Questions tagged [exception]
The exception tag has no usage guidance.
37 questions
2
votes
1
answer
194
views
How to hook RuntimeException to prevent crashes?
I tried to find out how RuntimeException works internally in cs.android.com so I can understand how to prevent crashes but didn't find anything useful and I have no clue how to analyze components-...
- 137
2
votes
0
answers
53
views
Redirect exception handler?
I'm working on a localization project and have a few trampoline hooks to translate some text in an online game. Periodically throughout gameplay, there are checks that run in the background to ensure ...
2
votes
0
answers
70
views
Why output is disabled in console when using int3?
I am using NASM(2.15) assembler to generate code. But I am unable to figure out why it does not show output in the console(windows system) when using int3 - software breakpoint, it only shows output ...
- 461
2
votes
0
answers
417
views
Strange exception thrown while debugging in Win10, but not Win7
I am disassembling a legacy 32-bit (x86) application using IDA Home (7.6) (for x86 disassembly) in a 64-bit Windows 10 environment running in a virtual machine (VMWare Fusion for Mac). The application ...
- 121
2
votes
2
answers
1k
views
IDA PRO Hex-Rays try-catch
I've been working in IDA Pro with a project but there is an issue. Try-Catch statements don't look nice.
I've been searching and it seems like IDA does not support them so I was wondering if there is ...
- 197
2
votes
1
answer
230
views
How does Borland C++ 5 exception handling work?
So, I'm still working on reverse-engineering an 1996 game. I have cleared a lot of roadblocks, but one thing that continues to annoy me is exception handling and RTTI metadata.
There is a function ...
- 175
3
votes
1
answer
192
views
Determine if the function has try/catch statement via the static analysis
I need to determine if the function has exception handler via static analysis. Initially I thought that if there's SEH handler prolog in the function, then the function should have try /catch. I.e. I ...
- 1,860
1
vote
1
answer
528
views
Mono.Cecil throws SymbolsNotMatchingException, how to find out Method line number?
I tried to use a PDB file to map the Instructions to the Sequencepoints in Mono.Cecil and find out the line number of a method. But none of the answers in any forum seems to work, because no matter ...
1
vote
1
answer
778
views
IDA Unknown Exception Code 6F4
So basically I had set a breakpoint on a WINAPI function call. When I tried to run the program and step over the breakpoint, the program exits with the popup window: unknown exception code 6F4 (exc....
- 11
2
votes
2
answers
436
views
How to test and debug x86 Assembly exceptions in NASM?
I have seen all the exception "IDs" in the Intel Manuals, and just came across sandpile's exception guide, which actually shows some hexcodes. For example, "divide by zero error":
...
- 153
2
votes
1
answer
287
views
I can't set a hardware breakpoint on RIP + N-byte after calling NtContinue()
#include <Windows.h>
int handle_exception (EXCEPTION_POINTERS *exception_pointers) {
exception_pointers->ContextRecord->Rip += 4;
return EXCEPTION_CONTINUE_EXECUTION;
}
int main (...
- 131
2
votes
1
answer
1k
views
Is there a way to show exceptions handlers in Hex-Rays decompiler output?
Is there a way to show these exception handlers in the decompiled code?
I can't tell that a block is in a __try block without looking into the disassembly.
__int64 __fastcall ...
- 23
1
vote
1
answer
775
views
What is happening with these exceptions in OllyDbg?
I am trying to reverse engineer something which appears to purposely create exceptions as part of its logic. In the image below, there are multiple DIV EAX commands that generate division by 0 ...
- 113
4
votes
1
answer
514
views
GS Cookie and exception handlers
I'm trying to understand how this GS cookie implementation is working. From what I've read on the topic, a cookie is set during the prologue then checked again in the epilogue. Well I can see the ...
- 422
1
vote
1
answer
456
views
How to debug a crash in wow64.dll in 32bit process
I have a 32bit application and a few wrapper tools that I use one after another to inject code, hook system dll functions (using the patch-first-bytes-of-the-function-with-jump approach). Also I have ...
- 153
0
votes
1
answer
460
views
arm branch calculator
When I use this opcode 09E0 that mean B #0x12 that mean go to pc+0x12 .(relative address)
How can I jump with B to pc-0x12 (relative address)?
5
votes
1
answer
9k
views
Dealing with exceptions in x64dbg
I'm debugging a game and I often come across an exception (EXCEPTION_PRIV_INSTRUCTION)
The debugger pauses on the address where it stops, now I want to step over one command at a time but when I step ...
- 107
1
vote
2
answers
1k
views
Why the program can't write to specific memory area
I am working on Lab13-01.exe from "Practical Malware Analysis" (you can download it from here).
When I run it without debuggers in my VMWare it runs without errors.
I started to analyze it with ...
- 583
2
votes
1
answer
2k
views
how to overcome setunhandledexceptionfilter in ollyDebugger?
I am debugging a malware sample which is using setunhandledexceptionfilter() for anti-debugging. I don't know how to handle this.
Can you guys please explain the setunhandledexceptionfilter() anti-...
- 121
19
votes
1
answer
6k
views
What are the Vectored Continue Handlers
Practically everyone knows what Vectored Exception Handlers are, but I couldn't find a lot of information about the similar "Vectored Continue Handlers" and related functions I encountered today, such ...
- 11.8k
2
votes
1
answer
8k
views
Access violation when reading [OLLYDEBUG]
Any time I try to crack a program I get this error in olly:
What causes this error? How can I fix this?
If anyone has suggestion or advice that would be great. I already tried pressing F9 but that ...
- 21
1
vote
1
answer
2k
views
how to bypass exception to debug EXE
i am trying to debug and find the encryption password algorithm in a Windows Application.
Whenever i try to debug, setting a breakpoint or not, the application gives a exception:
is it some kind of ...
- 113
2
votes
1
answer
2k
views
Moving xmm0 onto the stack results in a access violation exception
Reversing an application that crashes at the last line of the following instructions:
sub rsp,68
mov qword ptr ss:[rsp+B0],rcx
mov qword ptr ss:[rsp+B8],rdx
mov qword ptr ss:[rsp+C0],r8
mov qword ptr ...
- 157
0
votes
1
answer
309
views
Is it possible to change the value of a register when a certain instruction is executed?
I was wondering if it was possible to change the value of a register when an instruction gets executed. For example
0x10 call eax
Say eax contains 0x20 at that point, I want to add 0x10 to it so ...
- 188
3
votes
1
answer
822
views
Win32 Structured Exception Handling in MS C++ - Mapping compiler code to assembly code
I am trying to read through Matt Pietrek article on "A Crash Course on the Depths of Win32 Structured Exception Handling" linked here. In the section titled Compiler-level SEH, he writes:
Now that ...
- 319
2
votes
4
answers
2k
views
Target application crashes when using ReadProcessMemory
I have an interesting application that seems to crash whenever a particular region of memory is read using ReadProcessMemory. I know it's not doing anything special with RPM because:
Injecting a DLL ...
- 153
1
vote
1
answer
2k
views
x64dbg and ollydbg error not enough memory
I wanted to debug an executable but I always receive one of the errors 'last or first chance' exception. The 'last error' label shows me this error : 00000008 (ERROR_NOT_ENOUGH_MEMORY). When I run the ...
- 115
3
votes
1
answer
5k
views
WinDBG. How to catch first-chance exceptions?
I have to catch first-chance exceptions occurring in user-mode application during kernel-mode debugging session.
I have written simple example application called Exceptions.exe:
int WINAPI WinMain(...
- 33
1
vote
2
answers
1k
views
Reversing PECompact packed code (How SEH works)
I'm currently reversing file that is packed with PECompact packer. I'm interested in actual algorithm how it unpacks itself rather than having unpacked file.
It uses SEH for modifying program flow. ...
- 849
1
vote
0
answers
677
views
Opening program via Ollydbg/Immunity in Win7 causes exception unless in XP Compatibility Mode
When opening the reverseme included with Lena's tutorials for debugging in either Immunity or Ollydbg an exception is produced within ntdll that results in termination of the process with code ...
2
votes
1
answer
2k
views
Adding exception range to IDA
I encountered a problem while trying to debug an application that raises an exception to stop the debugger.
How can I add an exception range, such as (00000000 - FFFFFFFF), in IDA as in Olly ?
- 340
1
vote
1
answer
6k
views
KiUserExceptionDispatcher hook
i am analyzing a piece of malware in which first the address to "KiUserExceptionDispatcher" is obtained(using the Export Name Table, going to Export Ordinal Table and then finally to Export Address ...
- 1,541
0
votes
1
answer
566
views
Monitoring Exceptions raised by an executable
Using tools like strace I can figure out the signals a program receives as it executes, regardless of whether or not signal handlers for those signals have been defined.
[EDIT]
In order to do the same ...
user1743
0
votes
1
answer
1k
views
Windows VEH - catch and discard a single step exception
In a 3rd party application I'm modifying by means of DLL injection, there's a chunk of code that throws an EXCEPTION_SINGLE_STEP exception if it detects changes to the code. To bypass this ...
- 595
2
votes
2
answers
755
views
Single step exception at the beginning of an unrelated function
I'm reversing an application and I know for a fact it employs CRC checks, so if I modify the code, for instance hooking something, it'll be detected. The application uses a DLL which I replaced with ...
- 595
2
votes
0
answers
286
views
How to include these exception handle symbols in x86 assembly code?
The test is on 32bit x86 Linux, with g++ 4.6.3.
So basically I use a IDA pro script to recover the .gcc_excpt_table and .eh_frame sections from binary compiled from C++ language.
Basically I want to ...
- 2,485
7
votes
1
answer
4k
views
How to recover the exception info from .gcc_except_table and .eh_handle sections?
For C++ program with try catch defined, when using g++ to compile it into assembly code (test is on x86 32bit Linux, g++ 4.6.3)
g++ -S cppexcept.cc
A specified section called .gcc_except_table is ...
- 2,485