Get the stack trace of the process from the DLL that it uses
I am working on a VC++2013 project and I am trying to get the stack trace of the calling function from the main process from a DLL attached to it. The attached DLL has _penter and _pexit defined and the main process has /Gh and /GH flags and so calls these functions. But when I try to get the stacktrace it crashes in CaptureStackBackTrace function. I am thinking that since the _penter and _pexit is defined in the DLL its not able to see the main processes stack. All I see is that it enters _penter and _pexit thats all. I dont see any other symbols. I might be wrong. This is the code(I used this code from the an answer from stackoverflow). This is the code to get the name of the function,
process = GetCurrentProcess();
SymInitialize(process, NULL, TRUE);
frames = CaptureStackBackTrace(0, 100, stack, NULL);
symbol = (SYMBOL_INFO *)calloc(sizeof(SYMBOL_INFO) + 256 * sizeof(char), 1);
symbol->MaxNameLen = 255;
symbol->SizeOfStruct = sizeof(SYMBOL_INFO);
SymFromAddr(process, (DWORD64)(stack[1]), 0, symbol);
printf("%i: %s - 0x%0X\n", frames - 1 - 1, symbol->Name, symbol->Address);
This crashes in this line frames = CaptureStackBackTrace(0, 100, stack, NULL); after some calls and this is the output,
1: printStackTrace - 0xEDB71730
1: on_enter - 0xEDB71840
1: _penter - 0xEDB71890
1: printStackTrace - 0xEDB71730
1: on_enter - 0xEDB71840
1: _penter - 0xEDB71890
1: printStackTrace - 0xEDB71730
1: on_enter - 0xEDB71840
1: _penter - 0xEDB71890
1: printStackTrace - 0xEDB71730
1: on_enter - 0xEDB71840
1: _pexit - 0xEDB718DC
1: printStackTrace - 0xEDB71730
1: on_enter - 0xEDB71840
1: _pexit - 0xEDB718DC
1: printStackTrace - 0xEDB71730
1: on_enter - 0xEDB71840
1: _penter - 0xEDB71890
1: printStackTrace - 0xEDB71730
1: on_enter - 0xEDB71840
1: _penter - 0xEDB71890
1: printStackTrace - 0xEDB71730
1: on_enter - 0xEDB71840
1: _penter - 0xEDB71890
1: printStackTrace - 0xEDB71730
1: on_enter - 0xEDB71840
1: _penter - 0xEDB71890
It crashed here.. and this is the crash:
Unhandled exception at 0x00007FF9F8679D62 (ntdll.dll) in TraceTrack.exe: 0xC0000005: Access violation reading location 0xFFFFFFFFFFFFFFFF.
Can somebody help me out in this?
EDIT: This is my asm file, extern entry:Proc extern exitp:Proc PUBLIC _penter PUBLIC _pexit
.code
PUSHREGS macro
push rax
push rcx
push rdx
push r8
push r9
push r10
push r11
endm
POPREGS macro
pop r11
pop r10
pop r9
pop r8
pop rdx
pop rcx
pop rax
endm
_penter proc
push rax
lahf
PUSHREGS
sub rsp, 8+16
movdqu xmmword ptr[rsp], xmm0
sub rsp ,8
sub rsp,28h
mov rcx,rsp
mov rcx,qword ptr[rcx+136]
call entry
add rsp,28h
add rsp, 8
movdqu xmm0, xmmword ptr[rsp]
add rsp, 8+ 16
POPREGS
sahf
pop rax
ret
_penter endp
_pexit proc
push rax
lahf
PUSHREGS
sub rsp, 8+16
movdqu xmmword ptr[rsp], xmm0
sub rsp ,8
sub rsp,28h
mov rcx,rsp
mov rcx,qword ptr[rcx+136]
call exitp
add rsp,28h
add rsp, 8
movdqu xmm0, xmmword ptr[rsp]
add rsp, 8+ 16
POPREGS
sahf
pop rax
ret
_pexit endp
end
EDIT2:
Also, I tried printing the 3rd frame in the line SymFromAddr(process, (DWORD64)(stack[3]), 0, symbol); and I find something strange. I find this output,
1: - 0x0
1: - 0x0
1: printStackTrace - 0xF0841750
1: printStackTrace - 0xF0841750
1: - 0x0
1: on_enter - 0xF0841820
1: - 0x0
1: - 0x0
1: - 0x0
The functions are organized as, (Funtion in actual program) -> _penter(exposed in DLL) -> on_enter(exposed in DLL) -> printstackFrame(exposed in DLL)
user96399210 Answers
Nobody has answered this question yet.
User contributions licensed under CC BY-SA 3.0