.I have written a small debugger in C++ using CreateProcessA with CREATE_SUSPENDED | DEBUG_PROCESS flag set and WaitForDebugEvent APIs. I am able to handle all types of events occuring like dll load/unload , exceptions etc. But there seems to be a problem with EXCEPTION_ACCESS_VIOLATION when the debugged process has an exception handler attached.. at this point i keep getting the EXCEPTION_ACCESS_VIOLATION continually whereas i want the debugged process to continue with its excetion handler.
here is the code for debugged process:
int main()
{
DWORD handler = (DWORD)_except_handler;
__asm
{ // Build EXCEPTION_REGISTRATION record:
push handler // Address of handler function
push FS:[0] // Address of previous handler
mov FS:[0],ESP // Install new EXECEPTION_REGISTRATION
}
__asm
{
mov eax,0 // Zero out EAX
mov [eax], 1 // Write to EAX to deliberately cause a fault
}
printf( "After writing!\n" );
__asm
{ // Remove our EXECEPTION_REGISTRATION record
mov eax,[ESP] // Get pointer to previous record
mov FS:[0], EAX // Install previous record
add esp, 8 // Clean our EXECEPTION_REGISTRATION off stack
}
return 0;
}
This exception handler sets right address for eax and the process executes fine when run alone.
what i want to know is that is there any manual way/procedure to tell the debugged process to search its own handler and run it?
Also, when run in olly with ignoring exceptions, the process runs perfectly fine.
Help needed.
![[+] expand](/imagery/files/soysauce_blueprint.gif){kind=link}