How to use windbg check c # a thread stack size?

Each thread has a thread environment block data structure called TEB (Thread Environment Block), which has a structure called NT_TIB, which containsThe two fields are StackBase and StackLimit, the former is called stack base, which is the top of the stack, and the latter is called stack boundary , because the stack space grows to a small address, the so-called stack memory size can be calculated with StackBase - StackLimit, and then we will use windbg to demonstrate it.

One: windbg demo

1. Use the !teb command

You can use windbg to debug your program directly. I just have a dump file in my hand. Let's start from the main thread here.

0:000> ~0sntdll!NtWaitForSingleObject+0x14:00007ffe`28b9fa74 c3 ret0:000> !tebTEB at 000000b4da0ae000ExceptionList: 00000000000000000StackBase: 000000b4d9fa0000StackLimit: 000000b4d9f98000SubSystemTib: 0000000000000000FiberData: 0000000000001e00ArbitraryUserPointer: 0000000000000000Self: 000000b4da0ae000EnvironmentPointer: 0000000000000000ClientId: 0000000000000c74 . 00000000000041a4RpcHandle: 0000000000000000Tls Storage: 000001f90edad1d0PEB Address: 000000b4da0ad000LastErrorValue: 0LastStatusValue: 103Count Owned Locks: 0HardErrorMode: 0

From the output, the two values ​​are: StackBase=000000b4d9fa0000 and StackLimit=000000b4d9f98000, then its size is 32768byte = 32k.

0:000> ? 000000b4d9fa0000 - 000000b4d9f98000Evaluate expression: 32768 = 00000000`00008000

It should be reminded here that the memory page of the operating system is a granularity of 4k, which means that all output results must be multiples of 4k, such as the current stack spaceThat is 8 memory pages.

2. View the NT_TIB structure

The shortcut command was used just now. Next, we directly view the NT_TIB struct structure variable under the _TEB structure.

0:000> .threadImplicit thread is now 000000b4`da0ae0000:000> dt _NT_TIB 000000b4`da0ae000combase!_NT_TIB+0x000 ExceptionList : (null)+0x008 StackBase : 0x000000b4`d9fa0000 Void+0x010 StackLimit : 0x000000b4`d9f98000 Void+0x018 SubSystemTib : (null)+0x020 FiberData : 0x00000000`00001e00 Void+0x020 Version : 0x1e00+0x028 ArbitraryUserPointer: (null)+0x030 Self : 0x000000b4`da0ae000 _NT_TIB

As you can see, the above two values ​​are exactly the same as those displayed by !teb.