ansaurus

Question

Doubting about the Threads window of visual studio

Answer 1

+4 A:

At a guess, they're probably sleeping in something like WaitForSingleObject or similar.

Hasturkun 2010-09-12 15:05:04

Can you elaborate why `WaitForSingleObject` will make them at the same location?

COMer 2010-09-12 15:07:40

Because that is the usermode address of where the WaitForSingleObject function will resume. Do yourself a favor and right click in the call tree on one of the lines with that address and choose the "Load Symbols -> From Microsoft Symbol Servers" option.

Chris Becke 2010-09-12 15:12:47

I just dumped more assembly info above,and location `7C92E4F4` is `ret`, why it just stops there?

COMer 2010-09-12 15:16:20

Answer 2

+1 A:

At a guess, you have a thread pool of some sort, so you have four threads all executing the same thread function. In this case, all four are mostly likely idle, waiting for a task they need to execute. If that's the case, it's quite sensible that all four show the same location.

Jerry Coffin 2010-09-12 15:06:55

I just dumped more assembly info above,and location `7C92E4F4` is `ret`, why it just stops there?

COMer 2010-09-12 15:25:40

That's the next address. It's really "stopped" at the `sysenter`, which means it's calling something in kernel mode. The `ret` will execute after execution returns from kernel mode.

Jerry Coffin 2010-09-12 17:00:47

Is it true that location field always points to the **next** address, or just in special cases like `sysenter`?

COMer 2010-09-12 23:44:12

@COMer: I'd have to do some testing to be sure -- even it's showing the next address in this case is supposition, not established fact (but I think it's a pretty fair supposition).

Jerry Coffin 2010-09-12 23:56:15

Answer 3

+1 A:

You'll need to ignore the threads that are started by Microsoft code. I'm guessing at mmsys or DirectX from your screen shot. Microsoft code is very thread-happy.

You can get better diagnostics about what they do when you enable the Microsoft Symbol Server. You'll get decent names in the Call Stack window, often letting you guess what their purpose is. Of course, you'll never get to look at their code.

Hans Passant 2010-09-12 15:36:47

The function names are exposed after I load symbols from MS,and I can go to the definition of those function if I like,why do you say `I'll never get to look at their code`?

COMer 2010-09-12 23:46:54

Well, it is somehow special that you got source code from the Redmond Vault. I can only guess that you actually look at, say, CRT or MFC or ATL code. Or your own.

Hans Passant 2010-09-12 23:59:16

Answer 4

+1 A:

The debugger shows the next ring3 processor instruction that is going to be executed. In this case the thread has called sysenter, which makes a ring0 system call to the operating system's kernel. This kernel system call is waiting for something to happen before returning control back to the calling code. Once that something happens, then it will call the next user-mode instruction, which in this case is ret.

If you have 4 threads that are all calling the same function that waits for a system call at the same location, you will have 4 threads that show the same address in the Threads window. This is something that you will see quite often in applications built with the Windows subsystem, which usually have a number of threads that are started by the Windows API that spend most of their time waiting for kernel events.

Gerald 2010-09-12 15:41:33

Is it true that location field always points to the **next** address, or just in special cases like `sysenter`?

COMer 2010-09-12 23:48:28

When you are looking at the disassembly, then yes, always. Even if you are talking about a 'call' instruction, once it's called, that instruction is over. The operation as far as the processor is concerned has already been completed; it has pushed a value onto the stack and changed the IP register. So if you're looking at that part of the call stack, the debugger will indicate the next instruction that will be executed when the code returns from the call.

Gerald 2010-09-13 03:05:21

If symbols are available and Location shows a function/method name, such as GrabberCB::BufferCB, then it means that it is currently executing some code within that function/method.

Gerald 2010-09-13 03:10:31

Actually to be more clear and to the point of your question... if symbols are available for any part of the call stack, then Location will usually show the symbol that is closest to the current IP in the call stack. If no symbols are available for anything in the call stack, then it will show the next assembly instruction.

Gerald 2010-09-13 03:29:21

ansaurus

tags:

views:

answers:

Doubting about the Threads window of visual studio

related questions