public bool HandleAccessViolation(UnsafeMethods.DEBUG_EVENT e)
{
do
{
if (e.u.Exception.dwFirstChance != 0)
{
// If ignoring first chance, return true
if (!firstChance)
{
return(true);
}
// Guard page or illegal op
if (e.u.Exception.ExceptionRecord.ExceptionCode == 0x80000001 ||
e.u.Exception.ExceptionRecord.ExceptionCode == 0xC000001D)
{
// Internesting!
logger.Debug("HandleAccessViolation: First chance guard page or illegal op");
break;
}
if (e.u.Exception.ExceptionRecord.ExceptionCode == 0xC0000005)
{
if (e.u.Exception.ExceptionRecord.ExceptionInformation[0].ToInt64() == 1 &&
e.u.Exception.ExceptionRecord.ExceptionInformation[1].ToInt64() != 0)
{
// is write a/v?
logger.Debug("HandleAccessViolation: First chance write a/v");
break;
}
if (e.u.Exception.ExceptionRecord.ExceptionInformation[0].ToInt64() == 0)
{
// is DEP?
logger.Debug("HandleAccessViolation: First chance DEP");
break;
}
}
// Otherwise not interesting
return(true);
}
// Second chance we capture all
logger.Debug("HandleAccessViolation: Second chance exception, w00t");
} while (false);
caughtException = e.u.Exception.dwFirstChance == 0 ? "SecondChance" : "FirstChance";
return(false);
}
public void HandleAccessViolation(UnsafeMethods.DEBUG_EVENT e)
{
do
{
if (e.u.Exception.dwFirstChance != 0)
{
// Guard page or illegal op
if (e.u.Exception.ExceptionRecord.ExceptionCode == 0x80000001 ||
e.u.Exception.ExceptionRecord.ExceptionCode == 0xC000001D)
{
// Internesting!
Console.Error.WriteLine("HandleAccessViolation: First chance guard page or illegal op");
break;
}
if (e.u.Exception.ExceptionRecord.ExceptionCode == 0xC0000005)
{
if (e.u.Exception.ExceptionRecord.ExceptionInformation[0].ToInt64() == 1 &&
e.u.Exception.ExceptionRecord.ExceptionInformation[1].ToInt64() != 0)
{
// is write a/v?
Console.Error.WriteLine("HandleAccessViolation: First chance write a/v");
break;
}
if (e.u.Exception.ExceptionRecord.ExceptionInformation[0].ToInt64() == 0)
{
// is DEP?
Console.Error.WriteLine("HandleAccessViolation: First chance DEP");
break;
}
}
// Otherwise not interesting
return;
}
// Second chance we capture all
Console.Error.WriteLine("HandleAccessViolation: Second chance exception, w00t");
} while (false);
caughtException |= e.dwProcessId == dbg.dwProcessId;
}
bool HandleAccessViolation(UnsafeMethods.DEBUG_EVENT DebugEv)
{
if (DebugEv.u.Exception.dwFirstChance == 1)
{
// Only some first chance exceptions are interesting
bool handled = false;
if (DebugEv.u.Exception.ExceptionRecord.ExceptionCode == 0x80000001 ||
DebugEv.u.Exception.ExceptionRecord.ExceptionCode == 0xC000001D)
{
handled = true;
}
// http://msdn.microsoft.com/en-us/library/windows/desktop/aa363082(v=vs.85).aspx
// Access violation
if (DebugEv.u.Exception.ExceptionRecord.ExceptionCode == 0xC0000005)
{
// A/V on EIP
if (DebugEv.u.Exception.ExceptionRecord.ExceptionInformation[0].ToInt64() == 0)
{
handled = true;
}
// write a/v not near null
else if (DebugEv.u.Exception.ExceptionRecord.ExceptionInformation[0].ToInt64() == 1 &&
DebugEv.u.Exception.ExceptionRecord.ExceptionInformation[1].ToInt64() != 0)
{
handled = true;
}
// DEP
else if (DebugEv.u.Exception.ExceptionRecord.ExceptionInformation[0].ToInt64() == 8)
{
handled = true;
}
}
// Skip uninteresting first chance
if (!handled)
{
return(true);
}
}
Fault fault = new Fault();
fault.type = FaultType.Fault;
fault.detectionSource = "SystemDebugger";
fault.title = "Exception: 0x" + DebugEv.u.Exception.ExceptionRecord.ExceptionCode.ToString("x8");
StringBuilder output = new StringBuilder();
if (DebugEv.u.Exception.dwFirstChance == 1)
{
output.Append("First Chance ");
}
output.AppendLine(fault.title);
if (DebugEv.u.Exception.ExceptionRecord.ExceptionCode == 0xC0000005)
{
output.Append("Access Violation ");
if (DebugEv.u.Exception.ExceptionRecord.ExceptionInformation[0].ToInt64() == 0)
{
output.Append(" Reading From 0x");
}
else
{
output.Append(" Writing To 0x");
}
output.Append(DebugEv.u.Exception.ExceptionRecord.ExceptionInformation[1].ToInt64().ToString("x16"));
}
fault.description = output.ToString();
crashInfo = fault;
return(false);
}
public void HandleAccessViolation(UnsafeMethods.DEBUG_EVENT DebugEv)
{
bool handle = false;
if (DebugEv.u.Exception.dwFirstChance == 1)
{
// Only some first chance exceptions are interesting
if (DebugEv.u.Exception.ExceptionRecord.ExceptionCode == 0x80000001 ||
DebugEv.u.Exception.ExceptionRecord.ExceptionCode == 0xC000001D)
{
handle = true;
}
if (DebugEv.u.Exception.ExceptionRecord.ExceptionCode == 0xC0000005)
{
// A/V on EIP || DEP
if (DebugEv.u.Exception.ExceptionRecord.ExceptionInformation[0].ToInt64() == 0)
{
handle = true;
}
// write a/v not near null
else if (DebugEv.u.Exception.ExceptionRecord.ExceptionInformation[0].ToInt64() == 1 &&
DebugEv.u.Exception.ExceptionRecord.ExceptionInformation[1].ToInt64() != 0)
{
handle = true;
}
}
// Skip uninteresting first chance
if (handle == false)
{
return;
}
}
Fault fault = new Fault();
fault.type = FaultType.Fault;
fault.detectionSource = "SystemDebugger";
fault.title = "Exception: 0x" + DebugEv.u.Exception.ExceptionRecord.ExceptionCode.ToString("x8");
StringBuilder output = new StringBuilder();
if (DebugEv.u.Exception.dwFirstChance == 1)
{
output.Append("First Chance ");
}
output.AppendLine(fault.title);
if (DebugEv.u.Exception.ExceptionRecord.ExceptionCode == 0xC0000005)
{
output.Append("Access Violation ");
if (DebugEv.u.Exception.ExceptionRecord.ExceptionInformation[0].ToInt64() == 0)
{
output.Append(" Reading From 0x");
}
else
{
output.Append(" Writing To 0x");
}
output.Append(DebugEv.u.Exception.ExceptionRecord.ExceptionInformation[1].ToInt64().ToString("x16"));
}
fault.description = output.ToString();
crashInfo = fault;
_dbg.processExit = true;
}
