Apr 102012

kf is a useful command to find out stack memory taken by a frame. See below…
I have three functions which looks like this…

#pragma auto_inline(off)
void TestStack2()
void TestStack1()
       char bytes[0x190] = {9};
       printf("hello: %s", bytes);
void TestStack()
       char bytes[0x90] = {9};
       printf("hello: %s", bytes);

// Check out the frame sizes…
  Memory  ChildEBP RetAddr 
          0024f000 00291578 TestMFC1!TestStack2+0x5
      19c 0024f19c 002915d8 TestMFC1!TestStack1+0x18
       9c 0024f238 002916ea TestMFC1!TestStack+0x18
       28 0024f260 7856f282 TestMFC1!CTestMFC1Dlg::OnInitDialog+0xca
        8 0024f268 752c62fa mfc100!AfxDlgProc+0x31
       2c 0024f294 752ef9df USER32!InternalCallWinProc+0x23
       7c 0024f310 752ef784 USER32!UserCallDlgProcCheckWow+0xd7

Alternatively we can take difference of child ebp and current esp to know frame size.

  2 Responses to “windbg: kf command”

  1. Dear Nibu,

    Can you email me please? I need some help and you seem to be able to help me! I even pay for it. It is a programming issue. My email is petertheman DOT douglas AT outlook.com


Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.