Hi all, the subject explains my needs. I would like to understand if printing %p of a pointer can help me check if it's in the stack or was allocated with some memory management functions. Something like:
void test() { char stack[10], *heap = HeapAlloc(1234); printf("%p %p", stack, heap); }
Can I be sure the first printed value is from stack and the second from heap?
A plus question would be: Is it possible to know if an address is a const string?
These questions are related to debugging wine functions based on trace debugs.
Thanks in advance and best wishes, Bruno
On Feb 19, 2015, at 7:53 PM, Bruno Jesus 00cpxxx@gmail.com wrote:
Hi all, the subject explains my needs. I would like to understand if printing %p of a pointer can help me check if it's in the stack or was allocated with some memory management functions.
Yes, usually:
void* p = /* ... */; if ((char*)NtCurrentTeb()->Tib.StackLimit < (char*)p && (char*)p <= (char*)NtCurrentTeb()->Tib.StackBase) /* p is on the stack */; else /* p is not on the stack */
You could add some logging to dlls/ntdll/virtual.c:virtual_alloc_thread_stack() to record the range of each thread's stack.
Something like:
void test() { char stack[10], *heap = HeapAlloc(1234); printf("%p %p", stack, heap); }
Can I be sure the first printed value is from stack and the second from heap?
Are you asking whether that function will print an address on the stack and an address from the heap? Yes, it will. Or are you asking if you can determine the difference between the two types of pointers just by inspection? I don't think there are hard-and-fast rules, but with experience you can make a pretty good guess. For example, at least on OS X (32-bit), addresses around 0x0033nnnn are typical of the first thread's stack. You'll see a lot of those as arguments in a relay log because it's common to pass the address of a local in function calls.
A plus question would be: Is it possible to know if an address is a const string?
Do you mean a *static* const string? If it is, it will be from a mapped executable image. A +virtual log will show the address ranges to which images are loaded.
-Ken
On Fri, Feb 20, 2015 at 1:04 AM, Ken Thomases ken@codeweavers.com wrote:
On Feb 19, 2015, at 7:53 PM, Bruno Jesus 00cpxxx@gmail.com wrote:
Can I be sure the first printed value is from stack and the second from heap?
Are you asking whether that function will print an address on the stack and an address from the heap? Yes, it will. Or are you asking if you can determine the difference between the two types of pointers just by inspection? I don't think there are hard-and-fast rules, but with experience you can make a pretty good guess. For example, at least on OS X (32-bit), addresses around 0x0033nnnn are typical of the first thread's stack. You'll see a lot of those as arguments in a relay log because it's common to pass the address of a local in function calls.
Thank you very much, all information was useful.
A plus question would be: Is it possible to know if an address is a const string?
Do you mean a *static* const string? If it is, it will be from a mapped executable image. A +virtual log will show the address ranges to which images are loaded.
I mean:
void test(char *p) { if(magic_test_ptr(p)) //this is a string declared with "" else //this is not a string declared with "" }
void test2() { char p[10]; test("1234"); test(p); }
Best wishes, Bruno
-
Bruno Jesus -
Ken Thomases