user5545734
Reputation:
How to avoid ChildEBP and RetAddr in WinDbg call stack?
If one outputs call stack in WinDbg using k command then the output includes two columns ChildEBP and RetAddr at the beginning:
ChildEBP RetAddr
0151d9c8 55c59339 KERNELBASE!RaiseException+0x48
0151da08 00e15b3a msvcr120!_CxxThrowException+0x5b [f:\dd\vctools\crt\crtw32\eh\throw.cpp @ 152]
...
Given many crash dumps which I would like to cluster by the similarity of call stacks, ChildEBP and RetAddr addresses are preventing me from doing it: they are different even if the call stacks are actually the same just because of different addresses where DLLs were loaded.
It is clear that such things can be removed by some simple text processing, but may be there is some command in WinDbg which allows showing call stacks without ChildEBP and RetAddr like that:
KERNELBASE!RaiseException+0x48
msvcr120!_CxxThrowException+0x5b [f:\dd\vctools\crt\crtw32\eh\throw.cpp @ 152]
...
?
Upvotes: 0
Views: 360
Answers (1)
Thomas Weller
Reputation: 59564
As mentioned by Sean Cline in the comments already, kc displays a clean stack.
Upvotes: 1
Related Questions
- Maximum call stack size exceeded error
- How to import an SQL file using the command line in MySQL?
- How to skip certain database tables with mysqldump?
- How do you find out the caller function in JavaScript?
- Windbg - how to show the call stack method instead of addresses
- Explain the concept of a stack frame in a nutshell
- Search in call stack
- WinDbg not showing entire call stack?
- How to inpect the registers value on a specific call stack frame in windbg
- How to manage systemwide libraries when viewing a dump in VS or WinDBG?