Author: Virtual memory
Subject: Stack address interpretation in PE?
Posted: 09 December 2013 at 6:41pm
I'm trying to determine the cause of a hang on a remote computer, run by a user. At the time of the hang, the user captured the stack for each thread of each hung process. Since the user computer did not have the app's symbols loaded, the stack entries look like
MyApp.exe+0x379c8d
I need to convert these addresses to functions and offsets in functions in my code. I have the map and symbol table (.pdb) for this app. How can I use the map and/or symbol table to convert the offset from "MyApp.exe" to offsets in my functions?
Next time, I'll have the app's symbols available on the remote computer, but for now I have to work with the stack I have.
FWIW, the map shows image base 400000, enc$testbss$begin 401000, and enc$testbss$end 577969.
Apparently, I have to know the hex value for MyApp.exe, but where would this be in the map?
Visual Studio 2005, WinXP 32-bit. App is Visual C++ and Intel Fortran.
Subject: Stack address interpretation in PE?
Posted: 09 December 2013 at 6:41pm
I'm trying to determine the cause of a hang on a remote computer, run by a user. At the time of the hang, the user captured the stack for each thread of each hung process. Since the user computer did not have the app's symbols loaded, the stack entries look like
MyApp.exe+0x379c8d
I need to convert these addresses to functions and offsets in functions in my code. I have the map and symbol table (.pdb) for this app. How can I use the map and/or symbol table to convert the offset from "MyApp.exe" to offsets in my functions?
Next time, I'll have the app's symbols available on the remote computer, but for now I have to work with the stack I have.
FWIW, the map shows image base 400000, enc$testbss$begin 401000, and enc$testbss$end 577969.
Apparently, I have to know the hex value for MyApp.exe, but where would this be in the map?
Visual Studio 2005, WinXP 32-bit. App is Visual C++ and Intel Fortran.
