Hi there,

i want to monitor a program for occurring exceptions - without attaching as a debugger or alter the SoftwareUnderTest in any ways (no hooks etc).
I tried it and many common software uses anti-debug-mechs thus avoiding also the attempt to catch exceptions that way.
I moved over to simply poll for the windows debug dialog and then attach as debugger and get the exception and infos of the error, then close the Dialog via PostMessage(..VK_ESCAPE..).

My question is: how to notice that a certain programm crashed? Maybe i overseen it in the msdn api section - i would assume there s some functions or flags you could check?

Greets RickD

Hi

Forgive my confusion, but isn't what you describe (poll windows debug dialog / attach as debugger) what a just-in-time debugger (AEDEBUG) accomplishes?

As for the question, I guess that would be part of the whole exception handling mechanism. You could always dig back from where the JIT debugger is brought into the picture (I suspect a check for the AEDEBUG registry setting, possibly in ntdll in some exception handling function).

Thanks man, your post made my day!

AEDEBUG and the drwtsn32 was eaxactly what i was looking for - i knew i was lacking information on the basics there.
So i put olly out and drwtsn in as JIT set auto to 1 and get my crashdumps; still there s a popup telling me something went wrong. I d like to disable that also but thats solved by a poll and PostMessage and a good indicator so far when to restart the app i m fuzzing.