How to rescue a broken stack trace: Recovering the EBP chain

When debugging, you may find that the stack trace falls apart:ChildEBP RetAddr001af118 773806a0 ntdll!KiFastSystemCallRet 001af11c 7735b18c ntdll!ZwWaitForSingleObject+0xc001af180 7735b071 ntdll!RtlpWaitOnCriticalSection+0x154001af1a8 2f6db1a9 ntdll!RtlEnterCriticalSection+0x152001af1b4 2fe8d533 ABC!CCriticalSection::Lock+0x12 001af1d0 2fe8d56a ABC!CMessageList::Lock+0x24001af234 2f6e47ac ABC!