how to trace a program exception?
 

I have patched a program, which now starts O.K. but runs for exactly 4 min and then unexpectedly terminates.

If I tried to trace the exe/dll which throws the exception, but the debugger does not give me any clues.

How can I trace the exception event?

rgds
rcer

Don't know what exactly you are tracing, but hope this can help
Put BP on KiUserExceptionDispatcher

First and foremost, it is critical to understand FULLY , the way Structured Exception Handling (SEH) is implemented in Windows.

This is a very CONCISE but a very classic paper :
After that, you can go through this :
Tracing Exception Handlers : http://www.hexblog.com/?p=19

That gives an excellent overview of the entire process.

In all probability, your program is simply having a "timer" that terminate the process, after 4 minutes, if the required conditions are not met, by using SEH ...

You would need to follow through by checking the entire SEH "tree" to see from WHICH level exactly the exception is generated and at which level of the SEH tree is is actually handled.

For an "unhandled" exception , it can simply traverse many levels above right up to the TOP level, before showing it to the user or terminating the process.

Maybe this is a way: Put a BP GetSystemTime and BP GetLocalTime and trace with olly from where the exception is called, only a suggestion.
Regards

Guys,
Excellent advice & information!

I managed to trace this and it is indeed a call to a "timer" which terminates the process.

thanks

rcer

Great info,

but I am on Mac and I cannot found any info about tracing exception handler on unix system

can someone point me on the right direction?

thanks

nashito

hi,
you can use 'strace' - trace system calls and signals - if available!
however I c++ If an exception is uncaught, the special library function std::terminate() is automatically called. Terminate is actually a pointer to a function and default value is the Standard C library function std::abort().
look at: also this is a good article: