Как работает «раскрутчик» стека в x64.

? ???????????? ? ?????????? ????? ??? ?????????? ????? ????????, ??? exception chain ? TEB ???????????? ?????? ? x86 ????. ? x64, ? ia64 exception chain ?? ?????????? ??????. ??? ??, ? ????? ??????, ??????????? «?????????» ????? ??? ????????? ???????????

????? ??????????? ??????????? x64, ?? ????????? ?? ?????? ????????? ?????? ???????? ? ????????? ?? ?? ?? ??????, ?? ??????? ????????? ?? ???????????????. ? ????????? ??? x64 ?????????? ???????? ?????????? ? ???????, ??????? ??????????????:

 

• ???????????? ????? ? ????????;
• ??????? ????????????? ????????? ??????????;
• ??????? ???????? ??????????;
• ?????? ?????? ????? ????? (stack frame);
• ???? ???????, ?????? ? ?????? ???????;
• ??????? ????????? ?????????? ? ???????? «?????????» ?????.

??? ??? ????? ????, ??? ????????? ? ???? x86 ????? ??????????? ?????? ????? ????? ????????? ???????? ??????????? ??????????? ????? ? ????? ?????? ???????, ??? ???????, ???????, ??? ?????????? ?????????? ??? ??????????????? ?????????? ? ??????? ? ???? ?????????? ? ????????? ?????????? ?????????. ??? ???? ????????? ?? ???????????? ??????? (.pdb). ???????? ??? ? x86, ??? ?????????? ?????????? ??? ????? ???????? ?????? ? ??? ????? ????????.

?????, ??? ??????? ??????? ?? ??? ????: «frame» ? «leaf». ? ?????? ????????? ????? ??????? ?????????? ?????? ???????, ??????????? nonvolatile ???????? ??? ???????????? ??????????. ???????, ??????????? ?????????? ?????? ? ????? ? ??????? _alloca, ????? ????????? ? ???? ?????????. ??? ????????? – ??? «leaf» ???????. ??? ?????? «frame» ??????? ?????????? ?????????? ?? ???????? (function entry), ??? ???????? ??????????? ??? ????????, ??????????? ? ??????? ???????: ?? ????????? ????? ? ????? ?? ?????? ??????????? ????????? ?????? ? ?? ?????????? ? ?????. ?????? ????? ??????????, ???????? ? ????????? ??????? “.fnent <symbol>”:

 0:000> .fnent notepad!WinMain
Debugger function entry 00000000`01f48250 for:
(00000000`ff296dd4)   notepad!WinMain   |  (00000000`ff296fd0)   notepad!UpdateStatusBar
Exact matches:
    notepad!WinMain = <no type information>

BeginAddress      = 00000000`00006dd4
EndAddress        = 00000000`00006fc9
UnwindInfoAddress = 00000000`0000dcc0

Unwind info at 00000000`ff29dcc0, 14 bytes
  version 1, flags 0, prolog 14, codes 8
  frame reg 0, frame offs 0
  00: offs 14, unwind op 4, op info 6
  01: offs 12, unwind op 0, op info 0
  02: offs 14, unwind op 4, op info 5
  03: offs 11, unwind op 0, op info 0
  04: offs 14, unwind op 4, op info 3
  05: offs 10, unwind op 0, op info 0
  06: offs 14, unwind op 2, op info d
  07: offs 10, unwind op 0, op info 7

????? ???????? ?? ???? ????? ???????? ?????. ???? ???????? ???????? «??????????» ????? ????? ?????????? ?????????? ??????? ?????? ??????? ? ????? ? ???????????? ???????? non-volatile ????????? ? ?????? ????? ? ????? ?????? ???????.

Cross-posted from blog.not-a-kernel-guy.com.