The Old New Thing

How to rescue a broken stack trace on x64: Recovering the stack pointer

September 6, 2013 Sep 6, 2013 09/6/13

Raymond Chen

Recovering a broken stack on x64 machines on Windows is trickier because the x64 uses unwind codes for stack walking rather than a frame pointer chain. When you dump the stack, all you're going to see is return addresses sprinkled in amongst the stack data. Begin digression: According to the x64 ABI, each function must begin with a prologue...