From Collaborative RCE Tool Library
ExcpHook
| Tool name: | ExcpHook |
|
||
|---|---|---|---|---|
| Author: | Gynvael Coldwind | |||
| Website: | http://vexillium.org/?sec | |||
| Current version: | 0.0.4 | |||
| Last updated: | January 22, 2008 | |||
| Direct D/L link: | http://vexillium.org/dl.php?excphook004 | |||
| License type: | Free / Open Source | |||
| Description: | The source code / binary is also available as a part of http://code.google.com/p/openrce-snippets/ ExcpHook is an open source (see license.txt) Exception Monitor for Windows made by Gynvael Coldwind (Team Vexillium). Currently supported Windows versions: XP SP2 Please note that this is ALPHA version. It uses a ring0 driver to hook KiExceptionDispatch procedure to detect the exceptions, and then shows information about the exception on stdout (using the ring3 part of the program ofc). The difference between this method, and the standard debug API method it that this method monitors all of XP processes, and the program does not have to attach to any other process to monitor it, hence it's harder to detect. The ring0 code sucks. It does not BSoD at my place, but I cannot guarantee it won't BSoD at some other place. I'm really looking forward to comments regarding the ring0 code, especially constructive ones ;) The known bugs are: - The code tends to BSoD on multi CPU machines (will be fixed) Well, thats it, any comments are welcomed ;) Example of usage: >ExcpHook.exe excp_ ExcpHook Exception Monitor 0.0.4 by gynvael.coldwind//vx (use -h or --help for help) Filtering results only to ones containing "excp_" Loading driver...OK Opening device...OK Requesting info on driver...OK Driver: ExcpHook driver v0.0.1 by gynvael.coldwind//vx. Entering loop... press ctrl+c to exit --- Exception detected --- PID: 2016 First Chance: YES Exception code: 10000004 (KI_EXCEPTION_ACCESS_VIOLATION) Exception addr: 0040130a Image: D:\code\gynvael\BraveNewWorld\ExceptionCatch\excp_accviolw.exe Param count : 2 Params: 00000001 88776655 Access Violation Type : WRITE Accessed Memory Address: 88776655 Disconnecting from driver...OK Unloading driver...OK |
|||
| Related URLs: | No related URLs have been submitted for this tool yet | |||
Feed containing all updates for this tool.
(please also edit it if you think it fits well in some additional category, since this can also be controlled)