How to view the value of registers in a specific call stack stack in windbg

Question

How to view the value of registers in a specific call stack stack in windbg

I am studying a Windows dump file in WinDBG. I can switch the frame of the call stack with the .frame command, but I found that the registers always contain the last context. I mean, if you can restore a context that belongs to a specific frame of the call stack that is not top?

+6

callstack windbg

Fan yang Apr 6 '12 at 2:49

source share

2 answers

try findthis.py, which is the type of CFI retrieval (call frame information) by parsing the prolog of each frame in a freeze frame.

http://nick.luckygarden.org/find-this-ptr-within-a-callstack-in-a-dump-file/

0

Nick x Dec 30 '15 at 15:46

source share

snoone · Accepted Answer · 2012-04-06T10:42:12+0000

If you are debugging an x64 target, you can use:

.frame /r

To view the registers in the frame. This information is based on image unwinding data, so it is fairly reliable. You can also change the context with:

 .frame /c

On x86 there is no information to unwind, so this trick does not work .. frame will still show you something for registers, but it is unlikely to be correct (it will be basically just the right luck).

How to view the value of registers in a specific call stack stack in windbg

More articles: