Exception analysis – easy steps

When debugging an application, you can configure the debugger to break the process on an exception using sxe command.

0:000> sxe eh

Now, you got an exception. The debugger shows a prompt something like this.

(b34.fec): C++ EH exception – code e06d7363 (first chance)
First chance exceptions are reported before any exception handling.
This exception may be expected and handled.
eax=0012fca0 ebx=00000000 ecx=00000000 edx=00000003 esi=0012fd28 edi=7c809806
eip=7c812afb esp=0012fc9c ebp=0012fcf0 iopl=0         nv up ei pl nz na pe nc
cs=001b  ss=0023  ds=0023  es=0023  fs=003b  gs=0000             efl=00000206
7c812afb 5e              pop     esi

So, what’s the next step? You probably want to know the detail of exception object. Let’s get a stack trace.

ChildEBP RetAddr  Args to Child
0012fcf0 78158e89 e06d7363 00000001 00000003 kernel32!RaiseException+0x53
0012fd28 00411bf2 0012fd48 00459c28 40b5aebe MSVCR80!_CxxThrowException+0x46
0012ff7c 00447f7a 00000002 0209ffc8 01feff18 mvp_vc8_0pch_mt_lf!main+0x3d2
0012ffc0 7c817077 7c911460 0006f4cc 7ffd9000 mvp_vc8_0pch_mt_lf!__tmainCRTStartup+0x10f
0012fff0 00000000 004480c3 00000000 78746341 kernel32!BaseProcessStart+0x23

The first parameter to _CxxThrowException function is the exception object being thrown. To get the type of the exception, you can use dds command.

0:000> dds 0012fd48 L1
0012fd48  0044f4b0 mvp_vc8_0pch_mt_lf!std::runtime_error::`vftable’

Then show the detail of the exception object with dt command with -r option (recursive dump).

0:000> dt -r 0012fd48 std::runtime_error
   +0x000 __VFN_table : 0x0044f4b0
   +0x004 _m_what          : (null)
   +0x008 _m_doFree        : 0
   +0x00c _Str             : std::basic_string<char,std::char_traits<char>,std::allocator<char> >
      +0x000 _Alval           : std::allocator<char>
      =00400000 npos             : 0x905a4d
      +0x004 _Bx              : std::basic_string<char,std::char_traits<char>,std::allocator<char> >::_Bxty
         +0x000 _Buf             : [16]  "???"
         +0x000 _Ptr             : 0x02a72fe0  "failed to analyze the file."
      +0x014 _Mysize          : 0x1b
      +0x018 _Myres           : 0x1f

Such information is very valuable for debugging.


About Moto

Engineer who likes coding
This entry was posted in Advanced Debugging. Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s