Home page logo

wireshark logo Wireshark mailing list archives

Re: Getting a wireshark stack trace on Windows
From: Graham Bloice <graham.bloice () trihedral com>
Date: Fri, 23 Aug 2013 14:24:11 +0100

On 22 August 2013 20:02, Evan Huus <eapache () gmail com> wrote:

Could somebody who knows windows a little better take a look at bug #9062?
I don't fully understand how our build environment interacts with windows
debuggers / stack tracers. Is there a way to get a symbolic stack trace on
Windows without compiling from source? Do the build-bot nightly packages
include symbols?


I'll add a comment to the bug, but there are basically two ways:

1.  The user has a Windows debugger (e.g. Visual Studio or WinDbg) and can
get the stack trace from the debugger.  The user must have the pdb's and
let their debugger know where they are.

2.  The user generates a memory dump (basically an image of the faulting
process) and forwards that to someone who has a debugger and the pdb's and
they can see the stack trace and (if a full memory dump is provided) poke
around inside the process image which is frozen as if it had hit a

The memory dump can be generated in a few ways, and there are a few
versions of the dump that only inlcude the stack of the faulting thread,
stacks for all threads or a full memory image.  Obviously the full image
can be quite big, especially if the fault was caused by the process running
out of memory but it does zip up a bit.
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]