Log in

View Full Version : Trap exceptions 0E in NTVDM.exe without being a debugger

Japheth
January 20th, 2004, 07:53
Hi,

I would like to trap exceptions 0E caused by protected mode DOS programs (DPMI) in the NTVDM.EXE process.
The DPMI app itself doesnt get noticed of 0Es by the server as it should be. So I wrote a VDD which places a handler at FS:[0], but this doesnt work either.

Any ideas appreciated

Japheth
sope
January 20th, 2004, 10:12
Hello Japheth

I don't know if this below url will help you pls have a look hope it helps...

hxxp://scifi.pages.at/yoda9k/snippets/KiExctHook.zip

Regards, Sope.
volodya
January 20th, 2004, 13:08
I would like to trap exceptions 0E caused by protected mode DOS programs (DPMI) in the NTVDM.EXE process.

Write a device driver. Hook IDT. Check if the process is a VDM one. If it is - do what you want. If it is not - pass it to the windows.
Japheth
January 20th, 2004, 14:03
Thanks volodya, but I would prefer a not so "brute force" method.

Thanks sope for the link. Will check it.

Japheth
sna
January 21st, 2004, 11:09
Have you thought about installing a handler in the Vectored Exception Handler (VEH) chain?
The VEH callbacks are executed before the SEH callbacks so that guarantees that you get first chance on all exceptions.
And if you hook the functions that modify the chain, you can handle the chaining yourself and further
guarantee that you'll be given the first chance to handle exceptions. You would of course need to be in
the context of NTVDM for this to work... Ooh, and it's only supported on XP/2K3 Server

http://msdn.microsoft.com/library/default.asp?url=/library/en-us/debug/base/structured_exception_handling_functions.asp

cheers, sna
Japheth
January 22nd, 2004, 03:00
Thanks sna,

I heard about this only recently. I currently consider to give it a try, but since it works for XP only and isnt sure to work for the constellation in question I'm hesitating a bit.
user
January 24th, 2004, 17:29
Quote:
[Originally Posted by Japheth]Hi,

I would like to trap exceptions 0E caused by protected mode DOS programs (DPMI) in the NTVDM.EXE process.
The DPMI app itself doesnt get noticed of 0Es by the server as it should be. So I wrote a VDD which places a handler at FS:[0], but this doesnt work either.
why don't you use the DPMI API to hook exception vectors?
Japheth
January 25th, 2004, 05:40
Quote:
[Originally Posted by user]why don't you use the DPMI API to hook exception vectors?


because in NT/2K/XP
>>>>>>>>>>>>>>>>>>>>>>>>>>>
The DPMI app itself doesnt get noticed of 0Es by the server
>>>>>>>>>>>>>>>>>>>>>>>>>>>
which means, if you install an exception handler by DPMI function ax=0203h, bl=0Eh, it wont be called ever.
user
January 30th, 2004, 19:42
Quote:
[Originally Posted by Japheth]because in NT/2K/XP
>>>>>>>>>>>>>>>>>>>>>>>>>>>
The DPMI app itself doesnt get noticed of 0Es by the server
>>>>>>>>>>>>>>>>>>>>>>>>>>>
which means, if you install an exception handler by DPMI function ax=0203h, bl=0Eh, it wont be called ever.

how do DJGPP/CWSDPMI do it then?
Japheth
January 31st, 2004, 05:38
Quote:
[Originally Posted by user]how do DJGPP/CWSDPMI do it then?


CWSDPMI is a DPMI server executed when no other server is running. This is NOT the case when opening a DOS box in win9x or winnt. The problem I'm describing only applies to the build-in winnt/xp DPMI "server" NTVDM/DOSX