Stack Layout Explorer

Overview

This tool is a small PoC designed to play around and understand the stack layout in running processes, with an emphasis on gathering information from stack traces and investigating local variables. It operates on Windows systems, offering options to display detailed thread information, inspect specific thread stack traces, and analyze the memory layout of functions at runtime.

Features

Display stack traces for specific threads.
Inspect local variables and function parameters within stack frames.
Periodically refresh stack traces for dynamic analysis.
Retrieve and list all threads for a given process (PID).
Sort threads based on TID or start address.
Resolve function names and module addresses using Microsoft Symbol Server.
Dynamic symbol resolution for both function names and module addresses.

Requirements

Windows OS
Visual Studio or other compatible C++ compiler
DbgHelp.dll (comes with Windows SDK)
Psapi.dll (for process and module information)

Command Line Options

The tool accepts a variety of command-line options to control its behavior. Below is a breakdown of each option: Options:

-p <PID>
(Required): Specifies the Process ID (PID) of the target process to investigate.

-t <TID>
Specifies a specific Thread ID (TID) to investigate. If this is provided, the tool will only focus on the specified thread.

-m <n seconds>
Set the interval (in seconds) to refresh the stack trace or thread list dynamically. Useful for observing changes in real time.

-V
Verbose output. Displays detailed module information, including the full path to the loaded modules.

-oA
Sort threads by their start address before printing them.

-oI
Sort threads by TID (Thread ID) before printing them.

Example Usage:

Display thread information for a specific process (PID):

StackLayoutExplorer.exe -p 1234

Show stack trace for a specific thread (TID):

StackLayoutExplorer.exe -p 1234 -t 5678

Periodically refresh stack trace every 5 seconds:

StackLayoutExplorer.exe -p 1234 -t 5678 -m 5

Verbose output with sorted thread list by start address:

StackLayoutExplorer.exe -p 1234 -oA -V

Assumptions

Limitations and Notes

This tool only works on Windows and assumes a 64-bit architecture (x64).
The tool relies on Windows APIs and will need to run with appropriate permissions to access the target process and its threads.
If symbols for functions are not available, the tool will attempt to resolve the closest matching information or show offsets relative to the module.

Name		Name	Last commit message	Last commit date
Latest commit History 5 Commits
.gitattributes		.gitattributes
.gitignore		.gitignore
LICENSE.txt		LICENSE.txt
README.md		README.md
StackWalker.cpp		StackWalker.cpp
StackWalker.sln		StackWalker.sln
StackWalker.vcxproj		StackWalker.vcxproj
StackWalker.vcxproj.filters		StackWalker.vcxproj.filters

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Repository files navigation

Stack Layout Explorer

Overview

Features

Requirements

Command Line Options

Example Usage:

Display thread information for a specific process (PID):

Show stack trace for a specific thread (TID):

Periodically refresh stack trace every 5 seconds:

Verbose output with sorted thread list by start address:

Assumptions

About

Releases

Packages

Languages

License

unsync-d/StackWalker

Folders and files

Latest commit

History

Repository files navigation

Stack Layout Explorer

Overview

Features

Requirements

Command Line Options

Example Usage:

Display thread information for a specific process (PID):

Show stack trace for a specific thread (TID):

Periodically refresh stack trace every 5 seconds:

Verbose output with sorted thread list by start address:

Assumptions

About

Resources

License

Stars

Watchers

Forks

Releases

Packages 0

Languages

Packages