windbg: kf command

kf is a useful command to find out stack memory taken by a frame. See below…
I have three functions which looks like this…

#pragma auto_inline(off)
void TestStack2()
{
       printf("hello");
       return;
}
void TestStack1()
{
       TestStack2();
       char bytes[0x190] = {9};
       printf("hello: %s", bytes);
}
void TestStack()
{
       TestStack1();
       char bytes[0x90] = {9};
       printf("hello: %s", bytes);
}

// Check out the frame sizes…
  Memory  ChildEBP RetAddr 
          0024f000 00291578 TestMFC1!TestStack2+0x5
      19c 0024f19c 002915d8 TestMFC1!TestStack1+0x18
       9c 0024f238 002916ea TestMFC1!TestStack+0x18
       28 0024f260 7856f282 TestMFC1!CTestMFC1Dlg::OnInitDialog+0xca
        8 0024f268 752c62fa mfc100!AfxDlgProc+0x31
       2c 0024f294 752ef9df USER32!InternalCallWinProc+0x23
       7c 0024f310 752ef784 USER32!UserCallDlgProcCheckWow+0xd7
       <snip…>

Alternatively we can take difference of child ebp and current esp to know frame size.

2 thoughts on “windbg: kf command

  1. Dear Nibu,

    Can you email me please? I need some help and you seem to be able to help me! I even pay for it. It is a programming issue. My email is petertheman DOT douglas AT outlook.com

    PLEASE REPLY TO ME!!!!

Appreciate your comments...