Windbg Manual Stack Walk Tutorial (Reconstruct stack using WinDBG)

preview_player
Показать описание
WinDBG manual stack walk of a corrupted stack using just WinDBG and notepad++
I use this technique in a pinch when I need to reconstruct the stack manually.

Attributions
  1. High Voice Computing
  2. tutorial
  3. stack trace
  4. raw stack
  5. stack trace reconstruction
  6. windbg
Рекомендации по теме
Windbg Manual Stack 0:09:02

Windbg Manual Stack Walk Tutorial (Reconstruct stack using WinDBG)

C and C++ 0:21:41

C and C++ Stacks looking like gibberish ? All about native stacks using WinDBG

How To Print 0:09:02

How To Print The Call Stack In WinDbg

Using JavaScript to 0:12:09

Using JavaScript to write a stack sampler in WinDbg

Simplest Windbg minidump 0:05:03

Simplest Windbg minidump tutorial

WinDBG tutorial - 0:06:58

WinDBG tutorial - Setting a managed breakpoint (C#)

Debugging.TV Frame 0x18 0:20:12

Debugging.TV Frame 0x18

View local variables 0:15:39

View local variables in a release mode optimised application using WinDBG

PMA 431: WinDbg 0:04:37

PMA 431: WinDbg Preview: Source-Level Debugging

Debugging.TV Frame 0x24 0:21:01

Debugging.TV Frame 0x24

Windbg tutorial - 0:07:09

Windbg tutorial - Setting a native breakpoint

How To Display 0:02:28

How To Display Local Variables In WinDbg - Tutorial 2

C++ : Walking 0:01:19

C++ : Walking a .NET callstack using native C++

windbg in usermode 0:06:31

windbg in usermode - Chapter 09: Call stack

.NET and C++ 0:11:40

.NET and C++ mixed mode exception debugging using WinDBG. View .NET and native exceptions.

Analyzing a dump 0:02:34

Analyzing a dump file using WinDbg

PMA 430: WinDbg 0:07:39

PMA 430: WinDbg Preview

No symbols loading 0:18:09

No symbols loading ? Here is how to load symbols in WinDBG

06 understanding most 0:28:56

06 understanding most used commands

Tracing C function 0:48:51

Tracing C function fopen [Part2] - Windbg Kernel Debugging - Walk-Through User-Mode to Kernel ES

Analyzing Windows Crash 0:00:49

Analyzing Windows Crash Dumps in Less Than a Minute

Missing Variable and 0:10:33

Missing Variable and Function debugging using WinDBG. Find the missing variable and function

How to set 0:05:36

How to set a break point on a managed method in WinDBG

Introduction to Windbg 0:25:15

Introduction to Windbg Series 1 Part 23 - Time travellers tracing ( IDNA )

Комментарии
Автор

New technique i've learned. Thanks!

indumathigopal
Автор

!teb does not work, it gives error InitTypeRead ( TEB )
.logopen does not work, it keeps saying "Log file could not be opened"

OkSear
Автор

Actually there is an error here in the explaination. At 6:09 you say that Notepad++ is highlighting a "return address". This is false. What you are highlighting is the EBP(the previous stack frame) pushed on to the stack, no the return address. In fact the return address is the function symbol that is above(in memory) from the old EBP.
To clarify at 6:13 0079ffdc is the old EBP(not the return address) and 77af7bf4 is the return address.

deckardpegasus
join shbcf.ru