Results 1 to 12 of 12

Thread: Exception handling

  1. #1
    Tapani
    Guest

    Exception handling

    Hi all,

    I am debugging an old game and have problems that on some machines the program (presumably) receives an exception from kernel32 and dies.

    However, running inside OllyDbg the game works on all machines, maybe since Olly by default intercepts exceptions from kernel32.

    Is there any way I can mod/patch the game to have a similar exception behaviour as it has under Olly? I do not have access to a machine where a crash can be reproduced.

    Any comments, advice, thoughts etc are welcome. :-)

    //Tapani
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  2. #2
    Midfielder comrade's Avatar
    Join Date
    Jun 2006
    Location
    United States
    Posts
    46

    Exception handling

    Go to Debugging options and set it to pass all exceptions to the program, except int3 breaks (cause you still want to set breakpoints).
    comrade (comrade64@live.com; http://comrade.ownz.com/)

  3. #3
    Tapani
    Guest

    Exception handling

    Thanks mate, but I know how to receive the exceptions inside Olly. I want the other way around :-)

    I would want the game to survive even if it receives an exception, just as if Olly had ignored the exception. Also, another of my pleasures is that the people having problems are non-techies and unwilling (unable) to do debugging for me, so I cannot really do proper debugging.

    Yeah, I know, it sucks to be me :-)

    //Tapani
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  4. #4
    Midfielder comrade's Avatar
    Join Date
    Jun 2006
    Location
    United States
    Posts
    46

    Exception handling

    Oh sorry, I haven't read your post completely before I replied.

    Are you sure the game breaks only from exceptions inside kernel32? It must be doing something funny with exception handling, because usually kernel32/ntdll exceptions are handled by kernel32/ntdll itself, and the exception is never seen by the game.

    Can you post the crash log that you get with Dr Watson?
    comrade (comrade64@live.com; http://comrade.ownz.com/)

  5. #5
    Lord_Looser
    Guest

    Exception handling

    First you should search for the calling function that leads to the exception. Perhaps sometimes there is a not allowed paramter (e.g. pointer NULL) handing over to the kernel32 function.
    If not you can
    1. write your own little loader/debugger or
    2. insert a DLL and use SetUnhandledExceptionFilter or
    3. insert a DLL and manipulate alls threads SEHs
    ...

    I think if the game is not protected you should think about it from top to bottom.
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  6. #6
    Tapani
    Guest

    Exception handling

    lord_looser:

    thank you for your advice, unfortunately I do not have access to any machine where I can reproduce the crash. I am solely dependant on less computer literate users patient enough to do debug tests.

    The capture all exceptions Olly-style was a fix-all solution without having to figure out why it crashed.



    comrade:

    I am not 100% sure it is from kernel32/ntdll. One user of mine has used purify on the exe, and for him it crashed in HeapFree .

    Another of my users sent me the following drwatson log. I have never deciphered one these before, but to me it seems like it crashes in ntdll (InitializeCriticalSection)

    Any advice is very, very welcome,

    //Tapani (I am sortof a windows newbie (been on linux way too long), so sorry if I have missed something obvious..)


    Application exception occurred:
    App: C:\Program Files\Championship Manager 01-02\cm0102.exe (pid=2204)
    When: 10/01/2006 @ 20:21:00.756
    Exception number: c0000005 (access violation)

    *----> System Information <----*
    Computer Name: CPQXXXXXXXXXXX
    User Name:
    Terminal Session Id: 0
    Number of Processors: 1
    Processor Type: x86 Family 6 Model 10 Stepping 0
    Windows Version: 5.1
    Current Build: 2600
    Service Pack: 2
    Current Type: Uniprocessor Free
    Registered Organization:
    Registered Owner:

    *----> Task List <----*
    0 System Process
    4 System
    500 smss.exe
    576 csrss.exe
    600 winlogon.exe
    644 services.exe
    656 lsass.exe
    796 svchost.exe
    860 svchost.exe
    900 svchost.exe
    960 svchost.exe
    1028 svchost.exe
    1288 spoolsv.exe
    1308 Explorer.EXE
    1392 Ati2evxx.exe
    1432 HPConfig.exe
    1472 HPWirelessMgr.exe
    1548 navapsvc.exe
    1720 SymWSC.exe
    152 alg.exe
    356 carpserv.exe
    444 OneTouch.EXE
    460 SynTPLpr.exe
    520 SynTPEnh.exe
    556 navapw32.exe
    752 Dragdiag.exe
    920 jusched.exe
    1056 MSMSGS.EXE
    1172 E_AICN03.EXE
    1632 NMBgMonitor.exe
    2676 ntvdm.exe
    2204 cm0102.exe
    3688 drwtsn32.exe
    3304 drwtsn32.exe

    *----> Module List <----*
    (0000000000400000 - 0000000000de7000: C:&#92;Program Files&#92;Championship Manager 01-02&#92;cm0102.exe
    (000000005ad70000 - 000000005ada8000: C:&#92;WINDOWS&#92;system32&#92;uxtheme.dll
    (000000005b0a0000 - 000000005b0a7000: C:&#92;WINDOWS&#92;system32&#92;umdmxfrm.dll
    (000000005cd70000 - 000000005cd77000: C:&#92;WINDOWS&#92;system32&#92;serwvdrv.dll
    (000000005d090000 - 000000005d127000: C:&#92;WINDOWS&#92;system32&#92;COMCTL32.dll
    (00000000629c0000 - 00000000629c9000: C:&#92;WINDOWS&#92;system32&#92;LPK.DLL
    (0000000063000000 - 0000000063014000: C:&#92;WINDOWS&#92;system32&#92;SynTPFcs.dll
    (0000000071aa0000 - 0000000071aa8000: C:&#92;WINDOWS&#92;system32&#92;WS2HELP.dll
    (0000000071ab0000 - 0000000071ac7000: C:&#92;WINDOWS&#92;system32&#92;WS2_32.dll
    (0000000071ad0000 - 0000000071ad9000: C:&#92;WINDOWS&#92;system32&#92;WSOCK32.dll
    (0000000073000000 - 0000000073026000: C:&#92;WINDOWS&#92;system32&#92;WINSPOOL.DRV
    (0000000073760000 - 00000000737a9000: C:&#92;WINDOWS&#92;system32&#92;DDRAW.dll
    (0000000073bc0000 - 0000000073bc6000: C:&#92;WINDOWS&#92;system32&#92;DCIMAN32.dll
    (0000000073f10000 - 0000000073f6c000: C:&#92;WINDOWS&#92;system32&#92;DSOUND.dll
    (0000000074d90000 - 0000000074dfb000: C:&#92;WINDOWS&#92;system32&#92;USP10.dll
    (00000000763b0000 - 00000000763f9000: C:&#92;WINDOWS&#92;system32&#92;comdlg32.dll
    (0000000076b40000 - 0000000076b6d000: C:&#92;WINDOWS&#92;system32&#92;WINMM.dll
    (00000000773d0000 - 00000000774d2000: C:&#92;WINDOWS&#92;WinSxS&#92;x86_Microsoft.Windows.Common-Controls_6595b64144ccf1 df_6.0.2600.2180_x-ww_a84f1ff9&#92;comctl32.dll
    (00000000774e0000 - 000000007761d000: C:&#92;WINDOWS&#92;system32&#92;ole32.dll
    (0000000077b40000 - 0000000077b62000: C:&#92;WINDOWS&#92;system32&#92;Apphelp.dll
    (0000000077c00000 - 0000000077c08000: C:&#92;WINDOWS&#92;system32&#92;VERSION.dll
    (0000000077c10000 - 0000000077c68000: C:&#92;WINDOWS&#92;system32&#92;msvcrt.dll
    (0000000077d40000 - 0000000077dd0000: C:&#92;WINDOWS&#92;system32&#92;USER32.dll
    (0000000077dd0000 - 0000000077e6b000: C:&#92;WINDOWS&#92;system32&#92;ADVAPI32.dll
    (0000000077e70000 - 0000000077f01000: C:&#92;WINDOWS&#92;system32&#92;RPCRT4.dll
    (0000000077f10000 - 0000000077f57000: C:&#92;WINDOWS&#92;system32&#92;GDI32.dll
    (0000000077f60000 - 0000000077fd6000: C:&#92;WINDOWS&#92;system32&#92;SHLWAPI.dll
    (000000007c800000 - 000000007c8f4000: C:&#92;WINDOWS&#92;system32&#92;kernel32.dll
    (000000007c900000 - 000000007c9b0000: C:&#92;WINDOWS&#92;system32&#92;ntdll.dll
    (000000007c9c0000 - 000000007d1d5000: C:&#92;WINDOWS&#92;system32&#92;SHELL32.dll

    *----> State Dump for Thread Id 0x4e4 <----*

    eax=0be54ad0 ebx=01400000 ecx=00000048 edx=00000146 esi=0be54ac8 edi=0be54b20
    eip=7c911e58 esp=0012fa08 ebp=0012fa14 iopl=0 nv up ei pl zr na po nc
    cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000246

    *** ERROR: Symbol file could not be found. Defaulted to export symbols for C:&#92;WINDOWS&#92;system32&#92;ntdll.dll -
    function: ntdll!RtlInitializeCriticalSection
    7c911e3c 000f add [edi],cl
    7c911e3e 87ee xchg esi,ebp
    7c911e40 ed in eax,dx
    7c911e41 ffff ???
    7c911e43 807d1400 cmp byte ptr [ebp+0x14],0x0
    7c911e47 0f85977a0300 jne ntdll!RtlInitializeSListHead+0x108d4 (7c9498e4)
    7c911e4d 8b4e0c mov ecx,[esi+0xc]
    7c911e50 8d4608 lea eax,[esi+0x8]
    7c911e53 8b10 mov edx,[eax]
    7c911e55 894d08 mov [ebp+0x8],ecx
    FAULT ->7c911e58 8b09 mov ecx,[ecx] ds:0023:00000048=????????
    7c911e5a 3b4a04 cmp ecx,[edx+0x4]
    7c911e5d 89550c mov [ebp+0xc],edx
    7c911e60 0f859d000000 jne ntdll!RtlInitializeCriticalSection+0x3d6 (7c911f03)
    7c911e66 3bc8 cmp ecx,eax
    7c911e68 0f8595000000 jne ntdll!RtlInitializeCriticalSection+0x3d6 (7c911f03)
    7c911e6e 56 push esi
    7c911e6f 53 push ebx
    7c911e70 e81fedffff call ntdll!wcsncpy+0x105 (7c910b94)
    7c911e75 8b450c mov eax,[ebp+0xc]
    7c911e78 8b4d08 mov ecx,[ebp+0x8]

    *----> Stack Back Trace <----*
    WARNING: Stack unwind information not available. Following frames may be wrong.
    *** WARNING: Unable to verify checksum for C:&#92;Program Files&#92;Championship Manager 01-02&#92;cm0102.exe
    *** ERROR: Module load completed but symbols could not be loaded for C:&#92;Program Files&#92;Championship Manager 01-02&#92;cm0102.exe
    ChildEBP RetAddr Args to Child
    0012fa14 7c910d5c 00000048 0be54b20 0012facc ntdll!RtlInitializeCriticalSection+0x32b
    0012fae8 00945330 01400000 00000000 0be54b28 ntdll!wcsncpy+0x2cd
    0012fb04 00777564 0be54b28 00000118 00ae2c90 cm0102+0x545330
    0be8d02d 00000000 61117401 61206120 61206120 cm0102+0x377564

    *----> Raw Stack Dump <----*
    000000000012fa08 00 00 40 01 20 4b e5 0b - 01 00 00 00 e8 fa 12 00 ..@. K..........
    000000000012fa18 5c 0d 91 7c 48 00 00 00 - 20 4b e5 0b cc fa 12 00 &#92;..|H... K......
    000000000012fa28 00 00 00 00 56 e2 e9 0b - 28 4b e5 0b 03 00 00 00 ....V...(K......
    000000000012fa38 00 00 b6 01 ca 0e 91 7c - 00 24 50 01 78 01 40 01 .......|.&#036;P.x.@.
    000000000012fa48 6d 05 91 7c 60 52 7f 11 - e0 6d 6d 11 08 24 50 01 m..|`R...mm..&#036;P.
    000000000012fa58 00 00 b6 01 a0 2a 4d 01 - d8 6d 6d 11 90 69 73 11 .....*M..mm..is.
    000000000012fa68 01 00 00 00 e8 d6 4c 01 - 2a 72 00 00 03 2f c3 0d ......L.*r.../..
    000000000012fa78 00 00 00 00 00 00 00 00 - a8 01 40 01 98 69 73 11 ..........@..is.
    000000000012fa88 30 00 00 00 00 00 00 00 - 38 d1 ed 0b 50 82 e9 0b 0.......8...P...
    000000000012fa98 d0 01 40 01 a8 83 f4 0b - 08 00 00 00 a8 61 e7 0b ..@..........a..
    000000000012faa8 68 11 00 00 d0 01 40 01 - 00 00 40 01 48 ca ea 0b h.....@...@.H...
    000000000012fab8 50 fb 12 00 00 00 00 00 - 00 00 00 00 00 00 00 00 P...............
    000000000012fac8 98 a3 01 00 06 00 00 00 - 2c fa 12 00 2c f6 12 00 ........,...,...
    000000000012fad8 88 fb 12 00 18 ee 90 7c - 70 05 91 7c 01 00 00 00 .......|p..|....
    000000000012fae8 04 fb 12 00 30 53 94 00 - 00 00 40 01 00 00 00 00 ....0S....@.....
    000000000012faf8 28 4b e5 0b 5b e2 e9 0b - 00 4b e5 0b 2d d0 e8 0b (K..[....K..-...
    000000000012fb08 64 75 77 00 28 4b e5 0b - 18 01 00 00 90 2c ae 00 duw.(K.......,..
    000000000012fb18 00 00 00 00 48 ca ea 0b - 98 df 95 03 50 06 00 00 ....H.......P...
    000000000012fb28 0a 00 00 00 da b5 76 00 - 40 b5 d6 0c 2a 72 00 00 ......v.@...*r..
    000000000012fb38 03 2f c3 0d 00 00 00 00 - 03 00 d5 07 00 00 00 00 ./..............
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  7. #7
    Lord_Looser
    Guest

    Exception handling

    Your exception occurs at eip=7c911e58. It's a memory access violation within
    (000000007c900000 - 000000007c9b0000: C:&#92;WINDOWS&#92;system32&#92;ntdll.dll.
    The most important suff are the satck back trace entries:
    ChildEBP RetAddr Args to Child
    0012fa14 7c910d5c 00000048 0be54b20 0012facc ntdll!RtlInitializeCriticalSection+0x32b
    0012fae8 00945330 01400000 00000000 0be54b28 ntdll!wcsncpy+0x2cd
    0012fb04 00777564 0be54b28 00000118 00ae2c90 cm0102+0x545330
    0be8d02d 00000000 61117401 61206120 61206120 cm0102+0x377564

    http://msdn.microsoft.com/library/en-us/vccore98/HTML/_crt_strncpy.2c_ .wcsncpy.2c_._mbsncpy.asp?frame=true


    Check the parameters of this function within your programm above eip=00945330 and others before calling these.

    ChildEBP=0012fae8
    RetAddr=00945330
    *strDest=01400000
    *strSource=00000000
    count=0be54b28
    ntdll!wcsncpy+0x2cd
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  8. #8
    Lord_Looser
    Guest

    Exception handling

    hm, if I see it correct it isn't involve in the function ntdll!wcsncpy.
    Ollydbg calls it ntdll.RtlpDeCommitFreeBlock + 0x1A8 with my installed symbols.

    https://www.xfocus.net/bbs/index.php?act=ST&f=2&t=34352&page=2

    RtlFreeHeap calls RtlpDeCommitFreeBlock( Heap, (PHEAP_FREE_ENTRY)BusyBlock, FreeSize );
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  9. #9
    Tapani
    Guest

    Exception handling

    Thank you very much!

    Things start to falling in place:
    0012fb04 00777564 0be54b28 00000118 00ae2c90 cm0102+0x545330
    0be8d02d 00000000 61117401 61206120 61206120 cm0102+0x377564

    The addresses there correspond to a call from the memory deallocation wrapper the game uses. (Using HeapFree). Unfortunately, this wrapper is used all the time by the game so I'll have to try to see what I find in the raw stack dump. It seems clear now that the game is freeing some memory it shouldn't free and that's the reason to all the evil.

    Once more, thank you very much for your help.

    //Tapani
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  10. #10
    Lord_Looser
    Guest

    Exception handling

    Have you installed the last game updates? Version 3.968 (only german?)
    http://www.champmaniacs.de/gdoffi.html
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  11. #11
    Tapani
    Guest

    Exception handling

    Thanks for the patch link, but I already have the last official 3.9.68 update.

    The problem seems more deep-going than I thought. It seems that after some point any call to HeapFree will crash, so it seems like something that has corrupted the memory allocator (maybe a bad free?).

    Is anyone aware of a tool for Windows that can debug memory allocation cerrors similar to Valgrind on Linux? I have already tried purify (the free two-week trial) and purify crashes with an "internal error" saying the compiler used is to create the .exe is not supported.

    Lord_Looser, apparently you know the game - what I am up to is creating a mod that updates the start year, leagues and does other improvements/bugfixes. I would be happy to hand out the beta version of this mod to anyone interested... ;-)

    //Tapani
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  12. #12
    Lord_Looser
    Guest

    Exception handling

    Sorry, but I don't know this game. I only google for this and found this too: http://www.sigames.com/downloads.php?type=game&id=9&filterBy=
    I promise that I have read the FAQ and tried to use the Search to answer my question.

Similar Threads

  1. Exception Handling and Debuggers
    By _genuine in forum Advanced Reversing and Programming
    Replies: 8
    Last Post: November 9th, 2009, 09:14
  2. Exception Probs
    By seanlim1 in forum OllyDbg Support Forums
    Replies: 1
    Last Post: February 6th, 2006, 17:38
  3. Exception Handling
    By Snej in forum Bugs
    Replies: 2
    Last Post: March 24th, 2004, 11:40
  4. Does As-Protect use "Exception handling"?
    By riPPadoGG in forum Malware Analysis and Unpacking Forum
    Replies: 3
    Last Post: December 14th, 2001, 03:23
  5. Exception Handler Howto ???
    By Malkocoglu in forum Advanced Reversing and Programming
    Replies: 5
    Last Post: May 31st, 2001, 13:26

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •