├── LICENSE ├── README.md ├── example.png ├── example_ip.png ├── stackhtml_example ├── 2d383de4-2caf-443c-b368-3de9192aad36.svg ├── 39b534c0-2cd5-4e6b-8c93-ce632b1b07b0.svg ├── 41957ef9-b08f-42c9-89b1-a99c6de82981.svg ├── 44173128-e33a-4091-b844-cf38e9f9647a.svg ├── 463d417c-983a-4ef1-af89-7b63215cc597.svg ├── 488f5237-2d9b-4c83-9b16-d847416dae68.svg ├── 6b703b8c-d4c2-425f-b384-db361ade0d9d.svg ├── 87211e9e-55e5-442f-b619-22cf639a9186.svg ├── a73bd1f7-4b5b-41a3-8460-9bfb0183654d.svg ├── e8bec061-4c69-4b92-a584-027840a0a9d1.svg ├── f268870f-fdc9-4f18-8616-b07440f27463.svg └── graph.html └── ufgraph.py /LICENSE: -------------------------------------------------------------------------------- 1 | This code is available under MIT License. 2 | 3 | Permission is hereby granted, free of charge, to any person obtaining a copy 4 | of this software and associated documentation files (the "Software"), to deal 5 | in the Software without restriction, including without limitation the rights 6 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 7 | copies of the Software, and to permit persons to whom the Software is 8 | furnished to do so, subject to the following conditions: 9 | 10 | The above copyright notice and this permission notice shall be included in 11 | all copies or substantial portions of the Software. 12 | 13 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 14 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 15 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 16 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 17 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 18 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN 19 | THE SOFTWARE. -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # ufgraph.py # 2 | ---------- 3 | 4 | ufgraph.py is a simple script which parses the output of the `uf` (un-assemble function) command in windbg and uses graphviz to generate a control flow graph as a PNG/SVG/PDF/GIF (see -of option) and displays it 5 | 6 | *Please note, that some additional options (eg: `/c`) to the `uf` command are not supported and will likely break the output parsing or graph rendering.* 7 | 8 | ## Requirements ## 9 | ---------- 10 | 11 | * Python 2.7 12 | * Graphviz 13 | * [http://www.graphviz.org/Download.php ](http://www.graphviz.org/Download.php) 14 | * make sure the binaries are in your %PATH% 15 | * graphviz python package (optional, but more stable) 16 | * [https://pypi.python.org/pypi/graphviz](https://pypi.python.org/pypi/graphviz) 17 | * `pip install graphviz` 18 | 19 | 20 | ## Usage ## 21 | ---------- 22 | 23 | From within windbg, simply run the script using the `.shell` command as follows: 24 | 25 | `.shell -ci "uf ntdll!rtlinsertentryhashtable" c:\python27\python.exe ufgraph.py` 26 | 27 | 28 | ![](https://raw.githubusercontent.com/bfosterjr/ufgraph/master/example.png) 29 | 30 | 31 | It is also possible to build a call graph at your current instruction pointer (EIP/RIP) and have ufgraph highlight the this basic block as follows: 32 | 33 | `.shell -ci "r $ip; uf $ip" c:\python27\python.exe ufgraph.py` 34 | 35 | 36 | ![](https://raw.githubusercontent.com/bfosterjr/ufgraph/master/example_ip.png) 37 | 38 | 39 | It is also possible to output multiple call graphs for each frame in the call stack as follows: 40 | 41 | `.shell -ci "!for_each_frame \"r $scopeip; uf $scopeip\"" python.exe ufgraph.py -sh` -------------------------------------------------------------------------------- /example.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/bfosterjr/ufgraph/3338c1bb01a4a1ed5b0bd7f07580139e612c744b/example.png -------------------------------------------------------------------------------- /example_ip.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/bfosterjr/ufgraph/3338c1bb01a4a1ed5b0bd7f07580139e612c744b/example_ip.png -------------------------------------------------------------------------------- /stackhtml_example/2d383de4-2caf-443c-b368-3de9192aad36.svg: -------------------------------------------------------------------------------- 1 | 2 | 4 | 6 | 7 | 9 | 10 | windbg_graph 11 | 12 | 13 | tiptsfCARET::ProcessCaretEvents 14 | 15 | 00007ffb`1f501af0 push rbx 16 | 00007ffb`1f501af2 push rsi 17 | 00007ffb`1f501af3 push rdi 18 | 00007ffb`1f501af4 sub rsp,90h 19 | 00007ffb`1f501afb mov rax,qword ptr [tiptsf!_security_cookie (00007ffb`1f574788)] 20 | 00007ffb`1f501b02 xor rax,rsp 21 | 00007ffb`1f501b05 mov qword ptr [rsp+80h],rax 22 | 00007ffb`1f501b0d cmp dword ptr [tiptsf!g_eDllCapability (00007ffb`1f574390)],2 23 | 00007ffb`1f501b14 mov esi,r9d 24 | 00007ffb`1f501b17 mov rdi,r8 25 | 00007ffb`1f501b1a mov ebx,edx 26 | 00007ffb`1f501b1c jne tiptsf!CARET::ProcessCaretEvents+0xa2 (00007ffb`1f501b96) 27 | 28 | 29 | tiptsfCARET::ProcessCaretEvents0xa2 30 | 31 | 00007ffb`1f501b96 mov rcx,qword ptr [rsp+80h] 32 | 00007ffb`1f501b9e xor rcx,rsp 33 | 00007ffb`1f501ba1 call tiptsf!_security_check_cookie (00007ffb`1f5011a0) 34 | 00007ffb`1f501ba6 add rsp,90h 35 | 00007ffb`1f501bad pop rdi 36 | 00007ffb`1f501bae pop rsi 37 | 00007ffb`1f501baf pop rbx 38 | 00007ffb`1f501bb0 ret 39 | 40 | 41 | tiptsfCARET::ProcessCaretEvents->tiptsfCARET::ProcessCaretEvents0xa2 42 | 43 | 44 | 45 | 46 | tiptsfCARET::ProcessCaretEvents0x2e 47 | 48 | 00007ffb`1f501b1e cmp byte ptr [tiptsf!g_fIgnoreAllCaretEvents (00007ffb`1f574368)],0 49 | 00007ffb`1f501b25 jne tiptsf!CARET::ProcessCaretEvents+0x190 (00007ffb`1f53b55c) 50 | 51 | 52 | tiptsfCARET::ProcessCaretEvents->tiptsfCARET::ProcessCaretEvents0x2e 53 | 54 | 55 | 56 | 57 | tiptsfCARET::ProcessCaretEvents0x190 58 | 59 | 00007ffb`1f53b55c xor cl,cl 60 | 00007ffb`1f53b55e jmp tiptsf!CARET::ProcessCaretEvents+0x57 (00007ffb`1f501b47) 61 | 62 | 63 | tiptsfCARET::ProcessCaretEvents0x2e->tiptsfCARET::ProcessCaretEvents0x190 64 | 65 | 66 | 67 | 68 | tiptsfCARET::ProcessCaretEvents0x3b 69 | 70 | 00007ffb`1f501b2b mov rax,qword ptr [tiptsf!g_SharedMemory+0x8 (00007ffb`1f5759f8)] 71 | 00007ffb`1f501b32 test rax,rax 72 | 00007ffb`1f501b35 je tiptsf!CARET::ProcessCaretEvents+0x174 (00007ffb`1f53ad2e) 73 | 74 | 75 | tiptsfCARET::ProcessCaretEvents0x2e->tiptsfCARET::ProcessCaretEvents0x3b 76 | 77 | 78 | 79 | 80 | tiptsfCARET::ProcessCaretEvents0x190->tiptsfCARET::ProcessCaretEvents0x190 81 | 82 | 83 | 84 | 85 | tiptsfCARET::ProcessCaretEvents0x57 86 | 87 | 00007ffb`1f501b47 cmp byte ptr [tiptsf!g_fDoInProcCheck (00007ffb`1f574369)],0 88 | 00007ffb`1f501b4e jne tiptsf!CARET::ProcessCaretEvents+0x14f (00007ffb`1f501c0d) 89 | 90 | 91 | tiptsfCARET::ProcessCaretEvents0x190->tiptsfCARET::ProcessCaretEvents0x57 92 | 93 | 94 | 95 | 96 | tiptsfCARET::ProcessCaretEvents0x174 97 | 98 | 00007ffb`1f53ad2e lea rcx,[tiptsf!g_SharedMemory (00007ffb`1f5759f0)] 99 | 00007ffb`1f53ad35 call tiptsf!CTipSharedMemory::Open (00007ffb`1f502318) 100 | 00007ffb`1f53ad3a mov rax,qword ptr [tiptsf!g_SharedMemory+0x8 (00007ffb`1f5759f8)] 101 | 00007ffb`1f53ad41 test rax,rax 102 | 00007ffb`1f53ad44 jne tiptsf!CARET::ProcessCaretEvents+0x4b (00007ffb`1f501b3b) 103 | 104 | 105 | tiptsfCARET::ProcessCaretEvents0x3b->tiptsfCARET::ProcessCaretEvents0x174 106 | 107 | 108 | 109 | 110 | tiptsfCARET::ProcessCaretEvents0x4b 111 | 112 | 00007ffb`1f501b3b cmp dword ptr [rax+2Ch],0 113 | 00007ffb`1f501b3f je tiptsf!CARET::ProcessCaretEvents+0x190 (00007ffb`1f53b55c) 114 | 115 | 116 | tiptsfCARET::ProcessCaretEvents0x3b->tiptsfCARET::ProcessCaretEvents0x4b 117 | 118 | 119 | 120 | 121 | tiptsfCARET::ProcessCaretEvents0x174->tiptsfCARET::ProcessCaretEvents0x190 122 | 123 | 124 | 125 | 126 | tiptsfCARET::ProcessCaretEvents0x174->tiptsfCARET::ProcessCaretEvents0x4b 127 | 128 | 129 | 130 | 131 | tiptsfCARET::ProcessCaretEvents0x4b->tiptsfCARET::ProcessCaretEvents0x190 132 | 133 | 134 | 135 | 136 | tiptsfCARET::ProcessCaretEvents0x55 137 | 138 | 00007ffb`1f501b45 mov cl,1 139 | 140 | 141 | tiptsfCARET::ProcessCaretEvents0x4b->tiptsfCARET::ProcessCaretEvents0x55 142 | 143 | 144 | 145 | 146 | tiptsfCARET::ProcessCaretEvents0x55->tiptsfCARET::ProcessCaretEvents0x57 147 | 148 | 149 | 150 | 151 | tiptsfCARET::ProcessCaretEvents0x14f 152 | 153 | 00007ffb`1f501c0d mov eax,dword ptr [tiptsf!g_dwMainUIThreadId (00007ffb`1f5743e8)] 154 | 00007ffb`1f501c13 cmp dword ptr [rsp+0D8h],eax 155 | 00007ffb`1f501c1a jne tiptsf!CARET::ProcessCaretEvents+0x64 (00007ffb`1f501b54) 156 | 157 | 158 | tiptsfCARET::ProcessCaretEvents0x57->tiptsfCARET::ProcessCaretEvents0x14f 159 | 160 | 161 | 162 | 163 | tiptsfCARET::ProcessCaretEvents0x64 164 | 165 | 00007ffb`1f501b54 test cl,cl 166 | 00007ffb`1f501b56 je tiptsf!CARET::ProcessCaretEvents+0x8c (00007ffb`1f501b7c) 167 | 168 | 169 | tiptsfCARET::ProcessCaretEvents0x57->tiptsfCARET::ProcessCaretEvents0x64 170 | 171 | 172 | 173 | 174 | tiptsfCARET::ProcessCaretEvents0x14f->tiptsfCARET::ProcessCaretEvents0x64 175 | 176 | 177 | 178 | 179 | tiptsfCARET::ProcessCaretEvents0x162 180 | 181 | 00007ffb`1f53b545 jmp tiptsf!CARET::ProcessCaretEvents+0x8c (00007ffb`1f501b7c) 182 | 183 | 184 | tiptsfCARET::ProcessCaretEvents0x14f->tiptsfCARET::ProcessCaretEvents0x162 185 | 186 | 187 | 188 | 189 | tiptsfCARET::ProcessCaretEvents0x8c 190 | 191 | 00007ffb`1f501b7c mov ecx,dword ptr [tiptsf!dwTlsIndex (00007ffb`1f574378)] 192 | 00007ffb`1f501b82 cmp ecx,0FFFFFFFFh 193 | 00007ffb`1f501b85 je tiptsf!CARET::ProcessCaretEvents+0xa2 (00007ffb`1f501b96) 194 | 195 | 196 | tiptsfCARET::ProcessCaretEvents0x64->tiptsfCARET::ProcessCaretEvents0x8c 197 | 198 | 199 | 200 | 201 | tiptsfCARET::ProcessCaretEvents0x68 202 | 203 | 00007ffb`1f501b58 mov eax,dword ptr [rsp+0D0h] 204 | 00007ffb`1f501b5f mov r9d,esi 205 | 00007ffb`1f501b62 mov r8d,ebx 206 | 00007ffb`1f501b65 mov rdx,rdi 207 | 00007ffb`1f501b68 xor ecx,ecx 208 | 00007ffb`1f501b6a mov qword ptr [rsp+28h],0 209 | 00007ffb`1f501b73 mov dword ptr [rsp+20h],eax 210 | 00007ffb`1f501b77 call tiptsf!CARET::_ProcessCaretEvents (00007ffb`1f501820) 211 | 212 | 213 | tiptsfCARET::ProcessCaretEvents0x64->tiptsfCARET::ProcessCaretEvents0x68 214 | 215 | 216 | 217 | 218 | tiptsfCARET::ProcessCaretEvents0x8c->tiptsfCARET::ProcessCaretEvents0xa2 219 | 220 | 221 | 222 | 223 | tiptsfCARET::ProcessCaretEvents0x97 224 | 225 | 00007ffb`1f501b87 call qword ptr [tiptsf!_imp_TlsGetValue (00007ffb`1f57d348)] 226 | 00007ffb`1f501b8d test rax,rax 227 | 00007ffb`1f501b90 jne tiptsf!CARET::ProcessCaretEvents+0xbd (00007ffb`1f501f2e) 228 | 229 | 230 | tiptsfCARET::ProcessCaretEvents0x8c->tiptsfCARET::ProcessCaretEvents0x97 231 | 232 | 233 | 234 | 235 | tiptsfCARET::ProcessCaretEvents0x68->tiptsfCARET::ProcessCaretEvents0x8c 236 | 237 | 238 | 239 | 240 | tiptsfCARET::ProcessCaretEvents0x97->tiptsfCARET::ProcessCaretEvents0xa2 241 | 242 | 243 | 244 | 245 | tiptsfCARET::ProcessCaretEvents0xbd 246 | 247 | 00007ffb`1f501f2e mov rdi,qword ptr [rax] 248 | 00007ffb`1f501f31 test rdi,rdi 249 | 00007ffb`1f501f34 je tiptsf!CARET::ProcessCaretEvents+0xa2 (00007ffb`1f501b96) 250 | 251 | 252 | tiptsfCARET::ProcessCaretEvents0x97->tiptsfCARET::ProcessCaretEvents0xbd 253 | 254 | 255 | 256 | 257 | tiptsfCARET::ProcessCaretEvents0xbd->tiptsfCARET::ProcessCaretEvents0xa2 258 | 259 | 260 | 261 | 262 | tiptsfCARET::ProcessCaretEvents0xc5 263 | 264 | 00007ffb`1f501f3a cmp ebx,13h 265 | 00007ffb`1f501f3d ja tiptsf!CARET::ProcessCaretEvents+0xa2 (00007ffb`1f501b96) 266 | 267 | 268 | tiptsfCARET::ProcessCaretEvents0xbd->tiptsfCARET::ProcessCaretEvents0xc5 269 | 270 | 271 | 272 | 273 | tiptsfCARET::ProcessCaretEvents0x162->tiptsfCARET::ProcessCaretEvents0x8c 274 | 275 | 276 | 277 | 278 | tiptsfCARET::ProcessCaretEvents0x162->tiptsfCARET::ProcessCaretEvents0x162 279 | 280 | 281 | 282 | 283 | tiptsfCARET::ProcessCaretEvents0xc5->tiptsfCARET::ProcessCaretEvents0xa2 284 | 285 | 286 | 287 | 288 | tiptsfCARET::ProcessCaretEvents0xca 289 | 290 | 00007ffb`1f501f43 cmp ebx,7 291 | 00007ffb`1f501f46 je tiptsf!CARET::ProcessCaretEvents+0xde (00007ffb`1f501f5b) 292 | 293 | 294 | tiptsfCARET::ProcessCaretEvents0xc5->tiptsfCARET::ProcessCaretEvents0xca 295 | 296 | 297 | 298 | 299 | tiptsfCARET::ProcessCaretEvents0xde 300 | 301 | 00007ffb`1f501f5b xor edx,edx 302 | 00007ffb`1f501f5d lea rcx,[rdi+140h] 303 | 00007ffb`1f501f64 lea r8d,[rdx+10h] 304 | 00007ffb`1f501f68 call tiptsf!memset (00007ffb`1f501dc8) 305 | 00007ffb`1f501f6d xor edx,edx 306 | 00007ffb`1f501f6f lea rcx,[rdi+130h] 307 | 00007ffb`1f501f76 lea r8d,[rdx+10h] 308 | 00007ffb`1f501f7a call tiptsf!memset (00007ffb`1f501dc8) 309 | 00007ffb`1f501f7f xor edx,edx 310 | 00007ffb`1f501f81 lea rcx,[rsp+30h] 311 | 00007ffb`1f501f86 lea r8d,[rdx+48h] 312 | 00007ffb`1f501f8a call tiptsf!memset (00007ffb`1f501dc8) 313 | 00007ffb`1f501f8f lea rdx,[rsp+30h] 314 | 00007ffb`1f501f94 xor ecx,ecx 315 | 00007ffb`1f501f96 mov dword ptr [rsp+30h],48h 316 | 00007ffb`1f501f9e call qword ptr [tiptsf!_imp_GetGUIThreadInfo (00007ffb`1f57d690)] 317 | 00007ffb`1f501fa4 cmp qword ptr [rdi+0B8h],0 318 | 00007ffb`1f501fac je tiptsf!CARET::ProcessCaretEvents+0xa2 (00007ffb`1f501b96) 319 | 320 | 321 | tiptsfCARET::ProcessCaretEvents0xca->tiptsfCARET::ProcessCaretEvents0xde 322 | 323 | 324 | 325 | 326 | tiptsfCARET::ProcessCaretEvents0xcf 327 | 328 | 00007ffb`1f501f48 cmp ebx,5 329 | 00007ffb`1f501f4b je tiptsf!CARET::ProcessCaretEvents+0xde (00007ffb`1f501f5b) 330 | 331 | 332 | tiptsfCARET::ProcessCaretEvents0xca->tiptsfCARET::ProcessCaretEvents0xcf 333 | 334 | 335 | 336 | 337 | tiptsfCARET::ProcessCaretEvents0xde->tiptsfCARET::ProcessCaretEvents0xa2 338 | 339 | 340 | 341 | 342 | tiptsfCARET::ProcessCaretEvents0x135 343 | 344 | 00007ffb`1f501fb2 cmp ebx,13h 345 | 00007ffb`1f501fb5 je tiptsf!CARET::ProcessCaretEvents+0x167 (00007ffb`1f53b54a) 346 | 347 | 348 | tiptsfCARET::ProcessCaretEvents0xde->tiptsfCARET::ProcessCaretEvents0x135 349 | 350 | 351 | 352 | 353 | tiptsfCARET::ProcessCaretEvents0xcf->tiptsfCARET::ProcessCaretEvents0xde 354 | 355 | 356 | 357 | 358 | tiptsfCARET::ProcessCaretEvents0xd4 359 | 360 | 00007ffb`1f501f4d cmp ebx,0Bh 361 | 00007ffb`1f501f50 je tiptsf!CARET::ProcessCaretEvents+0xde (00007ffb`1f501f5b) 362 | 363 | 364 | tiptsfCARET::ProcessCaretEvents0xcf->tiptsfCARET::ProcessCaretEvents0xd4 365 | 366 | 367 | 368 | 369 | tiptsfCARET::ProcessCaretEvents0xd4->tiptsfCARET::ProcessCaretEvents0xde 370 | 371 | 372 | 373 | 374 | tiptsfCARET::ProcessCaretEvents0xd9 375 | 376 | 00007ffb`1f501f52 cmp ebx,13h 377 | 00007ffb`1f501f55 jne tiptsf!CARET::ProcessCaretEvents+0xa2 (00007ffb`1f501b96) 378 | 379 | 380 | tiptsfCARET::ProcessCaretEvents0xd4->tiptsfCARET::ProcessCaretEvents0xd9 381 | 382 | 383 | 384 | 385 | tiptsfCARET::ProcessCaretEvents0xd9->tiptsfCARET::ProcessCaretEvents0xa2 386 | 387 | 388 | 389 | 390 | tiptsfCARET::ProcessCaretEvents0xd9->tiptsfCARET::ProcessCaretEvents0xde 391 | 392 | 393 | 394 | 395 | tiptsfCARET::ProcessCaretEvents0x167 396 | 397 | 00007ffb`1f53b54a cmp qword ptr [rsp+48h],0 398 | 00007ffb`1f53b550 je tiptsf!CARET::ProcessCaretEvents+0x13a (00007ffb`1f501fbb) 399 | 400 | 401 | tiptsfCARET::ProcessCaretEvents0x135->tiptsfCARET::ProcessCaretEvents0x167 402 | 403 | 404 | 405 | 406 | tiptsfCARET::ProcessCaretEvents0x13a 407 | 408 | 00007ffb`1f501fbb xor r9d,r9d 409 | 00007ffb`1f501fbe mov r8b,1 410 | 00007ffb`1f501fc1 xor edx,edx 411 | 00007ffb`1f501fc3 mov rcx,rdi 412 | 00007ffb`1f501fc6 call tiptsf!CCorrectionIMX::GenerateCaretEvents (00007ffb`1f506214) 413 | 00007ffb`1f501fcb jmp tiptsf!CARET::ProcessCaretEvents+0xa2 (00007ffb`1f501b96) 414 | 415 | 416 | tiptsfCARET::ProcessCaretEvents0x135->tiptsfCARET::ProcessCaretEvents0x13a 417 | 418 | 419 | 420 | 421 | tiptsfCARET::ProcessCaretEvents0x167->tiptsfCARET::ProcessCaretEvents0x13a 422 | 423 | 424 | 425 | 426 | tiptsfCARET::ProcessCaretEvents0x16f 427 | 428 | 00007ffb`1f53b556 jmp tiptsf!CARET::ProcessCaretEvents+0xa2 (00007ffb`1f501b96) 429 | 430 | 431 | tiptsfCARET::ProcessCaretEvents0x167->tiptsfCARET::ProcessCaretEvents0x16f 432 | 433 | 434 | 435 | 436 | tiptsfCARET::ProcessCaretEvents0x13a->tiptsfCARET::ProcessCaretEvents0xa2 437 | 438 | 439 | 440 | 441 | tiptsfCARET::ProcessCaretEvents0x16f->tiptsfCARET::ProcessCaretEvents0xa2 442 | 443 | 444 | 445 | 446 | 447 | -------------------------------------------------------------------------------- /stackhtml_example/39b534c0-2cd5-4e6b-8c93-ce632b1b07b0.svg: -------------------------------------------------------------------------------- 1 | 2 | 4 | 6 | 7 | 9 | 10 | windbg_graph 11 | 12 | 13 | USER32NtUserGetMessage 14 | 15 | 00007ffb`2af82080 mov r10,rcx 16 | 00007ffb`2af82083 mov eax,1008h 17 | 00007ffb`2af82088 syscall 18 | 00007ffb`2af8208a ret 19 | 20 | 21 | 22 | -------------------------------------------------------------------------------- /stackhtml_example/41957ef9-b08f-42c9-89b1-a99c6de82981.svg: -------------------------------------------------------------------------------- 1 | 2 | 4 | 6 | 7 | 9 | 10 | windbg_graph 11 | 12 | 13 | notepadWinMain0xa6 14 | 15 | 00007ff7`d35f1000 cmp word ptr [rbx],9 16 | 00007ff7`d35f1004 je notepad!WinMain+0xac (00007ff7`d35f600c) 17 | 18 | 19 | notepadWinMain0xac 20 | 21 | 00007ff7`d35f600c add rbx,2 22 | 00007ff7`d35f6010 jmp notepad!WinMain+0xa0 (00007ff7`d35f6002) 23 | 24 | 25 | notepadWinMain0xa6->notepadWinMain0xac 26 | 27 | 28 | 29 | 30 | notepadWinMain0xb2 31 | 32 | 00007ff7`d35f100a mov r8d,esi 33 | 00007ff7`d35f100d mov rdx,rbx 34 | 00007ff7`d35f1010 mov rcx,rbp 35 | 00007ff7`d35f1013 call notepad!NPInit (00007ff7`d35f698c) 36 | 00007ff7`d35f1018 test eax,eax 37 | 00007ff7`d35f101a je notepad!WinMain+0x1c2 (00007ff7`d35f8714) 38 | 39 | 40 | notepadWinMain0xa6->notepadWinMain0xb2 41 | 42 | 43 | 44 | 45 | notepadWinMain0xa0 46 | 47 | 00007ff7`d35f6002 cmp word ptr [rbx],20h 48 | 00007ff7`d35f6006 jne notepad!WinMain+0xa6 (00007ff7`d35f1000) 49 | 50 | 51 | notepadWinMain0xac->notepadWinMain0xa0 52 | 53 | 54 | 55 | 56 | notepadWinMain0x1c2 57 | 58 | 00007ff7`d35f8714 mov qword ptr [rsp+50h],r14 59 | 00007ff7`d35f8719 jmp notepad!WinMain+0x1c7 (00007ff7`d35f148a) 60 | 61 | 62 | notepadWinMain0xb2->notepadWinMain0x1c2 63 | 64 | 65 | 66 | 67 | notepadWinMain0xc8 68 | 69 | 00007ff7`d35f1020 call qword ptr [notepad!_imp_GetCurrentProcessId (00007ff7`d360d138)] 70 | 00007ff7`d35f1026 mov ecx,800Bh 71 | 00007ff7`d35f102b mov dword ptr [rsp+30h],r14d 72 | 00007ff7`d35f1030 lea r9,[notepad!WinEventFunc (00007ff7`d3603d58)] 73 | 00007ff7`d35f1037 mov edx,ecx 74 | 00007ff7`d35f1039 xor r8d,r8d 75 | 00007ff7`d35f103c mov dword ptr [rsp+28h],r14d 76 | 00007ff7`d35f1041 mov dword ptr [rsp+20h],eax 77 | 00007ff7`d35f1045 call qword ptr [notepad!_imp_SetWinEventHook (00007ff7`d360d440)] 78 | 00007ff7`d35f104b mov rbx,rax 79 | 00007ff7`d35f104e jmp notepad!WinMain+0x165 (00007ff7`d35f1051) 80 | 81 | 82 | notepadWinMain0xb2->notepadWinMain0xc8 83 | 84 | 85 | 86 | 87 | notepadWinMain0x1c7 88 | 89 | 00007ff7`d35f148a call qword ptr [notepad!_imp_CoUninitialize (00007ff7`d360d688)] 90 | 91 | 92 | notepadWinMain0x1c2->notepadWinMain0x1c7 93 | 94 | 95 | 96 | 97 | notepadWinMain0x165 98 | 99 | 00007ff7`d35f1051 lea rcx,[rsp+40h] 100 | 00007ff7`d35f1056 xor r9d,r9d 101 | 00007ff7`d35f1059 xor r8d,r8d 102 | 00007ff7`d35f105c xor edx,edx 103 | 00007ff7`d35f105e call qword ptr [notepad!_imp_GetMessageW (00007ff7`d360d438)] 104 | 00007ff7`d35f1064 test eax,eax 105 | 00007ff7`d35f1066 je notepad!WinMain+0x180 (00007ff7`d35f144b) 106 | 107 | 108 | notepadWinMain0xc8->notepadWinMain0x165 109 | 110 | 111 | 112 | 113 | notepadWinMain0x180 114 | 115 | 00007ff7`d35f144b mov rcx,qword ptr [notepad!g_PageSetupDlg+0x10 (00007ff7`d36091f0)] 116 | 00007ff7`d35f1452 test rcx,rcx 117 | 00007ff7`d35f1455 jne notepad!WinMain+0x18c (00007ff7`d35f86fa) 118 | 119 | 120 | notepadWinMain0x165->notepadWinMain0x180 121 | 122 | 123 | 124 | 125 | notepadWinMain0xf8 126 | 127 | 00007ff7`d35f106c cmp dword ptr [rsp+48h],50h 128 | 00007ff7`d35f1071 je notepad!WinMain+0xff (00007ff7`d35f86c2) 129 | 130 | 131 | notepadWinMain0x165->notepadWinMain0xf8 132 | 133 | 134 | 135 | 136 | notepadWinMain0x18c 137 | 138 | 00007ff7`d35f86fa call qword ptr [notepad!_imp_GlobalFree (00007ff7`d360d1a8)] 139 | 00007ff7`d35f8700 nop 140 | 00007ff7`d35f8701 jmp notepad!WinMain+0x192 (00007ff7`d35f145b) 141 | 142 | 143 | notepadWinMain0x180->notepadWinMain0x18c 144 | 145 | 146 | 147 | 148 | notepadWinMain0x192 149 | 150 | 00007ff7`d35f145b mov rcx,qword ptr [notepad!g_PageSetupDlg+0x18 (00007ff7`d36091f8)] 151 | 00007ff7`d35f1462 test rcx,rcx 152 | 00007ff7`d35f1465 jne notepad!WinMain+0x19e (00007ff7`d35f8707) 153 | 154 | 155 | notepadWinMain0x180->notepadWinMain0x192 156 | 157 | 158 | 159 | 160 | notepadWinMain0xff 161 | 162 | 00007ff7`d35f86c2 mov rcx,qword ptr [notepad!hwndNP (00007ff7`d3609088)] 163 | 00007ff7`d35f86c9 xor r9d,r9d 164 | 00007ff7`d35f86cc xor r8d,r8d 165 | 00007ff7`d35f86cf mov edx,8001h 166 | 00007ff7`d35f86d4 call qword ptr [notepad!_imp_PostMessageW (00007ff7`d360d500)] 167 | 00007ff7`d35f86da nop 168 | 00007ff7`d35f86db jmp notepad!WinMain+0x117 (00007ff7`d35f1077) 169 | 170 | 171 | notepadWinMain0xf8->notepadWinMain0xff 172 | 173 | 174 | 175 | 176 | notepadWinMain0x117 177 | 178 | 00007ff7`d35f1077 mov rcx,qword ptr [notepad!hDlgFind (00007ff7`d3609c88)] 179 | 00007ff7`d35f107e test rcx,rcx 180 | 00007ff7`d35f1081 jne notepad!WinMain+0x123 (00007ff7`d35f86e1) 181 | 182 | 183 | notepadWinMain0xf8->notepadWinMain0x117 184 | 185 | 186 | 187 | 188 | notepadWinMain0xff->notepadWinMain0x117 189 | 190 | 191 | 192 | 193 | notepadWinMain0x123 194 | 195 | 00007ff7`d35f86e1 lea rdx,[rsp+40h] 196 | 00007ff7`d35f86e6 call qword ptr [notepad!_imp_IsDialogMessageW (00007ff7`d360d430)] 197 | 00007ff7`d35f86ec test eax,eax 198 | 00007ff7`d35f86ee je notepad!WinMain+0x132 (00007ff7`d35f1087) 199 | 200 | 201 | notepadWinMain0x117->notepadWinMain0x123 202 | 203 | 204 | 205 | 206 | notepadWinMain0x132 207 | 208 | 00007ff7`d35f1087 mov rdx,qword ptr [notepad!hAccel (00007ff7`d36090c8)] 209 | 00007ff7`d35f108e mov rcx,qword ptr [notepad!hwndNP (00007ff7`d3609088)] 210 | 00007ff7`d35f1095 lea r8,[rsp+40h] 211 | 00007ff7`d35f109a call qword ptr [notepad!_imp_TranslateAcceleratorW (00007ff7`d360d428)] 212 | 00007ff7`d35f10a0 test eax,eax 213 | 00007ff7`d35f10a2 jne notepad!WinMain+0x165 (00007ff7`d35f1051) 214 | 215 | 216 | notepadWinMain0x117->notepadWinMain0x132 217 | 218 | 219 | 220 | 221 | notepadWinMain0x123->notepadWinMain0x132 222 | 223 | 224 | 225 | 226 | notepadWinMain0x136 227 | 228 | 00007ff7`d35f86f4 jmp notepad!WinMain+0x165 (00007ff7`d35f1051) 229 | 230 | 231 | notepadWinMain0x123->notepadWinMain0x136 232 | 233 | 234 | 235 | 236 | notepadWinMain0x132->notepadWinMain0x165 237 | 238 | 239 | 240 | 241 | notepadWinMain0x14f 242 | 243 | 00007ff7`d35f10a4 lea rcx,[rsp+40h] 244 | 00007ff7`d35f10a9 call qword ptr [notepad!_imp_TranslateMessage (00007ff7`d360d420)] 245 | 00007ff7`d35f10af lea rcx,[rsp+40h] 246 | 00007ff7`d35f10b4 call qword ptr [notepad!_imp_DispatchMessageW (00007ff7`d360d418)] 247 | 00007ff7`d35f10ba nop 248 | 00007ff7`d35f10bb jmp notepad!WinMain+0x165 (00007ff7`d35f1051) 249 | 250 | 251 | notepadWinMain0x132->notepadWinMain0x14f 252 | 253 | 254 | 255 | 256 | notepadWinMain0x14f->notepadWinMain0x165 257 | 258 | 259 | 260 | 261 | notepadWinMain0x18c->notepadWinMain0x192 262 | 263 | 264 | 265 | 266 | notepadWinMain0x19e 267 | 268 | 00007ff7`d35f8707 call qword ptr [notepad!_imp_GlobalFree (00007ff7`d360d1a8)] 269 | 00007ff7`d35f870d nop 270 | 00007ff7`d35f870e jmp notepad!WinMain+0x1a4 (00007ff7`d35f146b) 271 | 272 | 273 | notepadWinMain0x192->notepadWinMain0x19e 274 | 275 | 276 | 277 | 278 | notepadWinMain0x1a4 279 | 280 | 00007ff7`d35f146b mov qword ptr [notepad!g_PageSetupDlg+0x10 (00007ff7`d36091f0)],r14 281 | 00007ff7`d35f1472 mov qword ptr [notepad!g_PageSetupDlg+0x18 (00007ff7`d36091f8)],r14 282 | 00007ff7`d35f1479 test rbx,rbx 283 | 00007ff7`d35f147c je notepad!WinMain+0x1c7 (00007ff7`d35f148a) 284 | 285 | 286 | notepadWinMain0x192->notepadWinMain0x1a4 287 | 288 | 289 | 290 | 291 | notepadWinMain0x19e->notepadWinMain0x1a4 292 | 293 | 294 | 295 | 296 | notepadWinMain0x1a4->notepadWinMain0x1c7 297 | 298 | 299 | 300 | 301 | notepadWinMain0x1b7 302 | 303 | 00007ff7`d35f147e mov rcx,rbx 304 | 00007ff7`d35f1481 call qword ptr [notepad!_imp_UnhookWinEvent (00007ff7`d360d410)] 305 | 00007ff7`d35f1487 jmp notepad!WinMain+0x1c7 (00007ff7`d35f148a) 306 | 307 | 308 | notepadWinMain0x1a4->notepadWinMain0x1b7 309 | 310 | 311 | 312 | 313 | notepadWinMain0x1cd 314 | 315 | 00007ff7`d35f1490 mov eax,dword ptr [rsp+50h] 316 | 00007ff7`d35f1494 lea r11,[rsp+70h] 317 | 00007ff7`d35f1499 mov rbx,qword ptr [r11+10h] 318 | 00007ff7`d35f149d mov rbp,qword ptr [r11+18h] 319 | 00007ff7`d35f14a1 mov rsi,qword ptr [r11+20h] 320 | 00007ff7`d35f14a5 mov rdi,qword ptr [r11+28h] 321 | 00007ff7`d35f14a9 mov rsp,r11 322 | 00007ff7`d35f14ac pop r14 323 | 00007ff7`d35f14ae ret 324 | 325 | 326 | notepadWinMain0x1c7->notepadWinMain0x1cd 327 | 328 | 329 | 330 | 331 | notepadWinMain0x1b7->notepadWinMain0x1c7 332 | 333 | 334 | 335 | 336 | notepadWinMain 337 | 338 | 00007ff7`d35f5f64 mov rax,rsp 339 | 00007ff7`d35f5f67 mov qword ptr [rax+8],rbx 340 | 00007ff7`d35f5f6b mov qword ptr [rax+10h],rbp 341 | 00007ff7`d35f5f6f mov qword ptr [rax+18h],rsi 342 | 00007ff7`d35f5f73 mov qword ptr [rax+20h],rdi 343 | 00007ff7`d35f5f77 push r14 344 | 00007ff7`d35f5f79 sub rsp,70h 345 | 00007ff7`d35f5f7d xor r14d,r14d 346 | 00007ff7`d35f5f80 mov rbp,rcx 347 | 00007ff7`d35f5f83 lea rcx,[rax-30h] 348 | 00007ff7`d35f5f87 lea r8d,[r14+28h] 349 | 00007ff7`d35f5f8b xor edx,edx 350 | 00007ff7`d35f5f8d mov esi,r9d 351 | 00007ff7`d35f5f90 mov qword ptr [rax-38h],r14 352 | 00007ff7`d35f5f94 call notepad!memset (00007ff7`d35f2204) 353 | 00007ff7`d35f5f99 call qword ptr [notepad!_imp_GetCommandLineW (00007ff7`d360d188)] 354 | 00007ff7`d35f5f9f lea edx,[r14+1] 355 | 00007ff7`d35f5fa3 xor r9d,r9d 356 | 00007ff7`d35f5fa6 xor r8d,r8d 357 | 00007ff7`d35f5fa9 xor ecx,ecx 358 | 00007ff7`d35f5fab mov rbx,rax 359 | 00007ff7`d35f5fae call qword ptr [notepad!_imp_HeapSetInformation (00007ff7`d360d150)] 360 | 00007ff7`d35f5fb4 lea edx,[r14+2] 361 | 00007ff7`d35f5fb8 xor ecx,ecx 362 | 00007ff7`d35f5fba call qword ptr [notepad!_imp_CoInitializeEx (00007ff7`d360d690)] 363 | 00007ff7`d35f5fc0 test eax,eax 364 | 00007ff7`d35f5fc2 js notepad!WinMain+0x1cd (00007ff7`d35f1490) 365 | 366 | 367 | notepadWinMain->notepadWinMain0x1cd 368 | 369 | 370 | 371 | 372 | notepadWinMain0x64 373 | 374 | 00007ff7`d35f5fc8 movzx eax,word ptr [rbx] 375 | 00007ff7`d35f5fcb mov edi,r14d 376 | 00007ff7`d35f5fce jmp notepad!WinMain+0x9b (00007ff7`d35f5fd1) 377 | 378 | 379 | notepadWinMain->notepadWinMain0x64 380 | 381 | 382 | 383 | 384 | notepadWinMain0x9b 385 | 386 | 00007ff7`d35f5fd1 test ax,ax 387 | 00007ff7`d35f5fd4 je notepad!WinMain+0xa0 (00007ff7`d35f6002) 388 | 389 | 390 | notepadWinMain0x64->notepadWinMain0x9b 391 | 392 | 393 | 394 | 395 | notepadWinMain0x9b->notepadWinMain0xa0 396 | 397 | 398 | 399 | 400 | notepadWinMain0x6c 401 | 402 | 00007ff7`d35f5fd6 cmp ax,20h 403 | 00007ff7`d35f5fda je notepad!WinMain+0x78 (00007ff7`d35f5ffe) 404 | 405 | 406 | notepadWinMain0x9b->notepadWinMain0x6c 407 | 408 | 409 | 410 | 411 | notepadWinMain0xa0->notepadWinMain0xa6 412 | 413 | 414 | 415 | 416 | notepadWinMain0xa0->notepadWinMain0xac 417 | 418 | 419 | 420 | 421 | notepadWinMain0x78 422 | 423 | 00007ff7`d35f5ffe test edi,edi 424 | 00007ff7`d35f6000 jne notepad!WinMain+0x7c (00007ff7`d35f5fe2) 425 | 426 | 427 | notepadWinMain0x6c->notepadWinMain0x78 428 | 429 | 430 | 431 | 432 | notepadWinMain0x72 433 | 434 | 00007ff7`d35f5fdc cmp ax,9 435 | 00007ff7`d35f5fe0 je notepad!WinMain+0x78 (00007ff7`d35f5ffe) 436 | 437 | 438 | notepadWinMain0x6c->notepadWinMain0x72 439 | 440 | 441 | 442 | 443 | notepadWinMain0x78->notepadWinMain0xa0 444 | 445 | 446 | 447 | 448 | notepadWinMain0x7c 449 | 450 | 00007ff7`d35f5fe2 cmp ax,22h 451 | 00007ff7`d35f5fe6 je notepad!WinMain+0x82 (00007ff7`d35f86b2) 452 | 453 | 454 | notepadWinMain0x78->notepadWinMain0x7c 455 | 456 | 457 | 458 | 459 | notepadWinMain0x72->notepadWinMain0x78 460 | 461 | 462 | 463 | 464 | notepadWinMain0x72->notepadWinMain0x7c 465 | 466 | 467 | 468 | 469 | notepadWinMain0x82 470 | 471 | 00007ff7`d35f86b2 test edi,edi 472 | 00007ff7`d35f86b4 mov eax,r14d 473 | 00007ff7`d35f86b7 sete al 474 | 00007ff7`d35f86ba mov edi,eax 475 | 00007ff7`d35f86bc jmp notepad!WinMain+0x8c (00007ff7`d35f5fec) 476 | 477 | 478 | notepadWinMain0x7c->notepadWinMain0x82 479 | 480 | 481 | 482 | 483 | notepadWinMain0x8c 484 | 485 | 00007ff7`d35f5fec mov rcx,rbx 486 | 00007ff7`d35f5fef call qword ptr [notepad!_imp_CharNextW (00007ff7`d360d448)] 487 | 00007ff7`d35f5ff5 mov rbx,rax 488 | 00007ff7`d35f5ff8 movzx eax,word ptr [rax] 489 | 00007ff7`d35f5ffb jmp notepad!WinMain+0x9b (00007ff7`d35f5fd1) 490 | 491 | 492 | notepadWinMain0x7c->notepadWinMain0x8c 493 | 494 | 495 | 496 | 497 | notepadWinMain0x82->notepadWinMain0x8c 498 | 499 | 500 | 501 | 502 | notepadWinMain0x8c->notepadWinMain0x9b 503 | 504 | 505 | 506 | 507 | notepadWinMain0x136->notepadWinMain0x165 508 | 509 | 510 | 511 | 512 | 513 | -------------------------------------------------------------------------------- /stackhtml_example/44173128-e33a-4091-b844-cf38e9f9647a.svg: -------------------------------------------------------------------------------- 1 | 2 | 4 | 6 | 7 | 9 | 10 | windbg_graph 11 | 12 | 13 | notepadWinMainCRTStartup0x17f 14 | 15 | 00007ff7`d35f1207 test byte ptr [rsp+7Ch],1 16 | 00007ff7`d35f120c movzx eax,word ptr [rsp+80h] 17 | 00007ff7`d35f1214 mov r9d,0Ah 18 | 00007ff7`d35f121a cmovne r9d,eax 19 | 00007ff7`d35f121e mov r8,rbx 20 | 00007ff7`d35f1221 xor edx,edx 21 | 00007ff7`d35f1223 lea rcx,[notepad!_guard_check_icall_fptr <PERF> (notepad+0x0) (00007ff7`d35f0000)] 22 | 00007ff7`d35f122a call notepad!WinMain (00007ff7`d35f5f64) 23 | 00007ff7`d35f122f mov dword ptr [notepad!szFormattedDate+0x500 (00007ff7`d3609018)],eax 24 | 00007ff7`d35f1235 cmp dword ptr [notepad!szFormattedDate+0x520 (00007ff7`d3609020)],0 25 | 00007ff7`d35f123c jne notepad!WinMainCRTStartup+0x1be (00007ff7`d3600b22) 26 | 27 | 28 | notepadWinMainCRTStartup0x1be 29 | 30 | 00007ff7`d3600b22 cmp dword ptr [notepad!szFormattedDate+0x504 (00007ff7`d360a768)],0 31 | 00007ff7`d3600b29 jne notepad!WinMainCRTStartup+0x1d3 (00007ff7`d3600b37) 32 | 33 | 34 | notepadWinMainCRTStartup0x17f->notepadWinMainCRTStartup0x1be 35 | 36 | 37 | 38 | 39 | notepadWinMainCRTStartup0x1b6 40 | 41 | 00007ff7`d35f1242 mov ecx,eax 42 | 00007ff7`d35f1244 call qword ptr [notepad!_imp_exit (00007ff7`d360d5d0)] 43 | 00007ff7`d35f124a nop 44 | 00007ff7`d35f124b jmp notepad!WinMainCRTStartup+0x1be (00007ff7`d3600b22) 45 | 46 | 47 | notepadWinMainCRTStartup0x17f->notepadWinMainCRTStartup0x1b6 48 | 49 | 50 | 51 | 52 | notepadWinMainCRTStartup0x1d3 53 | 54 | 00007ff7`d3600b37 jmp notepad!WinMainCRTStartup+0x236 (00007ff7`d3600b88) 55 | 56 | 57 | notepadWinMainCRTStartup0x1be->notepadWinMainCRTStartup0x1d3 58 | 59 | 60 | 61 | 62 | notepadWinMainCRTStartup0x1c7 63 | 64 | 00007ff7`d3600b2b call qword ptr [notepad!_imp__cexit (00007ff7`d360d5c0)] 65 | 00007ff7`d3600b31 mov eax,dword ptr [notepad!szFormattedDate+0x500 (00007ff7`d3609018)] 66 | 67 | 68 | notepadWinMainCRTStartup0x1be->notepadWinMainCRTStartup0x1c7 69 | 70 | 71 | 72 | 73 | notepadWinMainCRTStartup0x1b6->notepadWinMainCRTStartup0x1be 74 | 75 | 76 | 77 | 78 | notepadWinMainCRTStartup0x18 79 | 80 | 00007ff7`d35f60b0 mov qword ptr [rsp+8],rbx 81 | 00007ff7`d35f60b5 mov qword ptr [rsp+10h],rdi 82 | 00007ff7`d35f60ba push r14 83 | 00007ff7`d35f60bc sub rsp,0B0h 84 | 00007ff7`d35f60c3 and dword ptr [rsp+20h],0 85 | 00007ff7`d35f60c8 lea rcx,[rsp+40h] 86 | 00007ff7`d35f60cd call qword ptr [notepad!_imp_GetStartupInfoW (00007ff7`d360d210)] 87 | 00007ff7`d35f60d3 nop 88 | 00007ff7`d35f60d4 mov rax,qword ptr gs:[30h] 89 | 00007ff7`d35f60dd mov rbx,qword ptr [rax+8] 90 | 00007ff7`d35f60e1 xor edi,edi 91 | 92 | 93 | notepadWinMainCRTStartup0x4b 94 | 95 | 00007ff7`d35f60e3 xor eax,eax 96 | 00007ff7`d35f60e5 lock cmpxchg qword ptr [notepad!_native_startup_lock (00007ff7`d3609000)],rbx 97 | 00007ff7`d35f60ee jne notepad!WinMainCRTStartup+0x58 (00007ff7`d3600aad) 98 | 99 | 100 | notepadWinMainCRTStartup0x18->notepadWinMainCRTStartup0x4b 101 | 102 | 103 | 104 | 105 | notepadWinMainCRTStartup0x58 106 | 107 | 00007ff7`d3600aad cmp rax,rbx 108 | 00007ff7`d3600ab0 jne notepad!WinMainCRTStartup+0x64 (00007ff7`d3600abc) 109 | 110 | 111 | notepadWinMainCRTStartup0x4b->notepadWinMainCRTStartup0x58 112 | 113 | 114 | 115 | 116 | notepadWinMainCRTStartup0x71 117 | 118 | 00007ff7`d35f60f4 mov eax,dword ptr [notepad!_native_startup_state (00007ff7`d3609060)] 119 | 00007ff7`d35f60fa cmp eax,1 120 | 00007ff7`d35f60fd je notepad!WinMainCRTStartup+0x7c (00007ff7`d3600acd) 121 | 122 | 123 | notepadWinMainCRTStartup0x4b->notepadWinMainCRTStartup0x71 124 | 125 | 126 | 127 | 128 | notepadWinMainCRTStartup0x64 129 | 130 | 00007ff7`d3600abc mov ecx,3E8h 131 | 00007ff7`d3600ac1 call qword ptr [notepad!_imp_Sleep (00007ff7`d360d208)] 132 | 00007ff7`d3600ac7 jmp notepad!WinMainCRTStartup+0x4b (00007ff7`d35f60e3) 133 | 134 | 135 | notepadWinMainCRTStartup0x58->notepadWinMainCRTStartup0x64 136 | 137 | 138 | 139 | 140 | notepadWinMainCRTStartup0x5d 141 | 142 | 00007ff7`d3600ab2 mov edi,1 143 | 00007ff7`d3600ab7 jmp notepad!WinMainCRTStartup+0x71 (00007ff7`d35f60f4) 144 | 145 | 146 | notepadWinMainCRTStartup0x58->notepadWinMainCRTStartup0x5d 147 | 148 | 149 | 150 | 151 | notepadWinMainCRTStartup0x7c 152 | 153 | 00007ff7`d3600acd lea ecx,[rax+1Eh] 154 | 00007ff7`d3600ad0 call notepad!amsg_exit (00007ff7`d3607708) 155 | 00007ff7`d3600ad5 jmp notepad!WinMainCRTStartup+0xeb (00007ff7`d35f6160) 156 | 157 | 158 | notepadWinMainCRTStartup0x71->notepadWinMainCRTStartup0x7c 159 | 160 | 161 | 162 | 163 | notepadWinMainCRTStartup0x86 164 | 165 | 00007ff7`d35f6103 mov eax,dword ptr [notepad!_native_startup_state (00007ff7`d3609060)] 166 | 00007ff7`d35f6109 test eax,eax 167 | 00007ff7`d35f610b jne notepad!WinMainCRTStartup+0xe1 (00007ff7`d3600ae5) 168 | 169 | 170 | notepadWinMainCRTStartup0x71->notepadWinMainCRTStartup0x86 171 | 172 | 173 | 174 | 175 | notepadWinMainCRTStartup0xeb 176 | 177 | 00007ff7`d35f6160 mov eax,dword ptr [notepad!_native_startup_state (00007ff7`d3609060)] 178 | 00007ff7`d35f6166 cmp eax,1 179 | 00007ff7`d35f6169 jne notepad!WinMainCRTStartup+0x113 (00007ff7`d35f6188) 180 | 181 | 182 | notepadWinMainCRTStartup0x7c->notepadWinMainCRTStartup0xeb 183 | 184 | 185 | 186 | 187 | notepadWinMainCRTStartup0xe1 188 | 189 | 00007ff7`d3600ae5 mov dword ptr [notepad!szFormattedDate+0x504 (00007ff7`d360a768)],1 190 | 00007ff7`d3600aef jmp notepad!WinMainCRTStartup+0xeb (00007ff7`d35f6160) 191 | 192 | 193 | notepadWinMainCRTStartup0x86->notepadWinMainCRTStartup0xe1 194 | 195 | 196 | 197 | 198 | notepadWinMainCRTStartup0x90 199 | 200 | 00007ff7`d35f6111 mov dword ptr [notepad!_native_startup_state (00007ff7`d3609060)],1 201 | 00007ff7`d35f611b lea r14,[notepad!_xi_z (00007ff7`d35f75d8)] 202 | 00007ff7`d35f6122 lea rbx,[notepad!_xi_a (00007ff7`d35f75c0)] 203 | 00007ff7`d35f6129 mov qword ptr [rsp+38h],rbx 204 | 00007ff7`d35f612e mov dword ptr [rsp+30h],eax 205 | 206 | 207 | notepadWinMainCRTStartup0x86->notepadWinMainCRTStartup0x90 208 | 209 | 210 | 211 | 212 | notepadWinMainCRTStartup0xe1->notepadWinMainCRTStartup0xeb 213 | 214 | 215 | 216 | 217 | notepadWinMainCRTStartup0xb1 218 | 219 | 00007ff7`d35f6132 cmp rbx,r14 220 | 00007ff7`d35f6135 jae notepad!WinMainCRTStartup+0xd3 (00007ff7`d35f6158) 221 | 222 | 223 | notepadWinMainCRTStartup0x90->notepadWinMainCRTStartup0xb1 224 | 225 | 226 | 227 | 228 | notepadWinMainCRTStartup0xd3 229 | 230 | 00007ff7`d35f6158 test eax,eax 231 | 00007ff7`d35f615a jne notepad!WinMainCRTStartup+0xd7 (00007ff7`d3600adb) 232 | 233 | 234 | notepadWinMainCRTStartup0xb1->notepadWinMainCRTStartup0xd3 235 | 236 | 237 | 238 | 239 | notepadWinMainCRTStartup0xb6 240 | 241 | 00007ff7`d35f6137 test eax,eax 242 | 00007ff7`d35f6139 jne notepad!WinMainCRTStartup+0xd7 (00007ff7`d3600adb) 243 | 244 | 245 | notepadWinMainCRTStartup0xb1->notepadWinMainCRTStartup0xb6 246 | 247 | 248 | 249 | 250 | notepadWinMainCRTStartup0xd7 251 | 252 | 00007ff7`d3600adb mov eax,0FFh 253 | 00007ff7`d3600ae0 jmp notepad!WinMainCRTStartup+0x236 (00007ff7`d3600b88) 254 | 255 | 256 | notepadWinMainCRTStartup0xd3->notepadWinMainCRTStartup0xd7 257 | 258 | 259 | 260 | 261 | notepadWinMainCRTStartup0xd3->notepadWinMainCRTStartup0xeb 262 | 263 | 264 | 265 | 266 | notepadWinMainCRTStartup0xb6->notepadWinMainCRTStartup0xd7 267 | 268 | 269 | 270 | 271 | notepadWinMainCRTStartup0xba 272 | 273 | 00007ff7`d35f613f mov rcx,qword ptr [rbx] 274 | 00007ff7`d35f6142 test rcx,rcx 275 | 00007ff7`d35f6145 je notepad!WinMainCRTStartup+0xc8 (00007ff7`d35f614d) 276 | 277 | 278 | notepadWinMainCRTStartup0xb6->notepadWinMainCRTStartup0xba 279 | 280 | 281 | 282 | 283 | notepadWinMainCRTStartup0x236 284 | 285 | 00007ff7`d3600b88 lea r11,[rsp+0B0h] 286 | 00007ff7`d3600b90 mov rbx,qword ptr [r11+10h] 287 | 00007ff7`d3600b94 mov rdi,qword ptr [r11+18h] 288 | 00007ff7`d3600b98 mov rsp,r11 289 | 00007ff7`d3600b9b pop r14 290 | 00007ff7`d3600b9d ret 291 | 292 | 293 | notepadWinMainCRTStartup0xd7->notepadWinMainCRTStartup0x236 294 | 295 | 296 | 297 | 298 | notepadWinMainCRTStartup0xc8 299 | 300 | 00007ff7`d35f614d add rbx,8 301 | 00007ff7`d35f6151 mov qword ptr [rsp+38h],rbx 302 | 00007ff7`d35f6156 jmp notepad!WinMainCRTStartup+0xb1 (00007ff7`d35f6132) 303 | 304 | 305 | notepadWinMainCRTStartup0xba->notepadWinMainCRTStartup0xc8 306 | 307 | 308 | 309 | 310 | notepadWinMainCRTStartup0xc2 311 | 312 | 00007ff7`d35f6147 call rcx 313 | 00007ff7`d35f6149 mov dword ptr [rsp+30h],eax 314 | 315 | 316 | notepadWinMainCRTStartup0xba->notepadWinMainCRTStartup0xc2 317 | 318 | 319 | 320 | 321 | notepadWinMainCRTStartup0xc8->notepadWinMainCRTStartup0xb1 322 | 323 | 324 | 325 | 326 | notepadWinMainCRTStartup0xc2->notepadWinMainCRTStartup0xc8 327 | 328 | 329 | 330 | 331 | notepadWinMainCRTStartup0x113 332 | 333 | 00007ff7`d35f6188 test edi,edi 334 | 00007ff7`d35f618a jne notepad!WinMainCRTStartup+0x120 (00007ff7`d35f6195) 335 | 336 | 337 | notepadWinMainCRTStartup0xeb->notepadWinMainCRTStartup0x113 338 | 339 | 340 | 341 | 342 | notepadWinMainCRTStartup0xf6 343 | 344 | 00007ff7`d35f616b lea rdx,[notepad!_xc_z (00007ff7`d35f75f0)] 345 | 00007ff7`d35f6172 lea rcx,[notepad!_xc_a (00007ff7`d35f75e0)] 346 | 00007ff7`d35f6179 call notepad!initterm (00007ff7`d35f5ef0) 347 | 00007ff7`d35f617e mov dword ptr [notepad!_native_startup_state (00007ff7`d3609060)],2 348 | 349 | 350 | notepadWinMainCRTStartup0xeb->notepadWinMainCRTStartup0xf6 351 | 352 | 353 | 354 | 355 | notepadWinMainCRTStartup0x120 356 | 357 | 00007ff7`d35f6195 cmp qword ptr [notepad!_dyn_tls_init_callback (00007ff7`d3609fc8)],0 358 | 00007ff7`d35f619d jne notepad!WinMainCRTStartup+0x12a (00007ff7`d3600af5) 359 | 360 | 361 | notepadWinMainCRTStartup0x113->notepadWinMainCRTStartup0x120 362 | 363 | 364 | 365 | 366 | notepadWinMainCRTStartup0x117 367 | 368 | 00007ff7`d35f618c xor eax,eax 369 | 00007ff7`d35f618e xchg rax,qword ptr [notepad!_native_startup_lock (00007ff7`d3609000)] 370 | 371 | 372 | notepadWinMainCRTStartup0x113->notepadWinMainCRTStartup0x117 373 | 374 | 375 | 376 | 377 | notepadWinMainCRTStartup0xf6->notepadWinMainCRTStartup0x113 378 | 379 | 380 | 381 | 382 | notepadWinMainCRTStartup0x12a 383 | 384 | 00007ff7`d3600af5 lea rcx,[notepad!_dyn_tls_init_callback (00007ff7`d3609fc8)] 385 | 00007ff7`d3600afc call notepad!IsNonwritableInCurrentImage (00007ff7`d3607770) 386 | 00007ff7`d3600b01 test eax,eax 387 | 00007ff7`d3600b03 je notepad!WinMainCRTStartup+0x14c (00007ff7`d35f61a3) 388 | 389 | 390 | notepadWinMainCRTStartup0x120->notepadWinMainCRTStartup0x12a 391 | 392 | 393 | 394 | 395 | notepadWinMainCRTStartup0x14c 396 | 397 | 00007ff7`d35f61a3 mov rax,qword ptr [notepad!_imp__acmdln (00007ff7`d360d598)] 398 | 00007ff7`d35f61aa mov rbx,qword ptr [rax] 399 | 00007ff7`d35f61ad mov qword ptr [rsp+28h],rbx 400 | 00007ff7`d35f61b2 mov edi,dword ptr [rsp+20h] 401 | 402 | 403 | notepadWinMainCRTStartup0x120->notepadWinMainCRTStartup0x14c 404 | 405 | 406 | 407 | 408 | notepadWinMainCRTStartup0x117->notepadWinMainCRTStartup0x120 409 | 410 | 411 | 412 | 413 | notepadWinMainCRTStartup0x12a->notepadWinMainCRTStartup0x14c 414 | 415 | 416 | 417 | 418 | notepadWinMainCRTStartup0x13a 419 | 420 | 00007ff7`d3600b09 xor r8d,r8d 421 | 00007ff7`d3600b0c lea edx,[r8+2] 422 | 00007ff7`d3600b10 xor ecx,ecx 423 | 00007ff7`d3600b12 mov rax,qword ptr [notepad!_dyn_tls_init_callback (00007ff7`d3609fc8)] 424 | 00007ff7`d3600b19 call rax 425 | 00007ff7`d3600b1b nop 426 | 00007ff7`d3600b1c jmp notepad!WinMainCRTStartup+0x14c (00007ff7`d35f61a3) 427 | 428 | 429 | notepadWinMainCRTStartup0x12a->notepadWinMainCRTStartup0x13a 430 | 431 | 432 | 433 | 434 | notepadWinMainCRTStartup0x15f 435 | 436 | 00007ff7`d35f61b6 cmp byte ptr [rbx],20h 437 | 00007ff7`d35f61b9 jbe notepad!WinMainCRTStartup+0x164 (00007ff7`d35f61e0) 438 | 439 | 440 | notepadWinMainCRTStartup0x14c->notepadWinMainCRTStartup0x15f 441 | 442 | 443 | 444 | 445 | notepadWinMainCRTStartup0x164 446 | 447 | 00007ff7`d35f61e0 cmp byte ptr [rbx],0 448 | 00007ff7`d35f61e3 je notepad!WinMainCRTStartup+0x16d (00007ff7`d35f61e9) 449 | 450 | 451 | notepadWinMainCRTStartup0x15f->notepadWinMainCRTStartup0x164 452 | 453 | 454 | 455 | 456 | notepadWinMainCRTStartup0x1d5 457 | 458 | 00007ff7`d35f61bb cmp byte ptr [rbx],22h 459 | 00007ff7`d35f61be je notepad!WinMainCRTStartup+0x1da (00007ff7`d3600b3a) 460 | 461 | 462 | notepadWinMainCRTStartup0x15f->notepadWinMainCRTStartup0x1d5 463 | 464 | 465 | 466 | 467 | notepadWinMainCRTStartup0x16d 468 | 469 | 00007ff7`d35f61e9 mov al,byte ptr [rbx] 470 | 00007ff7`d35f61eb dec al 471 | 00007ff7`d35f61ed cmp al,1Fh 472 | 00007ff7`d35f61ef ja notepad!WinMainCRTStartup+0x17f (00007ff7`d35f1207) 473 | 474 | 475 | notepadWinMainCRTStartup0x164->notepadWinMainCRTStartup0x16d 476 | 477 | 478 | 479 | 480 | notepadWinMainCRTStartup0x169 481 | 482 | 00007ff7`d35f61e5 test edi,edi 483 | 00007ff7`d35f61e7 jne notepad!WinMainCRTStartup+0x1d5 (00007ff7`d35f61bb) 484 | 485 | 486 | notepadWinMainCRTStartup0x164->notepadWinMainCRTStartup0x169 487 | 488 | 489 | 490 | 491 | notepadWinMainCRTStartup0x1da 492 | 493 | 00007ff7`d3600b3a xor eax,eax 494 | 00007ff7`d3600b3c test edi,edi 495 | 00007ff7`d3600b3e sete al 496 | 00007ff7`d3600b41 mov edi,eax 497 | 00007ff7`d3600b43 mov dword ptr [rsp+20h],eax 498 | 00007ff7`d3600b47 jmp notepad!WinMainCRTStartup+0x1e7 (00007ff7`d35f61c4) 499 | 500 | 501 | notepadWinMainCRTStartup0x1d5->notepadWinMainCRTStartup0x1da 502 | 503 | 504 | 505 | 506 | notepadWinMainCRTStartup0x1e7 507 | 508 | 00007ff7`d35f61c4 movzx ecx,byte ptr [rbx] 509 | 00007ff7`d35f61c7 call qword ptr [notepad!_imp__ismbblead (00007ff7`d360d5b8)] 510 | 00007ff7`d35f61cd test eax,eax 511 | 00007ff7`d35f61cf jne notepad!WinMainCRTStartup+0x1f4 (00007ff7`d3600b4d) 512 | 513 | 514 | notepadWinMainCRTStartup0x1d5->notepadWinMainCRTStartup0x1e7 515 | 516 | 517 | 518 | 519 | notepadWinMainCRTStartup0x1da->notepadWinMainCRTStartup0x1e7 520 | 521 | 522 | 523 | 524 | notepadWinMainCRTStartup0x1f4 525 | 526 | 00007ff7`d3600b4d inc rbx 527 | 00007ff7`d3600b50 mov qword ptr [rsp+28h],rbx 528 | 00007ff7`d3600b55 jmp notepad!WinMainCRTStartup+0x1fc (00007ff7`d35f61d5) 529 | 530 | 531 | notepadWinMainCRTStartup0x1e7->notepadWinMainCRTStartup0x1f4 532 | 533 | 534 | 535 | 536 | notepadWinMainCRTStartup0x1fc 537 | 538 | 00007ff7`d35f61d5 inc rbx 539 | 00007ff7`d35f61d8 mov qword ptr [rsp+28h],rbx 540 | 00007ff7`d35f61dd jmp notepad!WinMainCRTStartup+0x15f (00007ff7`d35f61b6) 541 | 542 | 543 | notepadWinMainCRTStartup0x1e7->notepadWinMainCRTStartup0x1fc 544 | 545 | 546 | 547 | 548 | notepadWinMainCRTStartup0x1f4->notepadWinMainCRTStartup0x1fc 549 | 550 | 551 | 552 | 553 | notepadWinMainCRTStartup0x1fc->notepadWinMainCRTStartup0x15f 554 | 555 | 556 | 557 | 558 | notepadWinMainCRTStartup0x16d->notepadWinMainCRTStartup0x17f 559 | 560 | 561 | 562 | 563 | notepadWinMainCRTStartup0x175 564 | 565 | 00007ff7`d35f61f5 inc rbx 566 | 00007ff7`d35f61f8 mov qword ptr [rsp+28h],rbx 567 | 00007ff7`d35f61fd jmp notepad!WinMainCRTStartup+0x16d (00007ff7`d35f61e9) 568 | 569 | 570 | notepadWinMainCRTStartup0x16d->notepadWinMainCRTStartup0x175 571 | 572 | 573 | 574 | 575 | notepadWinMainCRTStartup0x169->notepadWinMainCRTStartup0x1d5 576 | 577 | 578 | 579 | 580 | notepadWinMainCRTStartup0x169->notepadWinMainCRTStartup0x16d 581 | 582 | 583 | 584 | 585 | notepadWinMainCRTStartup0x175->notepadWinMainCRTStartup0x16d 586 | 587 | 588 | 589 | 590 | notepadWinMainCRTStartup0x64->notepadWinMainCRTStartup0x4b 591 | 592 | 593 | 594 | 595 | notepadWinMainCRTStartup0x5d->notepadWinMainCRTStartup0x71 596 | 597 | 598 | 599 | 600 | notepadWinMainCRTStartup0x13a->notepadWinMainCRTStartup0x14c 601 | 602 | 603 | 604 | 605 | notepadWinMainCRTStartup0x1d3->notepadWinMainCRTStartup0x236 606 | 607 | 608 | 609 | 610 | notepadWinMainCRTStartup0x1c7->notepadWinMainCRTStartup0x1d3 611 | 612 | 613 | 614 | 615 | 616 | -------------------------------------------------------------------------------- /stackhtml_example/488f5237-2d9b-4c83-9b16-d847416dae68.svg: -------------------------------------------------------------------------------- 1 | 2 | 4 | 6 | 7 | 9 | 10 | windbg_graph 11 | 12 | 13 | KERNELBASECloseHandle 14 | 15 | 00007ffb`2a2f14f0 push rbx 16 | 00007ffb`2a2f14f2 sub rsp,20h 17 | 00007ffb`2a2f14f6 mov rbx,rcx 18 | 00007ffb`2a2f14f9 cmp ecx,0FFFFFFF4h 19 | 00007ffb`2a2f14fc jae KERNELBASE!CloseHandle+0x35 (00007ffb`2a2fb44d) 20 | 21 | 22 | KERNELBASECloseHandle0x35 23 | 24 | 00007ffb`2a2fb44d cmp ecx,0FFFFFFF6h 25 | 00007ffb`2a2fb450 ja KERNELBASE!CloseHandle+0xe (00007ffb`2a2f1502) 26 | 27 | 28 | KERNELBASECloseHandle->KERNELBASECloseHandle0x35 29 | 30 | 31 | 32 | 33 | KERNELBASECloseHandle0xe 34 | 35 | 00007ffb`2a2f1502 mov rcx,rbx 36 | 00007ffb`2a2f1505 call qword ptr [KERNELBASE!_imp_NtClose (00007ffb`2a3f4038)] 37 | 00007ffb`2a2f150b test eax,eax 38 | 00007ffb`2a2f150d js KERNELBASE!CloseHandle+0x26 (00007ffb`2a2f1a9d) 39 | 40 | 41 | KERNELBASECloseHandle->KERNELBASECloseHandle0xe 42 | 43 | 44 | 45 | 46 | KERNELBASECloseHandle0x35->KERNELBASECloseHandle0xe 47 | 48 | 49 | 50 | 51 | KERNELBASECloseHandle0x3e 52 | 53 | 00007ffb`2a2fb456 jmp KERNELBASE!CloseHandle+0x3a (00007ffb`2a37c324) 54 | 55 | 56 | KERNELBASECloseHandle0x35->KERNELBASECloseHandle0x3e 57 | 58 | 59 | 60 | 61 | KERNELBASECloseHandle0x26 62 | 63 | 00007ffb`2a2f1a9d mov ecx,eax 64 | 00007ffb`2a2f1a9f call KERNELBASE!BaseSetLastNTError (00007ffb`2a2f15d4) 65 | 00007ffb`2a2f1aa4 xor eax,eax 66 | 00007ffb`2a2f1aa6 add rsp,20h 67 | 00007ffb`2a2f1aaa pop rbx 68 | 00007ffb`2a2f1aab ret 69 | 70 | 71 | KERNELBASECloseHandle0xe->KERNELBASECloseHandle0x26 72 | 73 | 74 | 75 | 76 | KERNELBASECloseHandle0x1b 77 | 78 | 00007ffb`2a2f1513 mov eax,1 79 | 00007ffb`2a2f1518 add rsp,20h 80 | 00007ffb`2a2f151c pop rbx 81 | 00007ffb`2a2f151d ret 82 | 83 | 84 | KERNELBASECloseHandle0xe->KERNELBASECloseHandle0x1b 85 | 86 | 87 | 88 | 89 | KERNELBASECloseHandle0x3a 90 | 91 | 00007ffb`2a37c324 jmp KERNELBASE!LocalOpenDynData+0xf9cc (00007ffb`2a399b84) 92 | 93 | 94 | KERNELBASECloseHandle0x3e->KERNELBASECloseHandle0x3a 95 | 96 | 97 | 98 | 99 | KERNELBASELocalOpenDynData0xf9cc 100 | 101 | 00007ffb`2a399b84 lea r8,[rsp+30h] 102 | 00007ffb`2a399b89 xor edx,edx 103 | 00007ffb`2a399b8b call KERNELBASE!SetStdHandleEx (00007ffb`2a3cda50) 104 | 00007ffb`2a399b90 test eax,eax 105 | 00007ffb`2a399b92 cmovne rbx,qword ptr [rsp+30h] 106 | 00007ffb`2a399b98 jmp KERNELBASE!CloseHandle+0xe (00007ffb`2a2f1502) 107 | 108 | 109 | KERNELBASECloseHandle0x3a->KERNELBASELocalOpenDynData0xf9cc 110 | 111 | 112 | 113 | 114 | KERNELBASELocalOpenDynData0xf9cc->KERNELBASECloseHandle0xe 115 | 116 | 117 | 118 | 119 | 120 | -------------------------------------------------------------------------------- /stackhtml_example/6b703b8c-d4c2-425f-b384-db361ade0d9d.svg: -------------------------------------------------------------------------------- 1 | 2 | 4 | 6 | 7 | 9 | 10 | windbg_graph 11 | 12 | 13 | USER32_ClientCallWinEventProc 14 | 15 | 00007ffb`2af83ba0 sub rsp,68h 16 | 00007ffb`2af83ba4 mov r9d,dword ptr [rcx+20h] 17 | 00007ffb`2af83ba8 mov r8,qword ptr [rcx+18h] 18 | 00007ffb`2af83bac mov edx,dword ptr [rcx+10h] 19 | 00007ffb`2af83baf xor eax,eax 20 | 00007ffb`2af83bb1 mov r10,rcx 21 | 00007ffb`2af83bb4 mov dword ptr [rsp+48h],eax 22 | 00007ffb`2af83bb8 mov qword ptr [rsp+50h],rax 23 | 00007ffb`2af83bbd mov eax,dword ptr [rcx+2Ch] 24 | 00007ffb`2af83bc0 mov dword ptr [rsp+30h],eax 25 | 00007ffb`2af83bc4 mov eax,dword ptr [rcx+28h] 26 | 00007ffb`2af83bc7 mov dword ptr [rsp+28h],eax 27 | 00007ffb`2af83bcb mov eax,dword ptr [rcx+24h] 28 | 00007ffb`2af83bce mov rcx,qword ptr [rcx+8] 29 | 00007ffb`2af83bd2 mov dword ptr [rsp+20h],eax 30 | 00007ffb`2af83bd6 call qword ptr [r10] 31 | 00007ffb`2af83bd9 xor r8d,r8d 32 | 00007ffb`2af83bdc mov ecx,eax 33 | 00007ffb`2af83bde lea edx,[r8+18h] 34 | 00007ffb`2af83be2 mov qword ptr [rsp+40h],rcx 35 | 00007ffb`2af83be7 lea rcx,[rsp+40h] 36 | 00007ffb`2af83bec call qword ptr [USER32!_imp_NtCallbackReturn (00007ffb`2b028128)] 37 | 00007ffb`2af83bf2 add rsp,68h 38 | 00007ffb`2af83bf6 ret 39 | 40 | 41 | 42 | -------------------------------------------------------------------------------- /stackhtml_example/87211e9e-55e5-442f-b619-22cf639a9186.svg: -------------------------------------------------------------------------------- 1 | 2 | 4 | 6 | 7 | 9 | 10 | windbg_graph 11 | 12 | 13 | KERNEL32BaseThreadInitThunk 14 | 15 | 00007ffb`2c6e16a0 sub rsp,28h 16 | 00007ffb`2c6e16a4 test ecx,ecx 17 | 00007ffb`2c6e16a6 jne KERNEL32!BaseThreadInitThunk+0x16 (00007ffb`2c6e16b6) 18 | 19 | 20 | KERNEL32BaseThreadInitThunk0x16 21 | 22 | 00007ffb`2c6e16b6 test byte ptr [SharedUserData+0x2d0 (00000000`7ffe02d0)],10h 23 | 00007ffb`2c6e16be je KERNEL32!BaseThreadInitThunk+0x29 (00007ffb`2c6e16c9) 24 | 25 | 26 | KERNEL32BaseThreadInitThunk->KERNEL32BaseThreadInitThunk0x16 27 | 28 | 29 | 30 | 31 | KERNEL32BaseThreadInitThunk0x8 32 | 33 | 00007ffb`2c6e16a8 mov rcx,r8 34 | 00007ffb`2c6e16ab call rdx 35 | 00007ffb`2c6e16ad mov ecx,eax 36 | 00007ffb`2c6e16af call qword ptr [KERNEL32!_imp_RtlExitUserThread (00007ffb`2c7fec68)] 37 | 00007ffb`2c6e16b5 int 3 38 | 39 | 40 | KERNEL32BaseThreadInitThunk->KERNEL32BaseThreadInitThunk0x8 41 | 42 | 43 | 44 | 45 | KERNEL32BaseThreadInitThunk0x29 46 | 47 | 00007ffb`2c6e16c9 xor eax,eax 48 | 49 | 50 | KERNEL32BaseThreadInitThunk0x16->KERNEL32BaseThreadInitThunk0x29 51 | 52 | 53 | 54 | 55 | KERNEL32BaseThreadInitThunk0x20 56 | 57 | 00007ffb`2c6e16c0 call KERNEL32!BasepInitializeTermsrvFpns (00007ffb`2c6e77a0) 58 | 00007ffb`2c6e16c5 test eax,eax 59 | 00007ffb`2c6e16c7 js KERNEL32!BaseThreadInitThunk+0x2b (00007ffb`2c6e16cb) 60 | 61 | 62 | KERNEL32BaseThreadInitThunk0x16->KERNEL32BaseThreadInitThunk0x20 63 | 64 | 65 | 66 | 67 | KERNEL32BaseThreadInitThunk0x8->KERNEL32BaseThreadInitThunk0x16 68 | 69 | 70 | 71 | 72 | KERNEL32BaseThreadInitThunk0x2b 73 | 74 | 00007ffb`2c6e16cb add rsp,28h 75 | 00007ffb`2c6e16cf ret 76 | 77 | 78 | KERNEL32BaseThreadInitThunk0x29->KERNEL32BaseThreadInitThunk0x2b 79 | 80 | 81 | 82 | 83 | KERNEL32BaseThreadInitThunk0x20->KERNEL32BaseThreadInitThunk0x29 84 | 85 | 86 | 87 | 88 | KERNEL32BaseThreadInitThunk0x20->KERNEL32BaseThreadInitThunk0x2b 89 | 90 | 91 | 92 | 93 | 94 | -------------------------------------------------------------------------------- /stackhtml_example/a73bd1f7-4b5b-41a3-8460-9bfb0183654d.svg: -------------------------------------------------------------------------------- 1 | 2 | 4 | 6 | 7 | 9 | 10 | windbg_graph 11 | 12 | 13 | ntdllKiUserCallbackDispatch 14 | 15 | 00007ffb`2cee3470 mov rcx,qword ptr [rsp+20h] 16 | 00007ffb`2cee3475 mov edx,dword ptr [rsp+28h] 17 | 00007ffb`2cee3479 mov r8d,dword ptr [rsp+2Ch] 18 | 00007ffb`2cee347e mov rax,qword ptr gs:[60h] 19 | 00007ffb`2cee3487 mov r9,qword ptr [rax+58h] 20 | 00007ffb`2cee348b call qword ptr [r9+r8*8] 21 | 00007ffb`2cee348f xor ecx,ecx 22 | 00007ffb`2cee3491 xor edx,edx 23 | 00007ffb`2cee3493 mov r8d,eax 24 | 00007ffb`2cee3496 call ntdll!NtCallbackReturn (00007ffb`2cee16c0) 25 | 00007ffb`2cee349b mov esi,eax 26 | 27 | 28 | ntdllKiUserCallbackDispatcherContinue0xe 29 | 30 | 00007ffb`2cee349d mov ecx,esi 31 | 00007ffb`2cee349f call ntdll!RtlRaiseStatus (00007ffb`2cf3c094) 32 | 00007ffb`2cee34a4 jmp ntdll!KiUserCallbackDispatcherContinue+0xe (00007ffb`2cee349d) 33 | 34 | 35 | ntdllKiUserCallbackDispatch->ntdllKiUserCallbackDispatcherContinue0xe 36 | 37 | 38 | 39 | 40 | ntdllKiUserCallbackDispatcherContinue0xe->ntdllKiUserCallbackDispatcherContinue0xe 41 | 42 | 43 | 44 | 45 | 46 | -------------------------------------------------------------------------------- /stackhtml_example/e8bec061-4c69-4b92-a584-027840a0a9d1.svg: -------------------------------------------------------------------------------- 1 | 2 | 4 | 6 | 7 | 9 | 10 | windbg_graph 11 | 12 | 13 | ntdllRtlUserThreadStart 14 | 15 | 00007ffb`2cea43ec sub rsp,48h 16 | 00007ffb`2cea43f0 mov r9,rcx 17 | 00007ffb`2cea43f3 mov rax,qword ptr [ntdll!Kernel32ThreadInitThunkFunction (00007ffb`2cf7c340)] 18 | 00007ffb`2cea43fa test rax,rax 19 | 00007ffb`2cea43fd je ntdll!RtlUserThreadStart+0x1f (00007ffb`2cea440b) 20 | 21 | 22 | ntdllRtlUserThreadStart0x1f 23 | 24 | 00007ffb`2cea440b mov rcx,rdx 25 | 00007ffb`2cea440e call r9 26 | 00007ffb`2cea4411 mov ecx,eax 27 | 00007ffb`2cea4413 call ntdll!RtlExitUserThread (00007ffb`2cea4430) 28 | 00007ffb`2cea4418 nop 29 | 00007ffb`2cea4419 mov edx,eax 30 | 00007ffb`2cea441b or rcx,0FFFFFFFFFFFFFFFFh 31 | 00007ffb`2cea441f call ntdll!NtTerminateProcess (00007ffb`2cee1930) 32 | 00007ffb`2cea4424 nop 33 | 34 | 35 | ntdllRtlUserThreadStart->ntdllRtlUserThreadStart0x1f 36 | 37 | 38 | 39 | 40 | ntdllRtlUserThreadStart0x13 41 | 42 | 00007ffb`2cea43ff mov r8,rdx 43 | 00007ffb`2cea4402 mov rdx,rcx 44 | 00007ffb`2cea4405 xor ecx,ecx 45 | 00007ffb`2cea4407 call rax 46 | 00007ffb`2cea4409 jmp ntdll!RtlUserThreadStart+0x39 (00007ffb`2cea4425) 47 | 48 | 49 | ntdllRtlUserThreadStart->ntdllRtlUserThreadStart0x13 50 | 51 | 52 | 53 | 54 | ntdllRtlUserThreadStart0x39 55 | 56 | 00007ffb`2cea4425 add rsp,48h 57 | 00007ffb`2cea4429 ret 58 | 59 | 60 | ntdllRtlUserThreadStart0x1f->ntdllRtlUserThreadStart0x39 61 | 62 | 63 | 64 | 65 | ntdllRtlUserThreadStart0x13->ntdllRtlUserThreadStart0x39 66 | 67 | 68 | 69 | 70 | 71 | -------------------------------------------------------------------------------- /stackhtml_example/f268870f-fdc9-4f18-8616-b07440f27463.svg: -------------------------------------------------------------------------------- 1 | 2 | 4 | 6 | 7 | 9 | 10 | windbg_graph 11 | 12 | 13 | USER32GetMessageW 14 | 15 | 00007ffb`2af82030 push rbx 16 | 00007ffb`2af82032 sub rsp,20h 17 | 00007ffb`2af82036 mov eax,r8d 18 | 00007ffb`2af82039 mov r10d,r9d 19 | 00007ffb`2af8203c mov rbx,rcx 20 | 00007ffb`2af8203f or eax,r9d 21 | 00007ffb`2af82042 test eax,0FFFE0000h 22 | 00007ffb`2af82047 jne USER32!GetMessageW+0x50910 (00007ffb`2afd2940) 23 | 24 | 25 | USER32GetMessageW0x50910 26 | 27 | 00007ffb`2afd2940 cmp r9d,0FFFFFFFFh 28 | 00007ffb`2afd2944 jne USER32!GetMessageW+0x50927 (00007ffb`2afd2957) 29 | 30 | 31 | USER32GetMessageW->USER32GetMessageW0x50910 32 | 33 | 34 | 35 | 36 | USER32GetMessageW0x1d 37 | 38 | 00007ffb`2af8204d mov r9d,r10d 39 | 00007ffb`2af82050 call USER32!NtUserGetMessage (00007ffb`2af82080) 40 | 00007ffb`2af82055 mov ecx,dword ptr [rbx+8] 41 | 00007ffb`2af82058 mov eax,eax 42 | 00007ffb`2af8205a cmp ecx,102h 43 | 00007ffb`2af82060 je USER32!GetMessageW+0x40 (00007ffb`2af95729) 44 | 45 | 46 | USER32GetMessageW->USER32GetMessageW0x1d 47 | 48 | 49 | 50 | 51 | USER32GetMessageW0x50927 52 | 53 | 00007ffb`2afd2957 mov ecx,57h 54 | 00007ffb`2afd295c call qword ptr [USER32!_imp_RtlSetLastWin32Error (00007ffb`2b028000)] 55 | 00007ffb`2afd2962 xor r10d,r10d 56 | 00007ffb`2afd2965 mov eax,r10d 57 | 00007ffb`2afd2968 jmp USER32!GetMessageW+0x3a (00007ffb`2af82072) 58 | 59 | 60 | USER32GetMessageW0x50910->USER32GetMessageW0x50927 61 | 62 | 63 | 64 | 65 | USER32GetMessageW0x50916 66 | 67 | 00007ffb`2afd2946 test r8d,0FFFE0000h 68 | 00007ffb`2afd294d jne USER32!GetMessageW+0x50927 (00007ffb`2afd2957) 69 | 70 | 71 | USER32GetMessageW0x50910->USER32GetMessageW0x50916 72 | 73 | 74 | 75 | 76 | USER32GetMessageW0x40 77 | 78 | 00007ffb`2af95729 and qword ptr [rbx+10h],0FFFFh 79 | 00007ffb`2af95731 add rsp,20h 80 | 00007ffb`2af95735 pop rbx 81 | 00007ffb`2af95736 ret 82 | 83 | 84 | USER32GetMessageW0x1d->USER32GetMessageW0x40 85 | 86 | 87 | 88 | 89 | USER32GetMessageW0x32 90 | 91 | 00007ffb`2af82066 cmp ecx,0CCh 92 | 00007ffb`2af8206c je USER32!GetMessageW+0x40 (00007ffb`2af95729) 93 | 94 | 95 | USER32GetMessageW0x1d->USER32GetMessageW0x32 96 | 97 | 98 | 99 | 100 | USER32GetMessageW0x32->USER32GetMessageW0x40 101 | 102 | 103 | 104 | 105 | USER32GetMessageW0x3a 106 | 107 | 00007ffb`2af82072 add rsp,20h 108 | 00007ffb`2af82076 pop rbx 109 | 00007ffb`2af82077 ret 110 | 111 | 112 | USER32GetMessageW0x32->USER32GetMessageW0x3a 113 | 114 | 115 | 116 | 117 | USER32GetMessageW0x50927->USER32GetMessageW0x3a 118 | 119 | 120 | 121 | 122 | USER32GetMessageW0x50916->USER32GetMessageW0x50927 123 | 124 | 125 | 126 | 127 | USER32GetMessageW0x5091f 128 | 129 | 00007ffb`2afd294f xor r10d,r10d 130 | 00007ffb`2afd2952 jmp USER32!GetMessageW+0x1d (00007ffb`2af8204d) 131 | 132 | 133 | USER32GetMessageW0x50916->USER32GetMessageW0x5091f 134 | 135 | 136 | 137 | 138 | USER32GetMessageW0x5091f->USER32GetMessageW0x1d 139 | 140 | 141 | 142 | 143 | 144 | -------------------------------------------------------------------------------- /stackhtml_example/graph.html: -------------------------------------------------------------------------------- 1 |
STACK FRAMES:
0=KERNELBASE!CloseHandle
1=tiptsf!CARET::_ProcessCaretEvents+0x154
2=tiptsf!CARET::ProcessCaretEvents+0x8c
3=USER32!_ClientCallWinEventProc+0x39
4=ntdll!KiUserCallbackDispatcherContinue
5=USER32!NtUserGetMessage+0xa
6=USER32!GetMessageW+0x25
7=notepad!WinMain+0x178
8=notepad!WinMainCRTStartup+0x1a7
9=KERNEL32!BaseThreadInitThunk+0xd
10=ntdll!RtlUserThreadStart+0x1d
-------------------------------------------------------------------------------- /ufgraph.py: -------------------------------------------------------------------------------- 1 | 2 | # This code is available under MIT License. 3 | # 4 | # Permission is hereby granted, free of charge, to any person obtaining a copy 5 | # of this software and associated documentation files (the "Software"), to deal 6 | # in the Software without restriction, including without limitation the rights 7 | # to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 8 | # copies of the Software, and to permit persons to whom the Software is 9 | # furnished to do so, subject to the following conditions: 10 | # 11 | # The above copyright notice and this permission notice shall be included in 12 | # all copies or substantial portions of the Software. 13 | # 14 | # THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 15 | # IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 16 | # FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 17 | # AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 18 | # LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 19 | # OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN 20 | # THE SOFTWARE. 21 | # 22 | 23 | import sys 24 | import os 25 | import tempfile 26 | import uuid 27 | import subprocess 28 | import argparse 29 | 30 | outputformat = 'png' 31 | stackwalkhtml = False 32 | frames = [] 33 | outputdir = None 34 | noopen = False 35 | 36 | try: 37 | from graphviz import Digraph 38 | has_graphviz = True 39 | except ImportError: 40 | has_graphviz = False 41 | 42 | class dotnode: 43 | def __init__(self, name): 44 | self.node_name = name 45 | self.label_text = [] 46 | self.connecting_nodes = [] 47 | self.addcolor = False 48 | 49 | def add_color(self): 50 | self.addcolor = True 51 | 52 | def has_color(self): 53 | return self.addcolor 54 | 55 | def get_nodeName(self): 56 | return self.node_name 57 | 58 | def get_connections(self): 59 | return self.connecting_nodes 60 | 61 | def add_label_text(self, text): 62 | self.label_text += [text] 63 | 64 | def add_connection(self, node_name): 65 | self.connecting_nodes += [node_name] 66 | 67 | def get_dotformat_node(self): 68 | dotstr = self.node_name 69 | dotstr += "[" 70 | if self.addcolor: 71 | dotstr += "style=filled fillcolor=gray " 72 | dotstr += "label=\"" 73 | dotstr += self.get_dotformat_label() 74 | dotstr += "\"]" 75 | return dotstr 76 | 77 | def get_dotformat_label(self): 78 | label = "" 79 | for label_line in self.label_text: 80 | #force it to be left justified 81 | label += label_line + "\\l" 82 | return label 83 | 84 | def get_dotformat_connections(self): 85 | connections = "" 86 | for node in self.connecting_nodes: 87 | connections += self.node_name 88 | connections += " -> " 89 | connections += node 90 | connections += "\n" 91 | return connections 92 | 93 | 94 | def build_nodes(): 95 | global frames 96 | nodes = [] 97 | last_line_jump = False 98 | last_line_ret = False 99 | new_node = None 100 | last_node = None 101 | ipaddr = None 102 | firstline = True 103 | 104 | for line in sys.stdin: 105 | line = line.rstrip() 106 | 107 | #break out at the end of a frame 108 | if line.startswith("_ _ _ _") and not firstline: 109 | break; 110 | elif line.startswith("_ _ _ _"): 111 | continue; 112 | elif line.endswith(":"): 113 | #get the new node name 114 | # graphviz doesn't like "!" or "+".. in node names so strip them 115 | #new_name = line.split(":")[0].split()[0].replace("!","").replace("+","") 116 | new_name = line.rsplit(":",1)[0].split()[0].replace("!","").replace("+","") 117 | 118 | #make the connection to the new node if necessary 119 | if None != last_node: 120 | if not last_line_jump and not last_line_ret: 121 | last_node.add_connection(new_name) 122 | 123 | #now create a new node 124 | new_node = dotnode(new_name) 125 | 126 | elif line.strip() == "": 127 | #if we have a node, its done, so add it 128 | if new_node: 129 | nodes += [new_node] 130 | last_node = new_node 131 | new_node = None 132 | pass 133 | elif line.startswith("$ip") or line.startswith("$scopeip"): 134 | ipaddr = line.split("=")[1] 135 | elif not new_node: 136 | #.. skip lines that fall outside of a node 137 | if firstline: 138 | tokens = line.split() 139 | #if tokens[len(tokens) - 1] not in frames: 140 | frames += [ tokens[len(tokens) - 1] ] 141 | else: 142 | #private symbols have a space followed by the line number 143 | if line.startswith(" "): 144 | labels = line.split(None,4) 145 | label_addr = labels[1].strip() 146 | label_opcodes = labels[2].strip() 147 | label_inst = labels[3].rstrip() 148 | label_remainder = "" 149 | if len(labels) > 4: 150 | label_remainder = labels[4].rstrip() 151 | # graphviz doesn't like "!" or "+".. in node names so strip them 152 | jmp_target = label_remainder.split()[0].replace("!","").replace("+","") 153 | #public symbols don't.. 154 | else: 155 | labels = line.split(None,3) 156 | label_addr = labels[0].strip() 157 | label_opcodes = labels[1].strip() 158 | label_inst = labels[2].rstrip() 159 | label_remainder = "" 160 | if len(labels) > 3: 161 | label_remainder = labels[3].rstrip() 162 | # graphviz doesn't like "!" or "+".. in node names so strip them 163 | jmp_target = label_remainder.split()[0].replace("!","").replace("+","") 164 | 165 | new_node.add_label_text(label_addr + " " + label_inst + " " + label_remainder) 166 | if ipaddr and label_addr.replace("`","").startswith(ipaddr): 167 | new_node.add_color() 168 | 169 | last_line_ret = False 170 | last_line_jump = False 171 | 172 | if label_inst.startswith("ret"): 173 | last_line_ret = True 174 | elif label_inst.startswith("jmp"): 175 | last_line_jump = True 176 | new_node.add_connection(jmp_target) 177 | #TODO: better branch detection needed? 178 | elif label_inst.startswith("j"): 179 | new_node.add_connection(jmp_target) 180 | 181 | firstline = False 182 | 183 | if new_node and new_node not in nodes: 184 | nodes += [new_node] 185 | return nodes 186 | 187 | #custom 'dot' file creation function 188 | def create_dot_file(nodes, filename): 189 | graph_hdr = "digraph{\nnode [fontname=\"Lucida Console\",shape=\"box\"];\ngraph [fontname=\"Lucida Console\"," \ 190 | "fontsize=10.0,labeljust=l,nojustify=true,splines=polyline];\n" 191 | f = open(filename,'w') 192 | f.write(graph_hdr) 193 | for node in nodes: 194 | f.write(node.get_dotformat_node()) 195 | f.write("\n\n") 196 | for node in nodes: 197 | f.write(node.get_dotformat_connections()) 198 | f.write("\n}") 199 | f.close() 200 | 201 | #launch 'dot' from graphviz and then use the default png viewer via the shell 202 | def render_dot_file(filename): 203 | graph_file_path = filename + "." + outputformat 204 | dotproc = subprocess.Popen(['dot','-T' + outputformat,'-o',graph_file_path,filename]) 205 | dotproc.wait() 206 | os.unlink(filename) 207 | return graph_file_path 208 | 209 | #use graphviz package 210 | def render_graph(nodes, filename): 211 | dot = Digraph(name='windbg_graph', node_attr={'shape': 'box', 'fontname' : 'Lucida Console'}, graph_attr={'splines':'polyline'}) 212 | 213 | for anode in nodes: 214 | if(anode.has_color()): 215 | dot.node(anode.get_nodeName(),anode.get_dotformat_label(), _attributes={'style':'filled', 'fillcolor':'gray'}) 216 | else: 217 | dot.node(anode.get_nodeName(),anode.get_dotformat_label()) 218 | connections = anode.get_connections() 219 | for connection in connections: 220 | dot.edge(anode.get_nodeName(),connection) 221 | 222 | #print(dot.source) 223 | dot.format = outputformat 224 | graph_file = dot.render(filename, view=False) 225 | os.unlink(filename) 226 | return graph_file 227 | 228 | def parseArgs(): 229 | global outputformat 230 | global stackwalkhtml 231 | global outputdir 232 | global noopen 233 | 234 | parser = argparse.ArgumentParser(description="Reads the output of the 'uf' Windbg command from stdin and generates" 235 | "a graphviz call garph for the funciton") 236 | parser.add_argument("-of", "--outputformat", help="output format [png, svg, pdf, gif]. Default is png.") 237 | parser.add_argument("-od", "--outputdir", help="output directory. Default is .") 238 | parser.add_argument("-no", "--noopen", action="store_true", help="do not open any graph / html once generated") 239 | parser.add_argument("-sh", "--stackwalkhtml", action="store_true", help="generate a graph for each stack frame " 240 | "(input must be a 'uf' for each frame) and" 241 | "link them together with a simple html page." 242 | " Note:Forces output format to be SVG.") 243 | args = parser.parse_args() 244 | 245 | if args.outputformat: 246 | if args.outputformat in ['png','svg', 'gif', 'pdf']: 247 | outputformat = args.outputformat 248 | else: 249 | parser.print_usage() 250 | quit() 251 | 252 | if args.stackwalkhtml: 253 | stackwalkhtml = True 254 | outputformat = 'svg' 255 | 256 | if args.outputdir and os.path.isdir(args.outputdir): 257 | outputdir = args.outputdir 258 | if not outputdir.endswith(os.sep): 259 | outputdir = outputdir + os.sep 260 | else: 261 | outputdir = tempfile.gettempdir() + os.sep 262 | 263 | if args.noopen: 264 | noopen = True 265 | 266 | def build_graph_image(): 267 | global outputdir 268 | nodes = build_nodes() 269 | filename = outputdir + str(uuid.uuid4()) 270 | graph_image = None 271 | if len(nodes) > 0: 272 | if not has_graphviz: 273 | create_dot_file(nodes, filename) 274 | graph_image = render_dot_file(filename) 275 | else: 276 | graph_image = render_graph(nodes, filename) 277 | return graph_image 278 | 279 | 280 | def build_html(graph_images): 281 | index = 0 282 | html_page = outputdir + "graph.html" 283 | 284 | #print str(len(graph_images)) 285 | #print str(len(frames)) 286 | #print frames 287 | 288 | htmlfd = open(html_page,"w+") 289 | htmlfd.write("") 290 | 291 | #outer table 292 | htmlfd.write("") 314 | #iframe 315 | htmlfd.write("
") 293 | #inner table 294 | htmlfd.write("") 295 | htmlfd.write("") 296 | for graph_image in graph_images: 297 | htmlfd.write("") 307 | 308 | #htmlfd.write("") 309 | #htmlfd.write(str(index) + "=" + frames[index]) 310 | #htmlfd.write("") 311 | index += 1 312 | 313 | htmlfd.write("
STACK FRAMES:
") 298 | 299 | htmlfd.write("") 301 | if index + 1 > len(frames): 302 | frame_name = "(no name)" 303 | else: 304 | frame_name = frames[index] 305 | htmlfd.write(str(index) + "=" + frame_name) 306 | htmlfd.write("
") 316 | htmlfd.write("") 317 | #htmlfd.write("") 318 | htmlfd.write("
") 319 | htmlfd.write("") 320 | htmlfd.close() 321 | 322 | return html_page 323 | 324 | if __name__ == "__main__": 325 | 326 | parseArgs() 327 | graph_images = [] 328 | graph_image = build_graph_image() 329 | while graph_image: 330 | graph_images += [graph_image] 331 | graph_image = build_graph_image() 332 | 333 | if stackwalkhtml: 334 | html_page = build_html(graph_images) 335 | if not noopen: 336 | htmlproc = subprocess.Popen([html_page],shell=True) 337 | elif not noopen: 338 | for imagefile in graph_images: 339 | imageproc = subprocess.Popen([imagefile],shell=True) 340 | 341 | exit() 342 | --------------------------------------------------------------------------------