Debugging Stop 0x1E – Finding the Exception Record Address in the Stack

This is going to be a very short blog post, just to demonstrate how to find the Exception Record address in the stack, and how many times it seems to appear within the call stack. Interestingly, but not unsurprisingly, the exception code wasn’t passed to any of the exception handlers in the call stack.

The blue highlighting is the address of the exception record, and the green highlighting is the address of the trap frame which contains the last saved context.

The !exchain extension shows all the exception handlers in the call stack.

The _CONTEXT data structure can show us the saved registers from the trap frame. Please note I’ve omitted this data structure to the main registers.

Advertisements

About 0x14c

I'm a Computer Science student and writer. My primary interests are Graph Theory, Number Theory, Programming Language Theory, Logic and Windows Debugging.
This entry was posted in Debugging, Windows Internals. Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s