WinDBG - how to set all exception to be passed into app?

Asked 3/2, 2015 at 18:37 Answered 4/2, 2015 at 9:38

How can I set all exceptions behavior to pass to application and not appear in debugger?

I'm using IDA Pro 6.6 and WinDbg.

Radome answered 3/2, 2015 at 18:37 Comment(0)

It's a bit awkward to do that for all exception types at once

.foreach(exc {sx}) {.catch{sxd ${exc}}}

What it does:

{sx}: list all exception types (and current settings, which you actually don't want)
exc: assign a variable
.foreach(...) {...}: cut it into pieces of single words and execute a command
sxd ${exc}: disable whatever is in variable exc
.catch{...}: ignore all the error messages which come from the settings information

The advantage of the above approach is that it is WinDbg version independent. If new exception codes are introduced, it will still work.

Processing of unwanted text can be avoided with PyKd. Save the following script into a file sdx.py and run !py sxd.py:

from pykd import *

sx = dbgCommand("sx")
for s in sx.splitlines():
    ex = s[:4]
    if  not ex=="" or ex.isspace():
        print("sxd "+ex)
        dbgCommand("sxd "+ex)

Another option is processing all the exceptions manually:

.foreach(exc {.echo "ct et cpr epr ld ud ser ibp iml out av asrt aph bpe bpec eh clr clrn cce cc dm dbce gp ii ip dz iov ch hc lsq isc 3c svh sse ssec sbo sov vs vcpp wkd rto rtt wob wos *"}) {.catch{sxd ${exc}}}

However, if there are new exception codes in WinDbg, you have to add them to the .echo command.

Abramabramo answered 3/2, 2015 at 21:20 Comment(3)

It it possible to cut out exception names only, to void passing other trash into sxd command? – Justiciable 26/8, 2016 at 20:15

@hypersw: unfortunately not. Since the length of the output is not predictable, the /pS and /ps options cannot be used – Abramabramo 27/8, 2016 at 18:46

@hypersw: you could of course list all exceptions manually. I've edited the answer – Abramabramo 27/8, 2016 at 18:52

In Windbg the sx family of commands is used to control how exceptions should be handled.

For passing an exception directly to the application, use the sxd command which disable a specific exception. (Actually disable mean ignore first chance exception) To my knowledge, you must use sxd on all specific exceptions, because sxd * means all exceptions that are not otherwise explicitly named.

Use the sx command to see the available exceptions and current settings. And use sxd on all you want to disable.

 0:000> sx
   ct - Create thread - ignore
   et - Exit thread - ignore
  cpr - Create process - ignore
 <cut> 
   av - Access violation - break - not handled

 0:000> sxd av
 0:000> sx
 ct - Create thread - ignore
 et - Exit thread - ignore
 <cut> 
 av - Access violation - second-chance break - not handled

The output is in my opinion a bit difficult to interpret; the av (access violation) will now not be handled by the debugger in any visible way.

The “Controlling Exceptions and Events” section in the help explains the first chance and second-chance concept.

Enjoyable answered 3/2, 2015 at 20:12 Comment(0)

You can optionally control this from the WinDbg GUI 'Debug>Event Filters...' this will open a dialog box like so:

enter image description here

Here you can set how WinDbg handles each exception type and whether they should be enabled, disabled, outputted to the WinDbg console output or ignored and then on the event firing whether WinDbg or your app should handle it.

So in your case you can select 'Ignore' and 'Not Handled' there a MSDN page that explains a little more: https://msdn.microsoft.com/en-us/library/windows/hardware/ff541752(v=vs.85).aspx

Pouch answered 4/2, 2015 at 9:38 Comment(0)

Recommended topics

Hot tags