Sign in to follow this  

A few problems with SymFromAddr

This topic is 2631 days old which is more than the 365 day threshold we allow for new replies. Please post a new topic.

If you intended to correct an error in the post then please contact us.

Recommended Posts

Hi!
I'm trying to use SymFromAddr on an address I got from StackWalk but
I'm having the following problems:
1. When I exit the method where i'm using SymFromAddr, i'm getting the error:
Stack around the variable (variable name here) was corrputed.
"GetLastError" says that everything was fine.

2. I keep getting as the symbol name things like "KiFastSystemCallRet".
in these cases I get a displacement value very very large or simply 0.

I read somewhere that it's supposed to be some method inside I/O operations
but I don't have any...
3. Sometimes after calling SymFromAddr, GetLastError returns 126. huh???

can anybody help me?
thanks :)

Share this post


Link to post
Share on other sites
Quote:
Original post by LessBread
1. Perhaps you're not allocating enough space for the string (per Stack around the variable was corrupted?)

2. What is KiFastSystemCallRet?

3. ERROR_MOD_NOT_FOUND


1. Oops... I accidently used SYMBOL_INFO instead of SYMBOL_INFO_PACKAGE, thank you for that. :)

2. I didn't really understand what it is, or how I can avoid it ( SymFromAddr returns it almost every time :( )

3. Does this error refer to PDB's too?

Share this post


Link to post
Share on other sites
2. Can you ignore it? It wraps system calls, that is, calls into the kernel. Have you tried googling for more info? That's what I did. There were other results beside the one I linked to.

3. I don't know. Probably not. A module is another word for a pe file linked to by the program (e.g. .dll, .sys). Afaik, a pdb is a data file.

Share this post


Link to post
Share on other sites
Quote:
Original post by LessBread
2. Can you ignore it? It wraps system calls, that is, calls into the kernel. Have you tried googling for more info? That's what I did. There were other results beside the one I linked to.

3. I don't know. Probably not. A module is another word for a pe file linked to by the program (e.g. .dll, .sys). Afaik, a pdb is a data file.


ok, I fixed it.

2. I'm just using "SymGetSymFromAddr64" instead of SymFromAddr it doesn't happen anymore.

3. I'm guessing it happened because in CreateProcess i used the "CREATE_PRESERVE_CODE_AUTHZ_LEVEL" flag. I removed it and now it works fine.

thanks :)

Share this post


Link to post
Share on other sites

This topic is 2631 days old which is more than the 365 day threshold we allow for new replies. Please post a new topic.

If you intended to correct an error in the post then please contact us.

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

Sign in to follow this