Re: amd64 stack trace from kernel driver code

Tech Tip: Click here to run a free scan for Windows Errors and optimize PC performance

On Mar 8, 9:54 am, "Don Burn" <b...@xxxxxxxxxxxxxxxxxxxx> wrote:
There is not one, and even on 32-bit you cannot rely on the model, since
there are alternative calling conventions.  Why do you want this?  There is
an ability through the /Gh and /GH compiler options to hook entry and exit
of a function in code you own and record a stack.

--
Don Burn (MVP, Windows DDK)
Windows Filesystem and Driver Consulting
Website:http://www.windrvr.com
Blog:http://msmvps.com/blogs/WinDrvr
Remove StopSpam to reply

"vjack3230" <vjack3...@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message

news:A7F6458A-17FF-4799-972A-F891CBAE84A1@xxxxxxxxxxxxxxxx



From some point in the code of a 64 bit driver is it possible to obtain
the
call stack on an amd64 cpu. In debug mode on a 32 bit cpu the stack frame
using ebp is available to trace the stack but I don' t see an equivalent
on
the amd64 function calling paradigm

__________ Information from ESET NOD32 Antivirus, version of virus
signature database 3917 (20090307) __________

The message was checked by ESET NOD32 Antivirus.

http://www.eset.com

__________ Information from ESET NOD32 Antivirus, version of virus signature database 3917 (20090307) __________

The message was checked by ESET NOD32 Antivirus.

http://www.eset.com

I am only interested in obtaining the call stack for functions within
my driver and only in debug mode so therefor I control the calling
convention used.. My goal, and one that I have achieved on some unix
platforms and win32, is to associate a call stack with every memory
allocation my driver makes. The driver keeps track of all allocates
and frees so that when the driver is unloaded any memory in use can be
returned to the kernel. The driver can be triggered to dump all of the
current memory allocation info (size, timestamp, call stack, etc.) to
a file. A data reduction program then associates the allocation info
with the driver map file and produces a call stack, including function
name and offset, for all currently allocated memory. By incorporating
a time stamp with the allocation info I am able to easily find memory
leaks and exactly which code did the leaking.
.

Relevant Pages

  • Re: Driver getting Page Fault 0Eh Fault=0000, only when 2 PCI cards present in system
    ... There certainly are stack limits that a poorly designed function can exceed, ... > Is there a size issue on the size of a subroutine in a driver? ... With only one of our PCI cards ... >> area in Memory Space and also uses 1 PCI interrupt. ...
    (microsoft.public.development.device.drivers)
  • Re: amd64 stack trace from kernel driver code
    ... of a function in code you own and record a stack. ... Windows Filesystem and Driver Consulting ... and frees so that when the driver is unloaded any memory in use can be ... A data reduction program then associates the allocation info ...
    (microsoft.public.development.device.drivers)
  • Re: If Macs have no spyware....
    ... >had made a complete code review of its operating system and removed all ... and writing new data into those memory locations would ... >but when the data exists on the stack, it can cause very large problems. ... >location that needs to be written in place of the correct execution ...
    (comp.sys.mac.advocacy)
  • Re: If Macs have no spyware....
    ... First you yammer about being a Mac advocate, then bad mouth me for dumping XP in favor of a Mac. ... Supposedly Microsoft had made a complete code review of its operating system and removed all the buffers which could overflow. ... the fundamental problem is that the basic architecture of Windows has two fatal flaws in its memory management and while these remain in the software the ad hoc patches will never be enough to make Windows a secure operating system. ... These problems are bad enough when dealing with data in the one routine but when the data exists on the stack, it can cause very large problems. ...
    (comp.sys.mac.advocacy)
  • Re: Maybe we should stop "Paging Beth Stone" already...
    ... I'll want to work on my OS while running my OS, so the assembler that it's written with has to run under it. ... You have to swap CR3 if you want seperate memory spaces. ... The alternate stacks aren't used by the processor unless the task calls a different protection level, so they're not part of the TSS swap. ... This lets any application use up to a gigabyte of stack before Linux is forced to tell it that it's gone too far. ...
    (alt.lang.asm)