O'Reilly logo

Memory Dump Analysis Anthology, Volume 8a by Dmitry Vostokov

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Rough Stack Trace

This pattern is an example of more general Execution Residue (Volume 2, page 239) pattern or Caller-n-Callee (Volume 6, page 138) for managed space. It is just a collection of symbolic references (may also include Coincidental Symbolic Information, Volume 1, page 390) from the thread stack region or its fragment. In WinDbg, we can get it by using dpS command:

0:003> !teb
TEB at 000007fffffd6000
ExceptionList:        0000000000000000
StackBase:            0000000002450000
StackLimit:           000000000244b000 SubSystemTib: 0000000000000000 FiberData: 0000000000001e00 ArbitraryUserPointer: 0000000000000000 Self: 000007fffffd6000 EnvironmentPointer: 0000000000000000 ClientId: 00000000000047fc . 0000000000004824 RpcHandle: 0000000000000000 Tls Storage: ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required