Windows下如何获取线程堆栈信息?
我通过 CreateToolhelp32Snapshot 函数枚举进程中的所有线程。我想获取每个线程的一些基本堆栈信息。更具体地说,我想获取堆栈底部地址,如果可能的话,我想获取当前堆栈顶部地址。基本上,这是在 WinDbg 中使用 ~*k
命令显示的信息。那么如何从线程的ID或者HANDLE中获取堆栈信息呢?
I enumerate all threads in a process through the CreateToolhelp32Snapshot
function. I would like to get some basic stack information for each thread. More specifically I would like to get stack bottom address and if possible I would like to get current stack top address. Basically this is the information displayed with the ~*k
command in WinDbg. So how can I obtain the stack information from the thread's ID or HANDLE?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(5)
(可以在此处找到定义。)
获取堆栈边界:
获取
esp,只需使用
GetThreadContext
。(Definitions can be found here.)
To get stack boundaries:
To get the value of
esp
, simply useGetThreadContext
.一种无需涉及 Windows 驱动程序工具包的更简单方法如下:
An easier way without having to involve the Windows Driver Kit is as so:
__readfsdword() 仅适用于当前线程。因此,使用 NtQueryInformationThread() 的变体更加灵活。
添加了 ntdll.h 中缺少的一些声明:
__readfsdword() works only for the current thread. So, the variant with NtQueryInformationThread() is more flexible.
Added some declarations which are missed in ntdll.h:
这是当前线程(可移植的 Win32 x86/x64 版本)的简单方法:
注意:
stackLimit
stackLimit
stackLimit
stackBase
(堆栈向下增长)。有关更多详细信息,请参阅 Win32 TIB。
Here's an easy way for the current thread (portable Win32 x86/x64 version):
Note:
stackLimit
<stackBase
(as stack grows downwards).For more details refer to Win32 TIB.
据我所知,Toolhelp 的工作原理是复制有关堆、模块、进程和线程的基本信息。这不包括包含堆栈底部地址的 TEB 块。我认为您需要使用另一个 API,即调试器引擎 API,它提供 检查堆栈的函数
As fas as I know, Toolhelp works by making a copy of basic information on heaps, modules, processes and threads. This does not include the TEB block that contains the stack bottom address. I think you need to use another API, the debugger engine API, which offers functions to examine the stacks