windbg中怎么得到exception record的地址

Question

在Windbg中用".exr -1"可以取到最后一次例外发生时的exception record。

现在想得到最后一次例外发生时的exception record的地址进行分析。

该用什么命令和方法，请知道的达人指教。

Answer 1

你好，

EXCEPTION_POINTERS 这个结构体中包含了EXCEPTION的地址信息。你可以尝试一下下面的方法，详细信息请看链接：

dd命令后面的地址是指向异常结构(EXCEPTION_POINTERS)的指针。

.Exr后面的地址,是异常结构里面的第一个DWORD字节，代表exception record，里面就会包括ExceptionAddress

1. 0:120> dd 09a8f66c
2. 0:120> .exr 09a8f738

ExceptionAddress: 78011f32 (MSVCRT!strnicmp+0x00000092)

ExceptionCode: c0000005

ExceptionFlags: 00000000

https://support.microsoft.com/en-us/kb/313109

https://msdn.microsoft.com/en-us/library/windows/desktop/ms679331(v=vs.85).aspx

---

We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time. Thanks for helping make community forums a great place.
Click HERE to participate the survey.

Answer 2

另外补充一下：

0:034> .exr -1
ExceptionAddress: 00423209 (ABC+0x00023209)
   ExceptionCode: c0000005 (Access violation)
  ExceptionFlags: 00000000
NumberParameters: 2
   Parameter[0]: 00000000
   Parameter[1]: 20202014
Attempt to read from address 20202014

Answer 3

Hi

关于WER生成的DUMP文件的形式，我们可以在WER Settings 中去设置它,下面的指令就可以得到值，具体信息你可以看一下下面链接

RuntimeExceptionHelperModules![ pwszOutOfProcessCallbackDll name including path]

REG_DWORD

The contents of the value are ignored.

The name of the value is used to fetch the pwszOutOfProcessCallbackDll value

          https://msdn.microsoft.com/en-us/library/windows/desktop/bb513638(v=vs.85).aspx