如何在 Windows 上获取线程堆栈信息? [英] How to get thread stack information on Windows?

问题描述

我通过CreateToolhelp32Snapshot 函数枚举进程中的所有线程.我想为每个线程获取一些基本的堆栈信息.更具体地说，我想获得堆栈底部地址，如果可能的话，我想获得当前的堆栈顶部地址.基本上这是在 WinDbg 中使用 ~*k 命令显示的信息.那么如何从线程的ID或者HANDLE中获取栈信息呢?

I enumerate all threads in a process through the CreateToolhelp32Snapshot function. I would like to get some basic stack information for each thread. More specifically I would like to get stack bottom address and if possible I would like to get current stack top address. Basically this is the information displayed with the ~*k command in WinDbg. So how can I obtain the stack information from the thread's ID or HANDLE?

推荐答案

(定义可以在此处找到.)

获取堆栈边界:

THREAD_BASIC_INFORMATION basicInfo;
NT_TIB tib;

// Get TEB address
NtQueryInformationThread(YOUR_THREAD_HANDLE, ThreadBasicInformation, &basicInfo, sizeof(THREAD_BASIC_INFORMATION), NULL);
// Read TIB
NtReadVirtualMemory(YOUR_PROCESS_HANDLE, basicInfo.TebBaseAddress, &tib, sizeof(NT_TIB), NULL);
// Check tib.StackBase and tib.StackLimit

要获取esp的值，只需使用GetThreadContext.

To get the value of esp, simply use GetThreadContext.

这篇关于如何在 Windows 上获取线程堆栈信息?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！