CreateBugReport : Disassembly for every thread?

[pvanlogchem]

I wonder : How do I make CreateBugReport generate disassembly for every thread, instead of just the main thread?

[madshi]

A disassembly of the crashing code is made, doesn't matter which thread. Most other threads are usually waiting for something. Doing a disassembly for a waiting thread isn't very interesting. It's usually sitting in some win32 API.

Or am I misunderstanding you?

[pvanlogchem]

Well, I would like to see the disassembly of every thread so that I can determine what they are doing exactly in case of live-lock situations (that's why I keep a watchdog thread around).

[madshi]

First of all, you can't do a disassembly of every thread. You can't do a disassembly of a thread, at all. You can only do a disassembly of a specific code location / function. So the first thing you'd have to figure out is which code location / function you want to have disassembled. When you say you want to disassemble every thread, I guess you're talking about getting a disassembly of the current instruction pointer (code execution position) of every thread? You could probably do that on your own in a madExcept exception handler, but it needs some work. Basically you'd need to find out the address of the function in which the current instruction pointer is located. madExcept does get this information for the crashing thread, but for no other thread.

[pvanlogchem]

Thanks for your clarifications, you're absolutely right of course - I really should improve my use of terminology

As for getting the instruction-pointer for any given thread, would it be possible to extend madCollection with some tooling function for that?

And perhaps the function that generates a disassembly for the code surrounding the instruction pointer could be generalized a bit, so it can be called with an arbitrary address?

I imagine this could all be wrapped into another madExcept plugin, which is a very nice concept by the way! (Although I could use a little more documentation on how to enable/disable of plugins, I had to do some code-diving to find that out).

[madshi]

I'm not sure how to expose the needed functionality in the best way. But at least I can tell you where the key parts of the source code are. In madExcept.pas look for this line:

Code: Select all

s1 := GetThreadReport(0, FCallstackCrc[0], FCallstackCrc[1], b1, @FExceptAddr, @ef, @efa);

This gets the thread callback of the first (= crashing) thread. The addresses "ef" and "efa" (except function and except function address) are needed for the disassembly. They are later fed into the local function "GetCleartextDisAsm". For the other (non-crashing) threads GetThreadReport is also called, but "ef" and "efa" are not made use of.

Maybe this helps you get going?

[JensG]

I notoced several times that the disassembly is made not at the crash position, but at the next line with code info available. In most cases this is not very helpful. More worse, that way the CPU regs and the disassembly do not match.

Example:
compiled with : Delphi 5
madExcept version : 3.0l

stack trace:
03cc3fa0 +00c some.dll System @LStrClr
03cc4e03 +057 some.dll System @FinalizeArray
03cc4d9b +01b some.dll System @FinalizeRecord
03cc4e65 +0b9 some.dll System @FinalizeArray
03cd6c44 +01c some.dll Classes TStringList.Clear
04199d55 +091 some.dll FktLists 106 +24 ClearObjList


cpu registers:
eax = 15301c7a
ebx = 15301c7a
ecx = 00000001
edx = 1312640e
esi = 03cc1098
edi = 00000001
eip = 03cc3fa0 // correct, points to somewhere in @LStrClr
esp = 0589fdf4
ebp = 0000000b

but

disassembling:
[...]
04199d45 $4199d60
04199d4a 105 byte ptr [ebp-5], 1
04199d4e loc_4199d58
04199d50 106 eax, [ebp-4]
04199d53 edx, [eax]
04199d55 > dword ptr [edx+$40] // huh?
04199d58
04199d59 -$4d6522 ($3cc383c) ; System.@HandleFinally
04199d5e loc_4199d4a
04199d60 108 esi
04199d61 ebx
[...]


Is there something that could be changed?
JensG