开发者

How to get the parent thread in WinDBG?

开发者 https://www.devze.com 2023-01-04 20:17 出处：网络

When I analyzed a crush dump file, I often got such errors: 0:025> kP Child-SPRetAddrCall Site 00000000`05a4fc78 00000000`77548638 ntdll!DbgBreakPoint(void) [d:\\w7rtm\\minkernel\\ntos\\rtl\\amd64

相关专题：multithreading windbg

When I analyzed a crush dump file, I often got such errors:

0:025> kP
Child-SP          RetAddr           Call Site
00000000`05a4fc78 00000000`77548638 ntdll!DbgBreakPoint(void) [d:\w7rtm\minkernel\ntos\rtl\amd64\debugstb.asm @ 51]
00000000`05a4fc80 00000000`774b39cb ntdll!DbgUiRemoteBr开发者_如何学Goeakin(
   void * Context = 0x00000000`00000000)+0x38 [d:\w7rtm\minkernel\ntdll\dlluistb.c @ 310]
00000000`05a4fcb0 00000000`00000000 ntdll!RtlUserThreadStart(
   <function> * StartAddress = 0x00000000`00000000, 
   void * Argument = 0x00000000`00000000)+0x25 [d:\w7rtm\minkernel\ntos\rtl\rtlexec.c @ 3179]

It seems that the process crushed when creating a thread. So, I want to find who or which thread created the current thread. How can I get it?

You can look at the other threads in the process with ~*k to see if there's anything interesting. Other than that, this info simply isn't there in the dump.

-scott