Geek Answers Handbook

WinDBG - how to set all exceptions to pass to the application?

How can I set all exception behavior to be passed to the application and not appear in the debugger?

I am using IDA Pro 6.6 and WinDbg.

+7
ida windbg
source share
3 answers

It's a little awkward to do this for all types of exceptions at once

.foreach(exc {sx}) {.catch{sxd ${exc}}}

What does he do:

  • {sx} : A list of all types of exceptions (and current settings that you really don't need)
  • exc : assign variable
  • .foreach(...) {...} : cut it into pieces of individual words and execute the command
  • sxd ${exc} : disable all exc variables
  • .catch{...} : ignore all error messages that come from the settings information.

The advantage of the above approach is that it is independent of the version of WinDbg. If new exception codes are introduced, they will still work.

Processing unwanted text can be avoided with PyKd . Save the following script to the sdx.py file and run !py sxd.py :

 from pykd import * sx = dbgCommand("sx") for s in sx.splitlines(): ex = s[:4] if not ex=="" or ex.isspace(): print("sxd "+ex) dbgCommand("sxd "+ex)

Another option handles all exceptions manually:

 .foreach(exc {.echo "ct et cpr epr ld ud ser ibp iml out av asrt aph bpe bpec eh clr clrn cce cc dm dbce gp ii ip dz iov ch hc lsq isc 3c svh sse ssec sbo sov vs vcpp wkd rto rtt wob wos *"}) {.catch{sxd ${exc}}}

However, if WinDbg has new exception codes, you must add them to the .echo command.

+8
source share

In Windbg, the sx command family is used to control exceptions to be handled.

To pass an exception directly to the application, use the sxd command, which disables the specific exception. (Actually disable the average ignoring of the first chance exception) As far as I know, you should use sxd for all specific exceptions, because sxd * means all exceptions that are not explicitly indicated explicitly.

Use the sx command to view available exceptions and current settings. And use sxd for everything you want to disable.

  0:000> sx ct - Create thread - ignore et - Exit thread - ignore cpr - Create process - ignore <cut> av - Access violation - break - not handled 0:000> sxd av 0:000> sx ct - Create thread - ignore et - Exit thread - ignore <cut> av - Access violation - second-chance break - not handled

The result, in my opinion, is difficult to interpret; av (access violation) will no longer be handled by the debugger in any visible way.

The section “Exception and event control” in the help system explains the first chance and the concept of the second chance.

+4
source share

You can optionally manage this from the WinDbg GUI 'Debug> Event Filters ...', this will open a dialog box as follows:

enter image description here

Here you can specify how WinDbg handles each type of exception and whether it should be enabled, disabled, output to the WinDbg console output or ignored, and then in the event that launches WinDbg or your application to process it.

So, in your case, you can select "Ignore" and "Do not process" there MSDN page, which explains a little more: https://msdn.microsoft.com/en-us/library/windows/hardware/ff541752(v=vs .85) .aspx

+3
source share

More articles:


All Articles