When working with symbols, the default case is that you either analyze the current process, a concurrently running process or maybe even the kernel. dbghelp provides special support for these use cases and getting the right symbols to load is usually easy – having access to the process being analyzed, dbghelp can obtain the necessary module information by itself and will come up with the matching symbols.
Things are not quite as easy when analyzing symbols for a process (or kernel) that is not running any more or executes on a different machine.
Continue »
StackWalk64 provides a convenient and platform-independent way to walk the stack of a thread. Although useful and powerful indeed, it is definitively one of the less trivial to use functions. The additional fact that the MSDN documentation for StackWalk64 is rather light does not make things easier. There is, however, a decent article on CodeProject covering the usage of StackWalk64.
Although you can walk the stack of any thread using StackWalk64, this post only deals with walking the current thread’s stack.
Continue »
The documentation of the SYMBOL_INFO structure used by dbghelp contains a glitch. As the structure is of variable length, the documentation for SizeOfStruct states:
Size of the structure, in bytes. This member must be set to sizeof(SYMBOL_INFO). Note that the total size of the data is the SizeOfStruct + MaxNameLen - 1. The reason to subtract one is that the first character in the name is accounted for in the size of the structure.
Continue »
Explicit Symbol Loading with dbghelp