Stack Shot

Introduction

I've often needed a tool to take a quick snap-shot of the call-stack of all threads of a process (e.g. a deadlocked application). WinDbg does the job on XP, but on older platforms (like NT4) it's not possible to do a non-invasive attach to a process (when the process is attached non-invasively it's possible to detach the debugger without having to restart the process). A tool like Process Explorer from SysInternals can give you the stack of each thread, but you can't compare the call's across all threads.

Stack Shot injects itself into a remote process and uses the Windows symbol engine to take a snap-shot of all the threads in the process. The UI presents the call stacks of each thread and the associated source code (with syntax highlighting for C/C++ files) for each stack entry (symbols required).

Stack Shot is still a work in progress. Any and all suggestions are welcome!

Quick Start

To take a snap shot of the call stack of a process, select New from the file menu. From the resulting dialog, select the process you want to investigate (see Figure 1). and click on the Attach button. After a short while (the amount of time will vary according to the number of threads and the depth of the call stacks) Stack Shot will display the snap shot of the processes call stack.

Using Stack Shot

Figure 2 shows a typical Stack Shot screen. The screen is broken into three parts:

Thread View	Call Stack
	Code View

Thread View

The list of threads running in the process is displayed in this window. The thread list displays the ID of the thread, and the name (or address if the name can't be retrieved) of the function currently being executed by the thread.

Selecting a thread from the thread list updates the call stack view.

Call Stack

The call stack is the list of function calls that have led to the current location of the program counter. The function at the top of the list is the current function; as you proceed down the list you see the function that called the function above.

Sometimes, Stack Shot can't extract enough information from the process being inspected to provide an accurate call stack (e.g. when the compiler/linker that built the application has certain optimisations enabled). This information is often made available via symbol files (Symbol files hold a variety of data which are not actually needed when running the binaries, but which could be very useful in the debugging process).

If you want to see an accurate call stack, see Configuring Symbols for instructions on how to configure Stack Shot to use symbols.

Providing there's sufficient symbolic information, selecting an entry from the call stack displays the source code related to that function.

Code View

The code view attempts to load the source file that contains the currently selected stack entry. If Stack Shot can't find the source file in the location specified by the symbol file, it will give you the opportunity to locate it.

Configuring symbols

If you want to get accurate call stacks, you need to configure Stack Shot to use debug symbols. From the Options menu, select the Configure symbols... menu item (see Figure 3).

	Dbghelp.dll path	Depending on the version of Windows you have installed, you may or may not have the symbol engine installed. If you're using an older version of Windows (e.g. NT4) then you'll need to download and install Debugging tools for Windows from Microsoft. Specify the path to the Windows symbol engine (DbgHelp.dll) in the installed directory.

	Symbols path	Before you can get an accurate stack trace, you need to tell Stack Shot where to find the symbols for the application being inspected. You can either specify a folder (or series of folders) where the symbols can be found, or specify the location of a symbol server (see

Credits

Syntax highlighting based on regex_replace_example.cpp - part of the Boost Regular Expressions library.

Compatibility

Windows NT4 (SP6)
Windows 2000
Windows XP Professional