0

I need to get the stacktrace programatically in a c++/winrt program (not only on crashes). The APIs are very limited for this (no dbghlp for example), but I found a way to get the virtual addresses in the running process (from the assembly code here).

From here I would like to find the function names. If I generate a MAP file can I get the address of my function (RVO + Preferred base), and if I compare it to the address in runtime I always get a diff of

0x009e0000

I have no idea from where this diff comes and if I can always count on finding the function by subtracting this number, so I would like to know how to calculate it.

Ben Voigt
  • 277,958
  • 43
  • 419
  • 720
Rolle
  • 2,900
  • 5
  • 36
  • 40
  • 1
    The offset comes from the actual vs prepared load address of the DLL the function appears in. It will be the same for all functions in the same DLL, so you can easily compute it by hard-coding one entry of the map file and comparing to the runtime value of a function pointer to the corresponding function. – Ben Voigt Apr 08 '19 at 14:23
  • @BenVoigt thanks. We use around 300 dlls in our applications and the trace can span many of these. is there any way to know at what offset each dll was loaded in runtime? – Rolle Apr 08 '19 at 14:29
  • 1
    Is there any way to know? Yes. But maybe not using the APIs available in a sandboxed WinRT application. For example, the native version is [`EnumProcessModules`](https://learn.microsoft.com/en-us/windows/desktop/api/psapi/nf-psapi-enumprocessmodules) – Ben Voigt Apr 08 '19 at 14:33

0 Answers0