Exetools  

Go Back   Exetools > General > General Discussion

Notices

Reply
 
Thread Tools Display Modes
  #1  
Old 09-25-2015, 11:28
rcer rcer is offline
Friend
 
Join Date: Dec 2008
Posts: 132
Rept. Given: 5
Rept. Rcvd 7 Times in 6 Posts
Thanks Given: 4
Thanks Rcvd at 14 Times in 14 Posts
rcer Reputation: 7
how to trace a program exception?

I have patched a program, which now starts O.K. but runs for exactly 4 min and then unexpectedly terminates.

If I tried to trace the exe/dll which throws the exception, but the debugger does not give me any clues.

How can I trace the exception event?

rgds
rcer
Reply With Quote
  #2  
Old 09-25-2015, 11:33
b30wulf's Avatar
b30wulf b30wulf is offline
Family
 
Join Date: Nov 2013
Posts: 166
Rept. Given: 203
Rept. Rcvd 115 Times in 37 Posts
Thanks Given: 154
Thanks Rcvd at 202 Times in 64 Posts
b30wulf Reputation: 100-199 b30wulf Reputation: 100-199
Don't know what exactly you are tracing, but hope this can help
Put BP on KiUserExceptionDispatcher
Reply With Quote
The Following User Says Thank You to b30wulf For This Useful Post:
rcer (09-26-2015)
  #3  
Old 09-25-2015, 18:31
TechLord TechLord is offline
Banned User
 
Join Date: Mar 2005
Location: 10 Steps Ahead of You
Posts: 786
Rept. Given: 389
Rept. Rcvd 247 Times in 112 Posts
Thanks Given: 806
Thanks Rcvd at 2,058 Times in 595 Posts
TechLord Reputation: 200-299 TechLord Reputation: 200-299 TechLord Reputation: 200-299
Quote:
I have patched a program, which now starts O.K. but runs for exactly 4 min and then unexpectedly terminates.

If I tried to trace the exe/dll which throws the exception, but the debugger does not give me any clues.

How can I trace the exception event?
First and foremost, it is critical to understand FULLY , the way Structured Exception Handling (SEH) is implemented in Windows.

This is a very CONCISE but a very classic paper :
Quote:
https://www.microsoft.com/msj/0197/Exception/Exception.aspx
After that, you can go through this :
Tracing Exception Handlers : http://www.hexblog.com/?p=19

That gives an excellent overview of the entire process.

In all probability, your program is simply having a "timer" that terminate the process, after 4 minutes, if the required conditions are not met, by using SEH ...

You would need to follow through by checking the entire SEH "tree" to see from WHICH level exactly the exception is generated and at which level of the SEH tree is is actually handled.

For an "unhandled" exception , it can simply traverse many levels above right up to the TOP level, before showing it to the user or terminating the process.
Reply With Quote
The Following 5 Users Say Thank You to TechLord For This Useful Post:
abhi93696 (03-14-2017), rcer (09-26-2015), sh3dow (09-26-2015), tonyweb (12-20-2016)
  #4  
Old 09-25-2015, 18:49
wilson bibe wilson bibe is offline
VIP
 
Join Date: Nov 2012
Posts: 452
Rept. Given: 479
Rept. Rcvd 439 Times in 180 Posts
Thanks Given: 479
Thanks Rcvd at 160 Times in 99 Posts
wilson bibe Reputation: 400-499 wilson bibe Reputation: 400-499 wilson bibe Reputation: 400-499 wilson bibe Reputation: 400-499 wilson bibe Reputation: 400-499
Maybe this is a way: Put a BP GetSystemTime and BP GetLocalTime and trace with olly from where the exception is called, only a suggestion.
Regards
Reply With Quote
The Following 2 Users Say Thank You to wilson bibe For This Useful Post:
rcer (09-26-2015), tonyweb (12-20-2016)
  #5  
Old 09-26-2015, 12:31
rcer rcer is offline
Friend
 
Join Date: Dec 2008
Posts: 132
Rept. Given: 5
Rept. Rcvd 7 Times in 6 Posts
Thanks Given: 4
Thanks Rcvd at 14 Times in 14 Posts
rcer Reputation: 7
Guys,
Excellent advice & information!

I managed to trace this and it is indeed a call to a "timer" which terminates the process.

thanks

rcer
Reply With Quote
  #6  
Old 12-20-2016, 06:20
nashito
 
Posts: n/a
Great info,

but I am on Mac and I cannot found any info about tracing exception handler on unix system

can someone point me on the right direction?

thanks

nashito
Reply With Quote
  #7  
Old 01-16-2017, 07:31
Mr.reCoder Mr.reCoder is offline
Friend
 
Join Date: Oct 2014
Location: Binary Land
Posts: 14
Rept. Given: 4
Rept. Rcvd 10 Times in 8 Posts
Thanks Given: 12
Thanks Rcvd at 16 Times in 3 Posts
Mr.reCoder Reputation: 10
Quote:
Originally Posted by nashito View Post
Great info,
but I am on Mac and I cannot found any info about tracing exception handler on unix system
can someone point me on the right direction?
thanks
nashito
hi,
you can use 'strace' - trace system calls and signals - if available!
however I c++ If an exception is uncaught, the special library function std::terminate() is automatically called. Terminate is actually a pointer to a function and default value is the Standard C library function std::abort().
look at:
Code:
http://en.cppreference.com/w/cpp/error/terminate
also this is a good article:
Code:
https://spin.atomicobject.com/2013/01/13/exceptions-stack-traces-c/
Reply With Quote
The Following 2 Users Say Thank You to Mr.reCoder For This Useful Post:
abhi93696 (03-14-2017)
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
The Exception Table hook STRELiTZIA General Discussion 0 10-25-2011 17:05
Asprotect Last Exception britedream General Discussion 10 11-03-2005 20:59
Trace new hasp protected program Elickson General Discussion 2 09-05-2005 09:05
Last exception for asprotect britedream General Discussion 7 04-09-2004 15:56


All times are GMT +8. The time now is 01:47.


Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX
( 1998 - 2021 )