You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I used EVENT_ENABLE_PROPERTY_STACK_TRACE as a flag and used schema.stack_trace() to retrieve the call stack and return PC.
However, almost all call stacks obtained only have kernel mode call stacks (PC > 0xFFFF000000000000), and there are no user mode call stacks.
After consulting the documentation, I found that the EVENT_EXTENDED_ITEM_STACK_TRACE64 structure contains ULONG64 MatchId;, as described in the documentation:
MatchId
A unique identifier that you use to match the kernel-mode calls to the user-mode calls; the kernel-mode calls and user-mode calls are captured in separate events if the environment prevents both from being captured in the same event. If the kernel-mode and user-mode calls were captured in the same event, the value is zero.
There are many messages that have non-zero MatchId values. How can I use this value to find the user mode call stack?
Thanks.
The text was updated successfully, but these errors were encountered:
I used
EVENT_ENABLE_PROPERTY_STACK_TRACEas a flag and usedschema.stack_trace()to retrieve the call stack and return PC.However, almost all call stacks obtained only have kernel mode call stacks (PC > 0xFFFF000000000000), and there are no user mode call stacks.
After consulting the documentation, I found that the
EVENT_EXTENDED_ITEM_STACK_TRACE64structure containsULONG64 MatchId;, as described in the documentation:There are many messages that have non-zero MatchId values. How can I use this value to find the user mode call stack?
Thanks.
The text was updated successfully, but these errors were encountered: