Why don't you get full stack traces when enabling the user mode stack trace?

4

I'm troubleshooting some memory fragmentation problems and I've been trying to figure out why things are being allocated and who's ultimately doing the allocation. So I enabled usermode stack traces for the process (+UST flag in gflags) and got a dump. When I analyze the dump and use the !heap -p -a Some_Address. I see a stack trace, but it's definitly not a full trace. I usually only see 4-7 functions in to the trace and then it stops. No errors are reported in the stack, but unfortunately it doesn't have enough information. I checked a bunch of the allocations and they all seem to have this same problem. I thought it might be the size of the stack database, but I would have expected to lost entire entries instead of just loosing part of them. Is there something I can do to increase the total size of the viewable stack. Some examples are below of the stacks I'm seeing.

0:000> !heap -p -a 3cb49008
    address 3cb49008 found in
    _HEAP @ 80000
      HEAP_ENTRY Size Prev Flags    UserPtr UserSize - state
        3cb49000 0fdd 0000  [07]   3cb49008    07ed0 - (busy)
        Trace: 6b69
        7c855014 ntdll!RtlAllocateHeapSlowly+0x00000041
        7c83d9aa ntdll!RtlAllocateHeap+0x00000e9f
        776bcfce ole32!CRetailMalloc_Alloc+0x00000016
        77d0404a oleaut32!APP_DATA::AllocCachedMem+0x0000004f
        77d04341 oleaut32!SysAllocStringByteLen+0x0000003c
        77d03f9b oleaut32!ErrStringCopyNoNull+0x00000016
        77d0456f oleaut32!VariantCopy+0x0000007e
        3ff1946 xxxx!_variant_t::_variant_t+0x00000016


0:000> !heap -p -a 2774cfc8
    address 2774cfc8 found in
    _HEAP @ 3cc0000
      HEAP_ENTRY Size Prev Flags    UserPtr UserSize - state
        2774cfc0 0008 0000  [17]   2774cfc8    00020 - (busy)
        Trace: 7de8
        7c855014 ntdll!RtlAllocateHeapSlowly+0x00000041
        7c83d9aa ntdll!RtlAllocateHeap+0x00000e9f
        4f6ad17 xxxx!malloc+0x0000007a


0:000> !heap -p -a 3ca25e08
    address 3ca25e08 found in
    _HEAP @ 80000
      HEAP_ENTRY Size Prev Flags    UserPtr UserSize - state
        3ca25e00 0007 0000  [07]   3ca25e08    00020 - (busy)
        Trace: 8588
        7c855014 ntdll!RtlAllocateHeapSlowly+0x00000041
        7c83d9aa ntdll!RtlAllocateHeap+0x00000e9f
        776bcfce ole32!CRetailMalloc_Alloc+0x00000016
        77d0404a oleaut32!APP_DATA::AllocCachedMem+0x0000004f
        77d04341 oleaut32!SysAllocStringByteLen+0x0000003c
        77d03f9b oleaut32!ErrStringCopyNoNull+0x00000016
        77d0456f oleaut32!VariantCopy+0x0000007e
        4f35abd xxxx!std::_Construct<_variant_t,_variant_t>+0x0000004d
debugging
windbg
gflags
asked on Stack Overflow Sep 6, 2011 by Zipper

1 Answer

3

On 32-bit Windows the system uses EBP chain to take a stack trace. You need to disable FPO optimization (/Oy-). On 64-bit Windows you will get a good stack trace even with optimization.

answered on Stack Overflow Sep 8, 2011 by John

User contributions licensed under CC BY-SA 3.0