StackWalker macro

[jj2007]

I am tempted to write a StackWalker macro. However, the only relevant entry I found in this forum is Guga's How to Initialize a non registered interface, which treats (inter alia) IDiaStackWalkFrame

Can somebody explain in a few words what a stack walker does, and what we can expect from it, in terms of simplifying the debugging of an application? I have my ideas, but I'd like to get the views from those working with the more professional tools.

[LiaoMi]

I am tempted to write a StackWalker macro. However, the only relevant entry I found in this forum is Guga's How to Initialize a non registered interface, which treats (inter alia) IDiaStackWalkFrame

Can somebody explain in a few words what a stack walker does, and what we can expect from it, in terms of simplifying the debugging of an application? I have my ideas, but I'd like to get the views from those working with the more professional tools.

Hi jj2007,

the main purpose is to monitor the call stack

Walking the callstack - https://www.codeproject.com/Articles/11132/Walking-the-callstack-2
StackWalk function (dbghelp.h) - https://docs.microsoft.com/en-us/windows/win32/api/dbghelp/nf-dbghelp-stackwalk
SHOWING VARIABLES USING THE WINDOWS DEBUGGING API - https://accu.org/journals/overload/29/165/orr/
Windows single header stack walker in C (DbgHelp.DLL) - https://github.com/septag/stackwalkerc
Stack Trace - https://wiki.osdev.org/Stack_Trace
Stack Trace - https://en.wikipedia.org/wiki/Stack_trace - Programmers commonly use stack tracing during interactive and post-mortem debugging. End-users may see a stack trace displayed as part of an error message, which the user can then report to a programmer.
Call stack - https://en.wikipedia.org/wiki/Call_stack

Debugging: how to recognise a no stack frame proc - http://masm32.com/board/index.php?topic=8393.msg91986#msg91986

[jj2007]

Thanks, LiaoMi

[jj2007]

Here is a first test, with my editor. Crashes are rare, but once in a while they happen, and I'd like to find out where and why they happen. So I wrote a StackWalk macro that displays what happened shortly before the crash.

- extract both files to a folder, then start RichMasm.exe
- play around a bit, click into the listbox or into the bookmarks to the right, whatever
- press F9
- hold Shift and click "No"

That will trigger ...
  xor edx, edx
  div edx
... which causes an exception. At that point, the macro jumps in and shows what happened shortly before. The procedure where the crash happens is called "MyTest" (it's in the list, but not in the last position).

The source is over 22k lines and too big to be posted here. Some AV may shout foul, as usual.
The legal stuff: Use at your own risk

[jj2007]

I refined the post mortem feature:
- launch the attached editor, play around a little bit, then hit F9.
- in the "Copy path to clipboard..." box, hold Shift and click "No" (Ctrl+No shows the stack walk)
- when Olly kicks in as your just-in-time debugger, you'll see this in the dump window:

00424000  43 69 61 6F|43 69 61 6F|52 8F 41 00|79 52 42 00| CiaoCiaoRA yRB
00424010  99 1C 40 00|11 00 00 00|22 00 00 00|33 00 00 00| ™@    "   3


The first dword next to CiaoCiao is the address to the StackWalk procedure. You can run it by selecting it and choosing "follow in disassembler"; press Ctrl * to move the EIP there, then F9 to see the stack walk

The second dword points to the name of the procedure that crashed. Next to it you find its address, plus the latest four arguments passed. In case you wonder what all that is good for: I needed it, urgently