From 9847db4179a70f9bd29b3ab3879c92b5ceeaa45c Mon Sep 17 00:00:00 2001
From: sonyps5201314 <sonyps5201314@gmail.com>
Date: Thu, 10 Aug 2023 15:35:41 +0800
Subject: [PATCH] =?UTF-8?q?Fea=20#62,=20=E6=96=B0=E5=A2=9ERtlCaptureStackB?=
 =?UTF-8?q?ackTrace?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 ThunksList.md                                 |  1 +
 src/Thunks/api-ms-win-core-rtlsupport.hpp     | 33 +++++++++++++++++++
 .../YY-Thunks.UnitTest.vcxproj                |  1 +
 .../YY-Thunks.UnitTest.vcxproj.filters        |  3 ++
 4 files changed, 38 insertions(+)
 create mode 100644 src/Thunks/api-ms-win-core-rtlsupport.hpp

diff --git a/ThunksList.md b/ThunksList.md
index 01bb32b..43e169b 100644
--- a/ThunksList.md
+++ b/ThunksList.md
@@ -289,6 +289,7 @@
 | TzSpecificLocalTimeToSystemTimeEx          | 不存在时，内部实现。
 | GetFirmwareType                            | 不存在时，调用NtQuerySystemInformation。
 | IsNativeVhdBoot                            | 不存在时，调用NtQuerySystemInformation。
+| RtlCaptureStackBackTrace                   | 调用ntdll.RtlCaptureStackBackTrace。
 
 ## mfplat.dll
 | 函数                                       | Fallback
diff --git a/src/Thunks/api-ms-win-core-rtlsupport.hpp b/src/Thunks/api-ms-win-core-rtlsupport.hpp
new file mode 100644
index 0000000..50b050a
--- /dev/null
+++ b/src/Thunks/api-ms-win-core-rtlsupport.hpp
@@ -0,0 +1,33 @@
+
+
+namespace YY
+{
+	namespace Thunks
+	{
+
+#if (YY_Thunks_Support_Version < NTDDI_WINXP)
+
+		// Available in starting with Windows XP.
+		// Windows 2000时这个函数就已经存在了，只是从XP开始才从kernel32.dll中导出
+		__DEFINE_THUNK(
+		ntdll,
+		16,
+		WORD,
+		NTAPI,
+		RtlCaptureStackBackTrace,
+			_In_ DWORD _uFramesToSkip,
+			_In_ DWORD _uFramesToCapture,
+			_Out_writes_to_(_uFramesToCapture, return) PVOID* _pBackTrace,
+			_Out_opt_ PDWORD _puBackTraceHash
+			)
+		{
+			if (const auto _pfnRtlCaptureStackBackTrace = try_get_RtlCaptureStackBackTrace())
+			{
+				return _pfnRtlCaptureStackBackTrace(_uFramesToSkip, _uFramesToCapture, _pBackTrace, _puBackTraceHash);
+			}
+
+			return 0;
+		}
+#endif
+	}
+}
diff --git a/src/YY-Thunks.UnitTest/YY-Thunks.UnitTest.vcxproj b/src/YY-Thunks.UnitTest/YY-Thunks.UnitTest.vcxproj
index bf3d61e..9c9cd42 100644
--- a/src/YY-Thunks.UnitTest/YY-Thunks.UnitTest.vcxproj
+++ b/src/YY-Thunks.UnitTest/YY-Thunks.UnitTest.vcxproj
@@ -193,6 +193,7 @@
   <ItemGroup>
     <ClInclude Include="..\Thunks\api-ms-win-core-com.hpp" />
     <ClInclude Include="..\Thunks\api-ms-win-core-kernel32-legacy.hpp" />
+    <ClInclude Include="..\Thunks\api-ms-win-core-rtlsupport.hpp" />
     <ClInclude Include="..\Thunks\api-ms-win-eventing-provider.hpp" />
     <ClInclude Include="..\Thunks\api-ms-win-power-base.hpp" />
     <ClInclude Include="..\Thunks\bcrypt.hpp" />
diff --git a/src/YY-Thunks.UnitTest/YY-Thunks.UnitTest.vcxproj.filters b/src/YY-Thunks.UnitTest/YY-Thunks.UnitTest.vcxproj.filters
index 493974a..251c101 100644
--- a/src/YY-Thunks.UnitTest/YY-Thunks.UnitTest.vcxproj.filters
+++ b/src/YY-Thunks.UnitTest/YY-Thunks.UnitTest.vcxproj.filters
@@ -224,6 +224,9 @@
     <ClInclude Include="..\Thunks\api-ms-win-core-kernel32-legacy.hpp">
       <Filter>Thunks</Filter>
     </ClInclude>
+    <ClInclude Include="..\Thunks\api-ms-win-core-rtlsupport.hpp">
+      <Filter>Thunks</Filter>
+    </ClInclude>
   </ItemGroup>
   <ItemGroup>
     <None Include="..\def\x86\PSAPI2Kernel32.def">