Results 1 to 5 of 5

Thread: help making ntice break on exception.

Hybrid View

  1. #1
    tinman
    Guest

    help making ntice break on exception.

    I am trying to get softice to break on exceptions. I have Windows 2000 Pro. I am writing programs that cause an exception. However, when run, my debugger does not break in. How can I make this happen? For example, the following code does not break when run (unless I load it in a debugger, and step thru it):

    int func(void);

    void main(void) {

    func();
    return;

    }

    int func(void) {
    char buffer[8];
    int i;

    for(i=0;i<2048;i++)
    buffer[i]='A';

    return 0;
    }

    Thanks in advance!
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  2. #2

    As Above

    In NT and kin, the exception handler (default, if not explicitly designed) is kicked off before the debugger breaks. That could be one reason why the debugger is not breaking on.

    Try compiling the executable to a minimal so that it does not insert the exception handler. Alternatively, break on the NT exception handler rather than SET FAULTS ON.

    Have Phun
    Blame Microsoft, get l337 !!

  3. #3
    tinman
    Guest

    how do I disable the excpt handler?

    Thank you Aimless,
    do you know how to turn off the NT exception handler? Or at least what to google for? I have searched for everything I can think of, but I can't find anything useful. I don't want just this program to break on exception, but all programs, the program posted was just for illustration. Do you know how to configure the NT exception handler to be the debugger of my choice?

    Thanks in advance.
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  4. #4

    As Above

    There are 2 paths to take:

    1. Use a SYSTEM debugger, like SoftICE (or)

    2. Use a Windows based debugger like (the powerful microsoft debugger - www.microsoft.com\ddk\debugging or OllyDbg)

    For the first case:
    ============

    1. Find a utility that dumps the exports from a particular .exe or .dll (like dumpbin, tdump, etc.)

    2. Run the utility on kernel32.dll to get a list of functions that the dll exports

    3. Search for ALL "exception" keywords

    4. Breakpoint on all of them (not that you need all, just unhandledexceptionhandler is enough, but just in case if you want to be exhaustive)

    5. The breakpoint will break when ANY program incurs the fault because ONLY and ONLY address below 80000000h (2 GB) is address-context sensitive.

    6. Continue as you would

    For the Second Case:
    ================

    1. Install your debugger and check that it works, just in case.

    2. When you are satisfied that the debugger indeed works, open the registry key using regedit.exe:

    \\HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\AeDebug for the entries named Debugger

    The value for the Debugger entry specifies the command for the debugger that will be used to analyze program errors (simply put, it will execute your debugger in the context of the failure).

    Note: its pretty useless to combine and use BOTH first and second cases.
    Stick with only one case.

    Have Phun
    Blame Microsoft, get l337 !!

  5. #5
    tinman
    Guest

    Thank you Aimless!

    That is exactly what I needed to know, thanks for you patience, hopefully soon I can start contributing to this board!
    I promise that I have read the FAQ and tried to use the Search to answer my question.

Similar Threads

  1. Loader making
    By w_a_r_1 in forum The Newbie Forum
    Replies: 12
    Last Post: July 13th, 2009, 14:42
  2. How about making a RE LiveCD?
    By Aquatic in forum Linux RCE
    Replies: 0
    Last Post: April 11th, 2006, 16:15
  3. break disabled after one break
    By hesho in forum The Newbie Forum
    Replies: 1
    Last Post: May 25th, 2005, 16:40
  4. ntice 4.27 on win2k sp4, cannot load advapi32.dll
    By homersux in forum Tools of Our Trade (TOT) Messageboard
    Replies: 3
    Last Post: May 19th, 2004, 12:40
  5. starforce3 and ntice under 2k
    By pasha in forum Tools of Our Trade (TOT) Messageboard
    Replies: 17
    Last Post: August 27th, 2003, 15:21

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •