Discussion:
[Mingw-w64-public] Obtaining stacktraces within a Windows application
Alex Loukissas
2012-08-11 16:59:44 UTC
Permalink
Hello,

I would like to ask whether it is possible to obtain meaningful stacktraces
within a Windows app built with mingw-w64. I will explain briefly my setup
and what I've tried so far.

I build my app on Linux using mingw-w64 into a statically linked
executable, with debug info. I've tried using the Windows API
(RtlCaptureStackBackTrace and SymFromAddr), in a way similar as described
here http://stackoverflow.com/questions/5693192/win32-backtrace-from-c-code.
Unfortunately, SymFromAddr gives me 'Attempt to access invalid address'
errors for the stack frames in my code (however, I do get meaningful info
for the first couple frames, which are from Windows).

I would greatly appreciate any help in this manner!

Thanks
Alex
Kai Tietz
2012-08-11 18:38:34 UTC
Permalink
Hello,

well, you have here different ways to achieve this. First thing to
start about is the backtrace. You can find such sample code in our
experimental tree (or at stackoverflow as you've shown).
By those addresses you can either use binutils' addr2line tool to get
more detailed information, or you can try to use libbfd (part of
binutils project) for this.

Hope this helps,
Kai
Vincent Torri
2012-08-12 07:03:51 UTC
Permalink
Hey
Post by Alex Loukissas
Hello,
I would like to ask whether it is possible to obtain meaningful stacktraces
within a Windows app built with mingw-w64. I will explain briefly my setup
and what I've tried so far.
I build my app on Linux using mingw-w64 into a statically linked executable,
with debug info. I've tried using the Windows API (RtlCaptureStackBackTrace
and SymFromAddr), in a way similar as described here
http://stackoverflow.com/questions/5693192/win32-backtrace-from-c-code.
Unfortunately, SymFromAddr gives me 'Attempt to access invalid address'
errors for the stack frames in my code (however, I do get meaningful info
for the first couple frames, which are from Windows).
I would greatly appreciate any help in this manner!
Just a note : i wanted to write some kind of valgrind tool for
Windows. Not as advanced as valgrind, of course, but something that
would at least be used like valgrind, that is, no need to link against
any kind of library. I named it "examine". So its use is

examine /path/to/prog

It works well when the "examine" is compiled with Visual Studio as
well as the program.

But when I use mingw-w64 for the compilation and binutils, it fails
(i've sent mails here and in the binutils ML without help). The
problems seems that i do DLL injection and API hooking, and libbdf is
a bit lost.

I can give you the link of the code if you're interested

regards

Vincent Torri
Vincent Torri
2012-08-12 07:06:32 UTC
Permalink
note that DrMinGW (http://code.google.com/p/jrfonseca/wiki/DrMingw)
has certainly some code about that. Note also that i never succeeded
in using DrMinGW, it always fails (i've reported my problems in thar
bug tracker)

Vincent Torri
Post by Vincent Torri
Hey
Post by Alex Loukissas
Hello,
I would like to ask whether it is possible to obtain meaningful stacktraces
within a Windows app built with mingw-w64. I will explain briefly my setup
and what I've tried so far.
I build my app on Linux using mingw-w64 into a statically linked executable,
with debug info. I've tried using the Windows API (RtlCaptureStackBackTrace
and SymFromAddr), in a way similar as described here
http://stackoverflow.com/questions/5693192/win32-backtrace-from-c-code.
Unfortunately, SymFromAddr gives me 'Attempt to access invalid address'
errors for the stack frames in my code (however, I do get meaningful info
for the first couple frames, which are from Windows).
I would greatly appreciate any help in this manner!
Just a note : i wanted to write some kind of valgrind tool for
Windows. Not as advanced as valgrind, of course, but something that
would at least be used like valgrind, that is, no need to link against
any kind of library. I named it "examine". So its use is
examine /path/to/prog
It works well when the "examine" is compiled with Visual Studio as
well as the program.
But when I use mingw-w64 for the compilation and binutils, it fails
(i've sent mails here and in the binutils ML without help). The
problems seems that i do DLL injection and API hooking, and libbdf is
a bit lost.
I can give you the link of the code if you're interested
regards
Vincent Torri
Alex Loukissas
2012-08-12 15:43:05 UTC
Permalink
Thanks for the tips. I'll give a shot of trying what was suggested before
and see how this turns out. I'll report any progress in this thread.
Post by Alex Loukissas
Hey
Post by Alex Loukissas
Hello,
I would like to ask whether it is possible to obtain meaningful
stacktraces
Post by Alex Loukissas
within a Windows app built with mingw-w64. I will explain briefly my
setup
Post by Alex Loukissas
and what I've tried so far.
I build my app on Linux using mingw-w64 into a statically linked
executable,
Post by Alex Loukissas
with debug info. I've tried using the Windows API
(RtlCaptureStackBackTrace
Post by Alex Loukissas
and SymFromAddr), in a way similar as described here
http://stackoverflow.com/questions/5693192/win32-backtrace-from-c-code.
Unfortunately, SymFromAddr gives me 'Attempt to access invalid address'
errors for the stack frames in my code (however, I do get meaningful info
for the first couple frames, which are from Windows).
I would greatly appreciate any help in this manner!
Just a note : i wanted to write some kind of valgrind tool for
Windows. Not as advanced as valgrind, of course, but something that
would at least be used like valgrind, that is, no need to link against
any kind of library. I named it "examine". So its use is
examine /path/to/prog
It works well when the "examine" is compiled with Visual Studio as
well as the program.
But when I use mingw-w64 for the compilation and binutils, it fails
(i've sent mails here and in the binutils ML without help). The
problems seems that i do DLL injection and API hooking, and libbdf is
a bit lost.
I can give you the link of the code if you're interested
regards
Vincent Torri
------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and
threat landscape has changed and how IT managers can respond. Discussions
will include endpoint security, mobile security and the latest in malware
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
Mingw-w64-public mailing list
https://lists.sourceforge.net/lists/listinfo/mingw-w64-public
--
Alex Loukissas
Member of Technical Staff - Maginatics, Inc.
www.maginatics.com
Alex Loukissas
2012-08-16 19:34:46 UTC
Permalink
Hi folks,

It appears that with addr2line I got quite far. Unfortunately, I haven't
been able to try out the libbfd option, since it appears that this library
isn't included in the standard ubuntu mingw package.

Cheers
Alex
Post by Alex Loukissas
Thanks for the tips. I'll give a shot of trying what was suggested before
and see how this turns out. I'll report any progress in this thread.
Post by Alex Loukissas
Hey
Post by Alex Loukissas
Hello,
I would like to ask whether it is possible to obtain meaningful
stacktraces
Post by Alex Loukissas
within a Windows app built with mingw-w64. I will explain briefly my
setup
Post by Alex Loukissas
and what I've tried so far.
I build my app on Linux using mingw-w64 into a statically linked
executable,
Post by Alex Loukissas
with debug info. I've tried using the Windows API
(RtlCaptureStackBackTrace
Post by Alex Loukissas
and SymFromAddr), in a way similar as described here
http://stackoverflow.com/questions/5693192/win32-backtrace-from-c-code.
Unfortunately, SymFromAddr gives me 'Attempt to access invalid address'
errors for the stack frames in my code (however, I do get meaningful
info
Post by Alex Loukissas
for the first couple frames, which are from Windows).
I would greatly appreciate any help in this manner!
Just a note : i wanted to write some kind of valgrind tool for
Windows. Not as advanced as valgrind, of course, but something that
would at least be used like valgrind, that is, no need to link against
any kind of library. I named it "examine". So its use is
examine /path/to/prog
It works well when the "examine" is compiled with Visual Studio as
well as the program.
But when I use mingw-w64 for the compilation and binutils, it fails
(i've sent mails here and in the binutils ML without help). The
problems seems that i do DLL injection and API hooking, and libbdf is
a bit lost.
I can give you the link of the code if you're interested
regards
Vincent Torri
------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and
threat landscape has changed and how IT managers can respond. Discussions
will include endpoint security, mobile security and the latest in malware
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
Mingw-w64-public mailing list
https://lists.sourceforge.net/lists/listinfo/mingw-w64-public
--
Alex Loukissas
Member of Technical Staff - Maginatics, Inc.
www.maginatics.com
--
Alex Loukissas
Member of Technical Staff - Maginatics, Inc.
www.maginatics.com
Zouzou
2012-08-17 11:52:14 UTC
Permalink
Post by Alex Loukissas
Hi folks,
It appears that with addr2line I got quite far. Unfortunately, I haven't
been able to try out the libbfd option, since it appears that this
library isn't included in the standard ubuntu mingw package.
Good thing it's not there; see
<http://cygwin.com/ml/cygwin/2011-06/msg00149.html> &
<http://sourceforge.net/mailarchive/message.php?msg_id=27752884> for
reasons why you would want to avoid depending on libbfd and for pointers
to an alternative implementation that you might be able to reuse.

Zouzou

Loading...