kf is a useful command to find out stack memory taken by a frame. See below…
I have three functions which looks like this…
#pragma auto_inline(off)
void TestStack2()
{
printf("hello");
return;
}
void TestStack1()
{
TestStack2();
char bytes[0x190] = {9};
printf("hello: %s", bytes);
}
void TestStack()
{
TestStack1();
char bytes[0x90] = {9};
printf("hello: %s", bytes);
}
// Check out the frame sizes…
Memory ChildEBP RetAddr
0024f000 00291578 TestMFC1!TestStack2+0x5
19c 0024f19c 002915d8 TestMFC1!TestStack1+0x18
9c 0024f238 002916ea TestMFC1!TestStack+0x18
28 0024f260 7856f282 TestMFC1!CTestMFC1Dlg::OnInitDialog+0xca
8 0024f268 752c62fa mfc100!AfxDlgProc+0x31
2c 0024f294 752ef9df USER32!InternalCallWinProc+0x23
7c 0024f310 752ef784 USER32!UserCallDlgProcCheckWow+0xd7
<snip…>
Alternatively we can take difference of child ebp and current esp to know frame size.