000201be uxtheme!BufferedPaintRenderAnimation+0x2c (FPO: [Non-Fpo]) (CONV: stdcall)
0012fad4 000201dc 00000215 00000000 0012fad4 COMCTL32!Button_PaintDirectly+0x6e (FPO: [Non-Fpo])
0012fae4 74ca46ba 0012fbf0 7795629b 6935b60e 0x201dc
0012fb5c 7790c4e7 000201dc 00000215 00000000 COMCTL32!Button_Paint+0x68 (FPO: [Non-Fpo])
0012fb90 7790c4e7 00030198 00000111 00000001 USER32!InternalCallWinProc+0x23
0012fbbc 7790c5e7 004019f0 00030198 00000111 USER32!InternalCallWinProc+0x23
0012fc34 77905294 00000000 004019f0 00030198 USER32!UserCallWinProcCheckWow+0x14b (FPO: [Non-Fpo])
0012fc74 77905582 0071a5a8 0071ad10 00000001 USER32!SendMessageWorker+0x4d0 (FPO: [Non-Fpo])
0012fc94 74d24601 00030198 00000111 00000001 USER32!SendMessageW+0x7c (FPO: [Non-Fpo])
0012fcb4 74d24663 00619788 00000000 000201dc COMCTL32!Button_NotifyParent+0x3d (FPO: [Non-Fpo])
0012fcd0 74d244ed 50010001 00000001 0012fdac COMCTL32!Button_ReleaseCapture+0x113 (FPO: [Non-Fpo])
0012fd30 7790c4e7 000201dc 00000202 00000000 COMCTL32!Button_WndProc+0xa18 (FPO: [Non-Fpo])
0012fd5c 7790c5e7 74cab495 000201dc 00000202 USER32!InternalCallWinProc+0x23
0012fdd4 7790cc19 00000000 74cab495 000201dc USER32!UserCallWinProcCheckWow+0x14b (FPO: [Non-Fpo])
0012fe34 7790cc70 74cab495 00000000 0012fe68 USER32!DispatchMessageWorker+0x35e (FPO: [Non-Fpo])
0012fe44 779041eb 0012feb0 0012feb0 0012feb8 USER32!DispatchMessageW+0xf (FPO: [Non-Fpo])
0012fe68 77912073 00030198 00719588 77901899 USER32!IsDialogMessageW+0x588 (FPO: [Non-Fpo])
0012fe88 00401f99 00030198 0012feb0 fffffffe USER32!IsDialogMessageA+0x10c (FPO: [Non-Fpo])
0012fef8 004025bc 00400000 00000000 00601f80 NotMyfault+0x1f99
0012ff88 76753c45 7ffd4000 0012ffd4 77c037f5 NotMyfault+0x25bc
0012ff94 77c037f5 7ffd4000 77d50676 00000000 kernel32!BaseThreadInitThunk+0xe (FPO: [Non-Fpo])
0012ffd4 77c037c8 00402627 7ffd4000 00000000 ntdll!__RtlUserThreadStart+0x70 (FPO: [Non-Fpo])
0012ffec 00000000 00402627 7ffd4000 00000000 ntdll!_RtlUserThreadStart+0x1b (FPO: [Non-Fpo])

kd> kn
 # ChildEBP RetAddr  
00 91387b3c 92deb579 nt!KiTrap0E+0x2cf
WARNING: Stack unwind information not available. Following frames may be wrong.
01 91387bb8 92deb849 myfault+0x579
02 91387bc4 92deb8ac myfault+0x849
03 91387bfc 8263f593 myfault+0x8ac
04 91387c14 8283399f nt!IofCallDriver+0x63
05 91387c34 82836b71 nt!IopSynchronousServiceTail+0x1f8
06 91387cd0 8287d3f4 nt!IopXxxControlFile+0x6aa
07 91387d04 826461ea nt!NtDeviceIoControlFile+0x2a
08 91387d04 77be70b4 nt!KiFastCallEntry+0x12a
09 0012f930 77be5864 ntdll!KiFastSystemCallRet
0a 0012f934 75d7989d ntdll!ZwDeviceIoControlFile+0xc
0b 0012f994 7674a671 KERNELBASE!DeviceIoControl+0xf6
0c 0012f9c0 00401bfb kernel32!DeviceIoControlImplementation+0x80
0d 0012fa14 74b1e16e NotMyfault+0x1bfb
0e 0012fa28 74b1e124 uxtheme!CPaintBuffer::PaintNextFrame+0x33
0f 0012fa3c 74b10956 uxtheme!CPaintBufferPool::Impl::BufferedPaintRenderAnimation+0x33
10 0012fa54 74b10919 uxtheme!CPaintBufferPool::BufferedPaintRenderAnimation+0x27
11 0012fa74 74ca4df3 uxtheme!BufferedPaintRenderAnimation+0x2c
12 0012fad4 000201dc COMCTL32!Button_PaintDirectly+0x6e
13 0012fae4 74ca46ba 0x201dc
14 0012fb5c 7790c4e7 COMCTL32!Button_Paint+0x68
15 0012fb90 7790c4e7 USER32!InternalCallWinProc+0x23
16 0012fbbc 7790c5e7 USER32!InternalCallWinProc+0x23
17 0012fc34 77905294 USER32!UserCallWinProcCheckWow+0x14b
18 0012fc74 77905582 USER32!SendMessageWorker+0x4d0
19 0012fc94 74d24601 USER32!SendMessageW+0x7c
1a 0012fcb4 74d24663 COMCTL32!Button_NotifyParent+0x3d
1b 0012fcd0 74d244ed COMCTL32!Button_ReleaseCapture+0x113
1c 0012fd30 7790c4e7 COMCTL32!Button_WndProc+0xa18
1d 0012fd5c 7790c5e7 USER32!InternalCallWinProc+0x23
1e 0012fdd4 7790cc19 USER32!UserCallWinProcCheckWow+0x14b
1f 0012fe34 7790cc70 USER32!DispatchMessageWorker+0x35e
20 0012fe44 779041eb USER32!DispatchMessageW+0xf
21 0012fe68 77912073 USER32!IsDialogMessageW+0x588
22 0012fe88 00401f99 USER32!IsDialogMessageA+0x10c
23 0012fef8 004025bc NotMyfault+0x1f99
24 0012ff88 76753c45 NotMyfault+0x25bc
25 0012ff94 77c037f5 kernel32!BaseThreadInitThunk+0xe
26 0012ffd4 77c037c8 ntdll!__RtlUserThreadStart+0x70

27 0012ffec 00000000 ntdll!_RtlUserThreadStart+0x1b

There is a kd option as well, this dumps the raw stack trace one dword frame at a time. It also resolves frame symbols if available. It is equivalent to the dds command.

A word of caution while using the dds or kd commands. The debugger would not know where to stop the stack trace, so the output would be long and might contains remains from previous stack usage. This is because zeroing out memory is a costly operation and most compilers would not zero out the stack after it is torn down. We will see more of this topic when in posts which deal with stack reconstruction and stack walking.



No comments:

Post a Comment