0

I'm trying to unwind a x64 stack.
In order to do so I need to follow this algorithm specified here:
http://msdn.microsoft.com/en-us/library/8ydc79k6.aspx

But in order to follow it, I need to know how to find the correct RUNTIME_FUNCTION, but I couldn't find a complete algorithm for this...

does anybody know how to do it? (A link or example will be also really appreciated)

Idov
  • 5,006
  • 17
  • 69
  • 106
  • my bet is that this is related to the MS [PE binary format](http://en.wikipedia.org/wiki/Portable_Executable). You should look into the docs linked at the end of the wikipedia article. – didierc Apr 27 '13 at 08:00

1 Answers1

0

Are you opposed to calling an API to do this? RtlLookupFunctionEntry will do it for you.

Aaron Klotz
  • 11,287
  • 1
  • 28
  • 22