Re: Stack walk termination / StackBase of arbitrary thread



To get a call stack for an arbitrary thread, I need to call SuspendThread
and GetThreadContext. Which means I need a thread handle. Which means I need
to call OpenThread. Which is only available on Windows 2000 or higher :( I
think I can use ZwOpenThread on Windows NT 4.0, but what about Windows 9x?

Sysinternals Process Explorer can get a call stack for all threads in a
running process on Windows 9x, I think:
http://www.sysinternals.com/Utilities/ProcessExplorer.html

Paul

"Jochen Kalmbach [MVP]" <nospam-Jochen.Kalmbach@xxxxxxxxx> wrote in message
news:ezUyPtNkFHA.2344@xxxxxxxxxxxxxxxxxxxxxxx
> Hi Paul!
>> That works well for enumerating modules, but I don't know how to
>> enumerate threads? I would like to be able to get a call stack for all
>> threads as a snapshot for an unresponsive process.
>>
>> Your TestDifferentProcess function appears to enumerate threads using
>> only Tool Help.
>
> Yes. This is the documented way...
>
> Here is an example of enumerating threads in NT:
> http://www.alexfedotov.com/samples/threads.asp
>
> It is based on the undocumented "ZwQuerySystemInformation"; but it is safe
> to use it, because NT will never change again...
>
>
>
> The documented way of doing this in NT is using the Pdh-Libs:
> http://www.codeproject.com/system/ntenumthreads.asp
>
>
>
>
> PS: PSAPI is also not redistributed with NT; you need to redistribute it
> with your app:
> http://www.microsoft.com/downloads/details.aspx?displaylang=en&FamilyID=3D1FBAED-D122-45CF-9D46-1CAE384097AC
>
>
> --
> Greetings
> Jochen
>
> My blog about Win32 and .NET
> http://blog.kalmbachnet.de/


.



Relevant Pages

  • Re: singe thread per connection
    ... process is about 2000, with the practical maximum somewhat lower, and performance suffering significantly before that. ... If you use a different stack size than the default, or don't actually allocate one OS thread per Java thread, then the actual limit would be different. ... But in Windows, both in the regular Win32 API and under .NET, there are i/o mechanisms that can be used that allow a single thread to service an arbitrarily large number of i/o tasks. ... This allows a program to create just enough threads to keep all the CPU cores busy, and the Windows scheduler knows to treat those threads specially so that if the only other runnable thread is one that would do the same thing that the currently running thread would do, the currently running thread is allowed to just keep running, rather than being preempted for no good reason. ...
    (comp.lang.java.programmer)
  • Re: Iczelions tutorials revisited.
    ... By "local" variables on the stack I assume something like this? ... access parameters and locals that way. ... The Windows API uses "stdcall" in which "callee cleans up stack" - the Windows functions end with "ret N". ... Being an old dos-head, I'm used to using cx as a "counter", and it annoys me that calling libc or the Windows API is allowed to trash it, but that's life... ...
    (alt.lang.asm)
  • Re: gcc for windows?
    ... It says "x86-64 target" but then... ... installed gcc on Windows for a while - why faff around with development ... the Win64 ABI, while not as fast on some kinds of code or on typical ... So it avoids spilling registers onto the stack by passing more stuff on ...
    (comp.lang.c)
  • Re: Is MASM32 an evil Microsoft plot?
    ... Now your next blunder is to call the default windows message handler ... > you could use most any assembler and the whole advocacy for MASM disappears. ... C3;; retn ... Is there supposed to be some profundity at addressing the stack ...
    (alt.lang.asm)
  • Re: gcc for windows?
    ... installed gcc on Windows for a while - why faff around with development ... On 64-bit Linux, people generally build ... tends to have a lower incidence of register spills in non-leaf functions ... So it avoids spilling registers onto the stack by passing more stuff on the stack? ...
    (comp.lang.c)