Neitsa
February 27th, 2010, 11:22
Hello everyone,
I'm currently trying to program the debugging engine of Windbg. I've got a problem with the handling of exceptions in the IDebugEventCallbacks::Exception() ("http://msdn.microsoft.com/en-us/library/cc265709.aspx") method.
When I handle the second chance, I would like to end the debugging session , that is:
- 1) escape from the IDebugControl::WaitForEvent.
- 2) Shutdown the engine in a clean way.
The first problem is that whatever I return from the Exception method (see snippet above), the engine keeps notifying me that an exception occurred. DEBUG_STATUS_GO_NOT_HANDLED, DEBUG_STATUS_GO_HANDLED or even DEBUG_STATUS_BREAK seem to have the same behavior.
The debugger engine ends up handling the same exception in an infinite loop. Trying to terminate the session with IDebugClient::EndSession() doesn't help either.
What should I do to handle an exception only once ? Then what should I do to exit the session properly ?
According to the docs, about IDebugControl::WaitForEvent():
But returning DEBUG_STATUS_BREAK in my callback doesn't break into my debug loop in my case... What am I doing wrong ?
my debug loop:
Thanks for any comment!
I'm currently trying to program the debugging engine of Windbg. I've got a problem with the handling of exceptions in the IDebugEventCallbacks::Exception() ("http://msdn.microsoft.com/en-us/library/cc265709.aspx") method.
Code:
STDMETHODIMP
EventCallbacks::Exception(
THIS_
IN PEXCEPTION_RECORD64 Exception,
IN ULONG FirstChance
)
{
//by default we set that the debug engine will not handle anything.
HRESULT Status = DEBUG_STATUS_GO_NOT_HANDLED;
//we don't want to deal with first chance exceptions.
//Let the debuggee try to handle the exception by itself.
//If it can't handle it, we'll receive the second chance.
if(FirstChance != 0)
return Status;
switch(Exception->ExceptionCode)
{
// [...cut...]
case STATUS_INTEGER_DIVIDE_BY_ZERO:
//printf(" Integer Divide by zero at %#I64x\n", Exception->ExceptionAddress);
m_dbgeng->OpenLogFile("log.txt", TRUE);
m_dbgeng->Execute(DEBUG_OUTCTL_THIS_CLIENT, "rM 1; u @eip", DEBUG_EXECUTE_ECHO);
m_dbgeng->WriteDumpFile("test.dmp", DEBUG_DUMP_DEFAULT);
m_dbgeng->CloseLogFile();
//m_dbgeng->EndSession(DEBUG_END_ACTIVE_TERMINATE);
Status = DEBUG_STATUS_BREAK;
break;
}
return Status;
}
When I handle the second chance, I would like to end the debugging session , that is:
- 1) escape from the IDebugControl::WaitForEvent.
- 2) Shutdown the engine in a clean way.
The first problem is that whatever I return from the Exception method (see snippet above), the engine keeps notifying me that an exception occurred. DEBUG_STATUS_GO_NOT_HANDLED, DEBUG_STATUS_GO_HANDLED or even DEBUG_STATUS_BREAK seem to have the same behavior.
The debugger engine ends up handling the same exception in an infinite loop. Trying to terminate the session with IDebugClient::EndSession() doesn't help either.
What should I do to handle an exception only once ? Then what should I do to exit the session properly ?
According to the docs, about IDebugControl::WaitForEvent():
Quote:
When an event occurs, the debugger engine will process the event and call the event callbacks. If one of these callbacks indicates that the event should break into the debugger engine application (by returning DEBUG_STATUS_BREAK), this method will return; otherwise, it will continue waiting for an event. |
But returning DEBUG_STATUS_BREAK in my callback doesn't break into my debug loop in my case... What am I doing wrong ?
my debug loop:
Code:
void DebugEngine::EnterDebugLoop(void)
{
HRESULT Status;
for (;
{
if ((Status = m_control->WaitForEvent(DEBUG_WAIT_DEFAULT,
INFINITE)) != S_OK)
{
ULONG ExecStatus;
// Check and see whether the session is running or not.
if (m_control->GetExecutionStatus(&ExecStatus) == S_OK &&
ExecStatus == DEBUG_STATUS_NO_DEBUGGEE)
{
// The session ended so we can quit the debug loop.
break;
}
// There was a real error. Either the GetExecutionStatus method failed
// or there's no more debuggee.
throw DebugException("Error DebugLoop";
}
}
printf("[X] break from debugloop\n"
}
Thanks for any comment!
Spent a week one this problem and posting the question raised the answer... 
Now, continuing fuzzing with my debugger 
