• We’re currently investigating an issue related to the forum theme and styling that is impacting page layout and visual formatting. The problem has been identified, and we are actively working on a resolution. There is no impact to user data or functionality, this is strictly a front-end display issue. We’ll post an update once the fix has been deployed. Thanks for your patience while we get this sorted.

viewing stack pointer and program counter in windows xp

R

rookie1010

Senior member
Hello

I was wondering if there was a way one could view the Program Counter and Stack Pointer values over a certain period of time from Windows XP?

 
Rookie could you be more specific about what you are trying to do?

You can view your registers via WinDbg of course. "R" command for current registers. ".cxr <address> ; R" for registers during a given callstack frame.
 
thanks for the replies

i just wanted to see the typical execution in my windows xp and wanted to see how it had been jumping from instruction whilst i was working on my pc?

can i run windbg whilst working and create some sort of log which i can view later on?
 
although you can run a debugger live you can't really watch things as they are happening. It's simply too fast. You can put breakpoints in, go check things out, then hit go again.

It is all very very complicated. Watching the instruction pointer in a multitasking operating system is insane. Something like opening this web browser window will generate tens of thousands of changes to the IP.

Viewing a stack pointer will be almost as bad. Also, which stack?? The call stack? I've generated fifty things on my call stack just by hitting this period . on my keyboard.

It almost sounds like you've recently had an assembly class or something that has peeked your curiosity. If this is the case I would highly recommend "Windows Internals" fourth edition by Mark Russinovich and David Solomon.

The sysinternals guys have a utility that allows a windows debugger to be a simultaneous target and host so you can theoretically 'live debug' with only a single machine. If you want you can check that out. Generating a memory dump and looking at that would probably be just as interesting. Lookup crash on control-scroll in the windbg helpfiles.

 
It is all very very complicated. Watching the instruction pointer in a multitasking operating system is insane. Something like opening this web browser window will generate tens of thousands of changes to the IP.
Click to expand...
10s of thousands? The IP changes with every instruction executed, and the processor can execute a couple billion instructions per second. Your number is low by many orders of magnitude.
 
Originally posted by: Smilin
it doesn't take a billion instructions to open a web page.
Click to expand...

No, but the tens of thousands of context switches that occur while you're reading from hard drive to memory, servicing DPC routines from your WLAN driver, geneating the screen refreshes with your video card and responding to each movement of the mouse end up to a couple of billion instructions per second. Why do you think launching a web browser typically takes at least a few seconds?
 
thanks for the replies

i can generate a memory dump without a debug tool, correct? or is it generated usimg the windbg tool?

 
Originally posted by: beer
No, but the tens of thousands of context switches that occur while you're reading from hard drive to memory, servicing DPC routines from your WLAN driver, geneating the screen refreshes with your video card and responding to each movement of the mouse end up to a couple of billion instructions per second. Why do you think launching a web browser typically takes at least a few seconds?
Click to expand...
I/O. It better not be actually stressing your cpu. Most of those cycles are just wasted.
 
I'll stick with my number, tens of thousands (aka <100k).

It doesn't take a few seconds to open a web page. It takes a fraction of a second. For this page in particular the load time is only noticeable because you are waiting on a banner to load (the ip is still getting updated as wait state threads are touched but nothing like when it is actually doing something).

The point we both agree on I think: Watching/Logging eip would be a ridiculous waste of time even if it could be done.
 
Originally posted by: Smilin
I'll stick with my number, tens of thousands (aka <100k).

It doesn't take a few seconds to open a web page. It takes a fraction of a second. For this page in particular the load time is only noticeable because you are waiting on a banner to load (the ip is still getting updated as wait state threads are touched but nothing like when it is actually doing something).

The point we both agree on I think: Watching/Logging eip would be a ridiculous waste of time even if it could be done.
Click to expand...

I used AMD CodeAnalyst on my web browser. I monitored launching the browser and loading the home page. Of a total of 10 million samples (each representing 1000 x86 instructions), about 50% were modules that belonged to the browser itself, plus more for the OS (e.g. ntoskrnl.exe, win32k.sys, usbport.sys, hal.dll, ntdll.dll, etc). That means that launching the browser and loading my home page was over 5 billion instructions. Note that at least some of the OS instructions would have resulted directly from launching the browser (e.g. when it needs to display things on the screen, read data from the disk, etc).
 
You must log in or register to reply here.

TRENDING THREADS

Back
Top