/* * GetRealCSIP - get the CS:IP of a stopped task, cuz microsoft only tells * you that the task is stopped in the kernel (gee, that's * useful!!) */ DWORD GetRealCSIP( HTASK htask, HMODULE *mod ) { DWORD csip; STACKTRACEENTRY se; GLOBALENTRY ge; TASKENTRY te; te.dwSize = sizeof( te ); if( TaskFindHandle( &te, htask ) == NULL ) { return( 0L ); } if( mod != NULL ) { *mod = te.hModule; } csip = TaskGetCSIP( htask ); if( csip == 0L ) { return( 0L ); } se.dwSize = sizeof( se ); if( !StackTraceFirst( &se, htask ) ) { return( csip ); } csip = MAKECSIP( se.wCS, se.wIP ); while( 1 ) { se.dwSize = sizeof( se ); if( !StackTraceNext( &se ) ) { break; } csip = MAKECSIP( se.wCS, se.wIP ); ge.dwSize = sizeof( ge ); if( GlobalEntryHandle( &ge, (HGLOBAL)se.wCS ) ) { if( ge.hOwner == te.hModule ) { break; } } } return( csip ); } /* GetRealCSIP */
BOOL MyStackTraceNext( STACKTRACEENTRY *se ) { se->dwSize = sizeof( STACKTRACEENTRY ); return( StackTraceNext( se ) ); } /* MyStackTraceNext */