步骤:
1. 调用RtlCaptureContext函数(MSDN)获取上下文(context)。
2. 把寄存器地址填充到STACKFRAME结构中。
3. 循环调用StackWalk64函数(MSDN)回溯调用栈(call stack)。
4. 调用SymFromAddr函数(MSDN)获得符号(symbol),再调用SymGetLineFromAddr64函数(MSDN)获取源码地址与行号。
Sample:
void dumpStack(void)
{
const UINT max_name_length = 256; // Max length of symbols' name.
CONTEXT context; // Store register addresses.
STACKFRAME64 stackframe; // Call stack.
HANDLE process,thread; // Handle to current process & thread.
// Generally it can be subsitituted with 0xFFFFFFFF & 0xFFFFFFFE.
PSYMBOL_INFO symbol; // Debugging symbol's information.
IMAGEHLP_LINE64 source_info; // Source information (file name & line number)
DWORD displacement; // Source line displacement.
// Initialize PSYMBOL_INFO structure.
// Allocate a properly-sized block.
symbol = (PSYMBOL_INFO)malloc(sizeof(SYMBOL_INFO) + (max_name_length - 1) * sizeof(TCHAR));
memset(symbol,sizeof(SYMBOL_INFO) + (max_name_length - 1) * sizeof(TCHAR));
symbol->SizeOfStruct = sizeof(SYMBOL_INFO); // SizeOfStruct *MUST BE* set to sizeof(SYMBOL_INFO).
symbol->MaxNameLen = max_name_length;
// Initialize IMAGEHLP_LINE64 structure.
memset(&source_info,sizeof(IMAGEHLP_LINE64));
source_info.SizeOfStruct = sizeof(IMAGEHLP_LINE64);
// Initialize STACKFRAME64 structure.
RtlCaptureContext(&context); // Get context.
memset(&stackframe,sizeof(STACKFRAME64));
stackframe.AddrPC.Offset = context.Eip; // Fill in register addresses (EIP,ESP,EBP).
stackframe.AddrPC.Mode = AddrModeFlat;
stackframe.AddrStack.Offset = context.Esp;
stackframe.AddrStack.Mode = AddrModeFlat;
stackframe.AddrFrame.Offset = context.Ebp;
stackframe.AddrFrame.Mode = AddrModeFlat;
process = GetCurrentProcess(); // Get current process & thread.
thread = GetCurrentThread();
// Initialize dbghelp library.
if(!SymInitialize(process,NULL,TRUE))
return ;
_putts(__T("Call stack: \n\n"));
// Enumerate call stack frame.
while(StackWalk64(IMAGE_FILE_MACHINE_I386,process,thread,&stackframe,&context,SymFunctionTableAccess64,SymGetModuleBase64,NULL))
{
if(stackframe.AddrFrame.Offset == 0) // End reaches.
break;
if(SymFromAddr(process,stackframe.AddrPC.Offset,symbol))// Get symbol.
_tprintf(__T(" > %s\n"),symbol->Name);
if(SymGetLineFromAddr64(process,&displacement,&source_info)) { // Get source information.
_tprintf(__T("\t[%s:%d] at addr 0x%08LX\n"),source_info.FileName,source_info.LineNumber,stackframe.AddrPC.Offset);
} else {
if(GetLastError() == 0x1E7) { // If err_code == 0x1e7,no symbol was found.
_tprintf(__T("\tNo debug symbol loaded for this function.\n"));
}
}
}
SymCleanup(process); // Clean up and exit.
free(symbol);
}Result:
Note:
1. 在程序头加入:
#include <windows.h>
#include <dbghelp.h>
#pragma comment (lib,"dbghelp.lib")
#define DBGHELP_TRANSLATE_TCHAR
2. 使用dbghelp库前先初始化:
if(!SymInitialize(hProc,TRUE)) return ;
SymCleanup(hProc);
3. PSYMBOL_INFO structure使用前须分配内存,并设置MaxNameLen。
SYMBOL_INFO仅定义了TCHAR name[1],SymFromAddr function可能会写到其他内存去了。
MSDN建议SYMBOL_INFO应分配sizeof(SYMBOL_INFO) + (MaxNameLen - 1) * sizeof(TCHAR)大小的内存。
4.与SymFromAddr不同,SymGetLineFromAddr64的pdwdisplacement参数不可省。参见MSDN。
版权声明:本文内容由互联网用户自发贡献,该文观点与技术仅代表作者本人。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容, 请发送邮件至 dio@foxmail.com 举报,一经查实,本站将立刻删除。
