Page 1 of 1

Stack tracing for calling stack

Posted: Tue Feb 19, 2008 6:06 am
by jal
If something goes horribly wrong and your OS gets an exception you cannot handle, it's nice to display the good old register dump and the like. What may also be very useful is printing somewhere the function that caused the exception. I've created a simple look-up from the ELF symbol table that does that (it works; and yes, it would also be great to be able to print e.g. the line number, but I'm not fancying to make a DWARF interpreter anytime soon).

However, what could also be rather useful is displaying a calling stack, showing which function called my function, which function called that one, etc. My question is how to do that. Just scan down the stack and try to interpret every dword as an address, and see whether that's somewhere in the symbol table? Seems rather crude and error prone, but it's the only thing I can think of right now.


JAL

Posted: Tue Feb 19, 2008 9:14 am
by JamesM
Hi.

You can do it by unwinding stack frames. In most cases (and with GCC, pretty much all cases) a function starts by pushing the base pointer (ebp). So you end up with something like this as a stack:

Code: Select all

20 <-- ESP
24
28 <-- Pushed EBP
32 <-- Pushed Return address
34
And, in fact, the *current* value of EBP will point to where the old one was pushed. So if you take EBP and keep dereferencing it, you will end up unwinding the stack, one frame at a time.

then note, that if you take any of those EBPs you just found, and add 4 to it and dereference it (go one place up the stack from it), you get the return address from that stack frame.

So all you have to do is follow the trail of EBPs, find the return addresses for each stack frame, and lookup the symbol for each. Sorted.

Posted: Tue Feb 19, 2008 9:31 am
by jal
JamesM wrote:So all you have to do is follow the trail of EBPs, find the return addresses for each stack frame, and lookup the symbol for each. Sorted.
I figured that much, however that only works with the same calling convention. If one has certain functions that take register parameters, or one uses assembly functions, then one is stuck (well, I am stuck, since I use these :))?


JAL

Posted: Tue Feb 19, 2008 10:05 am
by JamesM
This depends. Functions using register-passing will still work as long as the base pointer is pushed at the start of the function, which is the case for pretty much any function requiring stack-local storage. Assembler functions work for me as well (because I push EBP).

Posted: Tue Feb 19, 2008 2:48 pm
by jal
JamesM wrote:This depends. Functions using register-passing will still work as long as the base pointer is pushed at the start of the function, which is the case for pretty much any function requiring stack-local storage. Assembler functions work for me as well (because I push EBP).
Ok, then I should use the PUSH EBP trick in my asm routines as well. Thanks for this very helpful information!


JAL

Posted: Wed Feb 20, 2008 8:32 am
by zaleschiemilgabriel
for this to work it means you have to preserve ebp, right?

Posted: Wed Feb 20, 2008 9:10 am
by JamesM
Yes. This is done automatically for any C functions by the compiler (and should be done by you too, if you're following cdecl (but of course you may not be)), unless you have -fomit-frame-pointer enabled.

Re:

Posted: Sun Aug 31, 2008 10:32 pm
by sawdust
jal wrote: Ok, then I should use the PUSH EBP trick in my asm routines as well. Thanks for this very helpful information!
JAL
Hi JAL,
Did you have luck implementing this one? I too have a similar requirement and your input will be very helpful to me.
Thx :)

Re: Re:

Posted: Mon Sep 01, 2008 3:31 am
by jal
sawdust wrote:Did you have luck implementing this one? I too have a similar requirement and your input will be very helpful to me.
I'm not sure I can give any input. I followed up on James' suggestion, that's basically it.


JAL

Re: Re:

Posted: Mon Sep 01, 2008 8:25 pm
by sawdust
jal wrote: I'm not sure I can give any input. I followed up on James' suggestion, that's basically it.
JAL
I mean, if you have a working code stub, can you post it here?

Re: Re:

Posted: Tue Sep 02, 2008 4:13 am
by jal
sawdust wrote:I mean, if you have a working code stub, can you post it here?
No, I'm sorry, I'm not into code sharing at this point.


JAL