Menu
How can I set all exceptions behavior to pass to application and not appear in debugger?
I'm using IDA Pro 6.6 and WinDbg.
934
However, if there are new exception codes in WinDbg, you have to add them to the .echo command. Show activity on this post. In Windbg the sx family of commands is used to control how exceptions should be handled. For passing an exception directly to the application, use the sxd command which disable a specific exception.
This cheat sheet / mini guide will be updated as I do new stuff with WinDbg. To use windbg, you have to install the Windows Debugging Tools. I recommend to install Windbg Preview from the Windows Store. Create a VM in Vmware Workstation and install Windows from ISO. When setting up a VM for debugging, it's useful to disable Windows Defender.
For passing an exception directly to the application, use the sxd command which disable a specific exception. (Actually disable mean ignore first chance exception) To my knowledge, you must use sxd on all specific exceptions, because sxd * means all exceptions that are not otherwise explicitly named.
Adding an Exception to the Windows Firewall To add an exception to the Windows Firewall, follow these steps: Click on the Windows Start button, then type Control Panelinto the search box, and then press the Enterkey. In Control Panel, click on the System and Security. The System and Securitydialog box will be displayed.
It's a bit awkward to do that for all exception types at once
.foreach(exc {sx}) {.catch{sxd ${exc}}}
What it does:
{sx}: list all exception types (and current settings, which you actually don't want)exc: assign a variable.foreach(...) {...}: cut it into pieces of single words and execute a commandsxd ${exc}: disable whatever is in variable exc
.catch{...}: ignore all the error messages which come from the settings informationThe advantage of the above approach is that it is WinDbg version independent. If new exception codes are introduced, it will still work.
Processing of unwanted text can be avoided with PyKd. Save the following script into a file sdx.py and run !py sxd.py:
from pykd import *
sx = dbgCommand("sx")
for s in sx.splitlines():
ex = s[:4]
if not ex=="" or ex.isspace():
print("sxd "+ex)
dbgCommand("sxd "+ex)
Another option is processing all the exceptions manually:
.foreach(exc {.echo "ct et cpr epr ld ud ser ibp iml out av asrt aph bpe bpec eh clr clrn cce cc dm dbce gp ii ip dz iov ch hc lsq isc 3c svh sse ssec sbo sov vs vcpp wkd rto rtt wob wos *"}) {.catch{sxd ${exc}}}
However, if there are new exception codes in WinDbg, you have to add them to the .echo command.
189
In Windbg the sx family of commands is used to control how exceptions should be handled.
For passing an exception directly to the application, use the sxd command which disable a specific exception. (Actually disable mean ignore first chance exception) To my knowledge, you must use sxd on all specific exceptions, because sxd * means all exceptions that are not otherwise explicitly named.
Use the sx command to see the available exceptions and current settings. And use sxd on all you want to disable.
0:000> sx
ct - Create thread - ignore
et - Exit thread - ignore
cpr - Create process - ignore
<cut>
av - Access violation - break - not handled
0:000> sxd av
0:000> sx
ct - Create thread - ignore
et - Exit thread - ignore
<cut>
av - Access violation - second-chance break - not handled
The output is in my opinion a bit difficult to interpret; the av (access violation) will now not be handled by the debugger in any visible way.
The “Controlling Exceptions and Events” section in the help explains the first chance and second-chance concept.
29
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
