Java stack dump from service process

Java versions prior to 1.5 did not have anything similar to jstack, hence this workaround.

This method involves windbg and sdbgext plugin.
After attaching to the target, and verifying symbols:

.load sdbgext
bp kernel32!writefile "db poi(@esp+0x8) L? poi(@esp+0xc);g"
!remotecall kernel32!CtrlRoutine 0 1;g

windbg has a ".call" command, but it's unusable here, as it requires function with private symbols.

When debugger breaks back with something similar to:


Control-Break exception - code 40010008 (first chance)

continue unhandled (gn).

This method also works for javaw, which for some reason writes the dump output into handle 0xffffffff (-1)

If process standard output was not redirected to a file, you'll still get debugger output,

this is due the breakpoint on kernel32!WriteFile:

014cf268  46 75 6c 6c 20 74 68 72-65 61 64 20 64 75 6d 70  Full thread dump

014cf278  3a                                               :

014cf264  0d 0a                                            ..

014cfa48  0d 0a                                            ..

014cf260  22 54 68 72 65 61 64 2d-31 22 20                 "Thread-1" 

014cf254  70 72 69 6f 3d 35 20 74-69 64 3d 30 78 39 38 39  prio=5 tid=0x989

014cf264  33 38 30 20                                      380 

014cf258  6e 69 64 3d 30 78 64 37-34 20                    nid=0xd74 

014cf25c  77 61 69 74 69 6e 67 20-6f 6e 20 6d 6f 6e 69 74  waiting on monit

014cf26c  6f 72 20                                         or 

014cf258  5b 30 2e 2e 30 78 37 66-61 65 38 5d              [0..0x7fae8]

014cf254  0d 0a                                            ..

014cfa48  0d 0a                                            ..

Not too readable, but better than nothing...