analyzing the crash dump with __except - c++

Suppose I have the following code
main()
{
__try
{
//---> SEH EXCEPTION HAS HAPPENED HERE
}
__finally
{
//---> CRASH DUMP WAS TAKEN HERE
}
}
The crash dump was taken at the "--->" marked place. Can I know from userdump what was the original exception that brought us there. I cannot find any info in stack trace (seems just like normal execution without exception handler)
UPD: Sorry guys seems like the exception wasn't in the this thread, otherwise finally handler would be clearly called from __except_handler during the unwind phase. Need to close

Use WinDbg and follow the details on this blog post: http://blogs.msdn.com/b/slavao/archive/2005/01/30/363428.aspx WinDbg can be downloaded from here: http://msdn.microsoft.com/en-us/windows/hardware/gg463009

You are just doing it wrong. The crash dump should be made in the __except filter. Now .excr and !analyze will work just fine in the debugger.

Related

How to trap an error in C++ when __try __except can't

I have code that uses a 3rd party library.
That library throws the occasional Access Violation exception. A basic try/catch didn't catch the error, and the program would hard crash.
I was able to use a __try __except instead, to catch the error, log it, and then gracefully exit the program.
The 3rd party has just updated their library, and now a small subset of the records that were causing the access violation errors just dies in production with "[program name] has stopped working"
In Visual Studio, when stepping thru I get "Microsoft Visual Studio C Runtime Library has detected a fatal error in [program name]."
I've updated my __except statement to catch everything (or so I believe), and it still happens.
Original __except:
__except (eps = GetExceptionInformation(), ((GetExceptionCode() == EXCEPTION_ACCESS_VIOLATION)
? EXCEPTION_EXECUTE_HANDLER
: EXCEPTION_CONTINUE_SEARCH)) {
sprintf("error message");
result = 99;
}
New __except:
__except (eps = GetExceptionInformation(), ((1 == 1)
? EXCEPTION_EXECUTE_HANDLER
: EXCEPTION_CONTINUE_SEARCH)) {
sprintf("error message");
result = 99;
}
Just a friendly FYI, the first expression in your exception filter eps = GetExceptionInformation() appears to be unused.
Also, if you want to catch all exceptions then __except (EXCEPTION_EXECUTE_HANDLER) should be all you need. Although I would only recommend that for debugging purposes.
If this does not catch your exception, it is possible that the library is trying to handle the exception itself and something funky is going on in the library itself. I would check with the provider of the library and ask if this is a known issue.

How is it possible to know what caused an exception

In the code I am implementing I have
__except(EXCEPTION_EXECUTE_HANDLER)
{
return false;
}
And there is an execution path when the exception occurs
How can I know why the exception happened while debugging?
Use GetExceptionInformation?-Can it print the exception or give me exception`s data?
In Visual Studio, you can go to Debug > Exceptions (in the menu). There's a checkbox for each exception type which enables you to break execution when the exception is thrown.

Enabling exceptions in iOS

I have enabled GCC_ENABLE_CPP_EXCEPTIONS, GCC_ENABLE_EXCEPTIONS, GCC_ENABLE_OBJC_EXCEPTIONS in my XCode project. When I add the following lines of code to my source my program crashes with the forrlowing error: terminate called throwing an exceptionProgram received signal: “SIGABRT”.:
try {
throw 1;
}
catch (...) {
// handle
}
Shouldn't I be able to catch this exception? Do I have to do something more?
This page may help. From the information there, my thought would be either the -fexcpetions parameter is not explicitly passed, or your file is not being recognised as C++ source (.mm/.cpp).

How can I catch an invalid fgetpos call as a C++ exception on Windows?

In Visual C++ 2008, I want to "catch" an exception generated as shown here:
try {
int foo = 20;
::fgetpos(0, (fpos_t*)&foo);
}
//...
Here are adjustments I've made to attempt a successful catch:
SEH is activated (/eha)
I've added a catch(...)
I've added a _set_se_translator vector.
I've added/adjusted to SEH syntax: __try / __except(EXCEPTION_EXECUTE_HANDLER)
In short, I've tried "everything in the book" and I still can't catch the exception. If I replace the call to ::fgetpos with int hey = foo / 0 then suddenly all of the above techniques work as expected. So the exception I'm dealing with from ::fgetpos is somehow "extra special."
Can someone explain why this ::fgetpos error seems uncatchable, and how to work around it?
update When executed in the VS IDE, the output window doesn't name an exception. All it says is this:
Microsoft Visual Studio C Runtime Library has detected a fatal error in MyProgram.exe.
Not very helpful. When I run the console app from the command line, I get a crash dialogue. The "problem details" section of the dialogue includes this information:
Problem Event Name: BEX
Exception Offset:0002fd30
Exception Code: c0000417
Exception Data: 00000000
Additional Information 1:69ad
Additional Information 2:69addfb19767b2221c8e3e7a5cd2f4ae
Additional Information 3:b1ff
Additional Information 4:b1ffca30cadddc78c19f19b6d150997f
Since the code in your dump corresponds to STATUS_INVALID_CRUNTIME_PARAMETER, try _set_invalid_parameter_handler
Most likely, the runtime catches it for you and issues a debug dialog without returning or propagating the exception- that is a CRT call and they may add whatever exception catching code in there they like. It's well within Visual Studio's rights to catch a hardware exception inside a library function, especially if you are running from within the IDE or in debug mode, then it is expected of the runtime.
Of course, when you divide by zero, then there is no library call here to write that extra catching code.

How to terminate a program when it crashes? (which should just fail a unit test instead of getting stuck forever)

Our unit tests fire off child processes, and sometimes these child processes crash. When this happens, a Windows Error Reporting dialog pops up, and the process stays alive until this is manually dismissed. This of course prevents the unit tests from ever terminating.
How can this be avoided?
Here's an example dialog in Win7 with the usual settings:
If I disable the AeDebug registry key, the JIT debugging option goes away:
If I disable checking for solutions (the only thing I seem to have control over via the control panel), it looks like this, but still appears and still stops the program from dying until the user presses something. WerAddExcludedApplication is documented to also have this effect.
A summary from the answers by jdehaan and Eric Brown, as well as this question (see also this question):
N.B. These solutions may affect other error reporting as well, e.g. failure to load a DLL or open a file.
Option 1: Disable globally
Works globally on the entire user account or machine, which can be both a benefit and a drawback.
Set [HKLM|HKCU]\Software\Microsoft\Windows\Windows Error Reporting\DontShowUI to 1.
More info: WER settings.
Option 2: Disable for the application
Requires modification to the crashing program, described in documentation as best practice, unsuitable for a library function.
Call SetErrorMode: SetErrorMode(SetErrorMode(0) | SEM_NOGPFAULTERRORBOX); (or with SEM_FAILCRITICALERRORS). More info: Disabling the program crash dialog (explains the odd arrangement of calls).
Option 2a: Disable for a function:
Requires modification to the crashing program, requires Windows 7/2008 R2 (desktop apps only) or higher, described in documenation as preferred to SetErrorMode, suitable for a thread-safe library function.
Call and reset SetThreadErrorMode:
DWORD OldThreadErrorMode = 0;
SetThreadErrorMode(SEM_FAILCRITICALERRORS,& OldThreadErrorMode);
…
SetThreadErrorMode (z_OldThreadErrorMode, NULL);
More info: not much available?
Option 3: Specify a handler
Requires modification to the crashing program.
Use SetUnhandledExceptionFilter to set your own structured exception handler that simply exits, probably with reporting and possibly an attempt at clean-up.
Option 4: Catch as an exception
Requires modification to the crashing program. For .NET applications only.
Wrap all code into a global try/catch block. Specify the HandleProcessCorruptedStateExceptionsAttribute and possibly also the SecurityCriticalAttribute on the method catching the exceptions. More info: Handling corrupted state exceptions
Note: this might not catch crashes caused by the Managed Debugging Assistants; if so, these also need to be disabled in the application.
Option 5: Stop the reporting process
Works globally on the entire user account, but only for a controlled duration.
Kill the Windows Error Reporting process whenever it shows up:
var werKiller = new Thread(() =>
{
while (true)
{
foreach (var proc in Process.GetProcessesByName("WerFault"))
proc.Kill();
Thread.Sleep(3000);
}
});
werKiller.IsBackground = true;
werKiller.Start();
This is still not completely bullet-proof though, because a console application may crash via a different error message, apparently displayed by an internal function called NtRaiseHardError:
The only solution is to catch all exceptions at a very high level (for each thread) and terminate the application properly (or perform another action).
This is the only way to prevent the exception from escaping your app and activating WER.
Addition:
If the exception is something you do not except to happen you can use an AssertNoThrow(NUnit) or alike in another Unit Test framework to enclose the code firing the child processes. This way you would also get it into your Unit test report. This is in my opinion the cleanest possible solution I can think of.
Addition2:
As the comments below show, I was mistaken: you cannot always catch the asynchronous exceptions, it depends on what the environment allows. In .NET some exceptions are prevented from being caught, what makes my idea worthless in this case...
For .NET: There are complicated workarounds involving the use of AppDomains, leading to an unload of an AppDomain instead of a crash of the whole application. Too bad...
http://www.bluebytesoftware.com/blog/PermaLink,guid,223970c3-e1cc-4b09-9d61-99e8c5fae470.aspx
http://www.develop.com/media/pdfs/developments_archive/AppDomains.pdf
EDIT:
I finally got it. With .NET 4.0 You can add the HandleProcessCorruptedStateExceptions attribute from System.Runtime.ExceptionServices to the method containing the try/catch block. This really worked! Maybe not recommended but works.
using System;
using System.Reflection;
using System.Runtime.InteropServices;
using System.Runtime.ExceptionServices;
namespace ExceptionCatching
{
public class Test
{
public void StackOverflow()
{
StackOverflow();
}
public void CustomException()
{
throw new Exception();
}
public unsafe void AccessViolation()
{
byte b = *(byte*)(8762765876);
}
}
class Program
{
[HandleProcessCorruptedStateExceptions]
static void Main(string[] args)
{
Test test = new Test();
try {
//test.StackOverflow();
test.AccessViolation();
//test.CustomException();
}
catch
{
Console.WriteLine("Caught.");
}
Console.WriteLine("End of program");
}
}
}
Try setting
HKCU\Software\Microsoft\Windows\Windows Error Reporting\DontShowUI
to 1. (You can also set the same key in HKLM, but you need admin privs to do that.)
This should prevent WER from showing any UI.