/*++
Copyright (c) 2000 Microsoft Corporation
Module Name:
IgnoreException.cpp
Abstract:
This shim is for handling exceptions that get thrown by bad apps.
The primary causes of unhandled exceptions are:
1. Priviliged mode instructions: cli, sti, out etc
2. Access violations
In most cases, ignoring an Access Violation will be fatal for the app,
but it works in some cases, eg:
Deer Hunter 2 - their 3d algorithm reads too far back in a lookup
buffer. This is a game bug and doesn't crash win9x because that memory
is usually allocated.
Interstate 76 also requires a Divide by Zero exception to be ignored.
Notes:
This is a general purpose shim.
History:
02/10/2000 linstev Created
10/17/2000 maonis Bug fix - now it ignores AVs correctly.
02/27/2001 robkenny Converted to use CString
--*/
#include "precomp.h"
IMPLEMENT_SHIM_BEGIN(IgnoreException)
#include "ShimHookMacro.h"
APIHOOK_ENUM_BEGIN
APIHOOK_ENUM_END
// Exception code for OutputDebugString
#define DBG_EXCEPTION 0x40010000L
// Determine how to manage second chance exceptions
BOOL g_bWin2000 = FALSE;
DWORD g_dwLastEip = 0;
extern DWORD GetInstructionLengthFromAddress(LPBYTE pEip);
/*++
This is the list of all the exceptions that this shim can handle. The fields are
1. cName - the name of the exception as accepted as a parameter and
displayed in debug spew
2. dwCode - the exception code
3. dwSubCode - parameters specified by the exception: -1 = don't care
4. dwIgnore - ignore this exception:
0 = don't ignore
1 = ignore 1st chance
2 = ignore 2nd chance
3 = exit process on 2nd chance.
--*/
typedef enum
{
eActive = 0,
eFirstChance,
eSecondChance,
eExitProcess
} EMODE;
WCHAR * ToWchar(EMODE emode)
{
switch (emode)
{
case eActive:
return L"Active";
case eFirstChance:
return L"FirstChance";
case eSecondChance:
return L"SecondChance";
case eExitProcess:
return L"ExitProcess";
};
return L"ERROR";
}
// Convert a text version of EMODE to a EMODE value
EMODE ToEmode(const CString & csMode)
{
if (csMode.Compare(L"0") == 0 || csMode.Compare(ToWchar(eActive)) == 0)
{
return eActive;
}
else if (csMode.Compare(L"1") == 0 || csMode.Compare(ToWchar(eFirstChance)) == 0)
{
return eFirstChance;
}
else if (csMode.Compare(L"2") == 0 || csMode.Compare(ToWchar(eSecondChance)) == 0)
{
return eSecondChance;
}
else if (csMode.Compare(L"3") == 0 || csMode.Compare(ToWchar(eExitProcess)) == 0)
{
return eExitProcess;
}
// Default value
return eFirstChance;
}
struct EXCEPT
{
WCHAR * cName;
DWORD dwCode;
DWORD dwSubCode;
EMODE dwIgnore;
};
static EXCEPT g_eList[] =
{
{L"ACCESS_VIOLATION_READ" , (DWORD)EXCEPTION_ACCESS_VIOLATION , 0 , eActive},
{L"ACCESS_VIOLATION_WRITE" , (DWORD)EXCEPTION_ACCESS_VIOLATION , 1 , eActive},
{L"ARRAY_BOUNDS_EXCEEDED" , (DWORD)EXCEPTION_ARRAY_BOUNDS_EXCEEDED , -1, eActive},
{L"BREAKPOINT" , (DWORD)EXCEPTION_BREAKPOINT , -1, eActive},
{L"DATATYPE_MISALIGNMENT" , (DWORD)EXCEPTION_DATATYPE_MISALIGNMENT , -1, eActive},
{L"FLT_DENORMAL_OPERAND" , (DWORD)EXCEPTION_FLT_DENORMAL_OPERAND , -1, eActive},
{L"FLT_DIVIDE_BY_ZERO" , (DWORD)EXCEPTION_FLT_DIVIDE_BY_ZERO , -1, eActive},
{L"FLT_INEXACT_RESULT" , (DWORD)EXCEPTION_FLT_INEXACT_RESULT , -1, eActive},
{L"FLT_INVALID_OPERATION" , (DWORD)EXCEPTION_FLT_INVALID_OPERATION , -1, eActive},
{L"FLT_OVERFLOW" , (DWORD)EXCEPTION_FLT_OVERFLOW , -1, eActive},
{L"FLT_STACK_CHECK" , (DWORD)EXCEPTION_FLT_STACK_CHECK , -1, eActive},
{L"FLT_UNDERFLOW" , (DWORD)EXCEPTION_FLT_UNDERFLOW , -1, eActive},
{L"ILLEGAL_INSTRUCTION" , (DWORD)EXCEPTION_ILLEGAL_INSTRUCTION , -1, eActive},
{L"IN_PAGE_ERROR" , (DWORD)EXCEPTION_IN_PAGE_ERROR , -1, eActive},
{L"INT_DIVIDE_BY_ZERO" , (DWORD)EXCEPTION_INT_DIVIDE_BY_ZERO , -1, eActive},
{L"INT_OVERFLOW" , (DWORD)EXCEPTION_INT_OVERFLOW , -1, eActive},
{L"INVALID_DISPOSITION" , (DWORD)EXCEPTION_INVALID_DISPOSITION , -1, eActive},
{L"NONCONTINUABLE_EXCEPTION" , (DWORD)EXCEPTION_NONCONTINUABLE_EXCEPTION, -1, eActive},
{L"PRIV_INSTRUCTION" , (DWORD)EXCEPTION_PRIV_INSTRUCTION , -1, eFirstChance},
{L"SINGLE_STEP" , (DWORD)EXCEPTION_SINGLE_STEP , -1, eActive},
{L"STACK_OVERFLOW" , (DWORD)EXCEPTION_STACK_OVERFLOW , -1, eActive},
{L"INVALID_HANDLE" , (DWORD)EXCEPTION_INVALID_HANDLE , -1, eActive}
};
#define ELISTSIZE sizeof(g_eList) / sizeof(g_eList[0])
/*++
Custom exception handler.
--*/
LONG
ExceptionFilter(
struct _EXCEPTION_POINTERS *ExceptionInfo
)
{
DWORD dwCode = ExceptionInfo->ExceptionRecord->ExceptionCode;
if ((dwCode & DBG_EXCEPTION) == DBG_EXCEPTION) // for the DebugPrints
{
return EXCEPTION_CONTINUE_SEARCH;
}
CONTEXT *lpContext = ExceptionInfo->ContextRecord;
WCHAR szException[64];
BOOL bIgnore = FALSE;
//
// Run the list of exceptions to see if we're ignoring it
//
EXCEPT *pE = &g_eList[0];
for (int i = 0; i < ELISTSIZE; i++, pE++)
{
// Matched the major exception code
if (dwCode == pE->dwCode)
{
// See if we care about the subcode
if ((pE->dwSubCode != -1) &&
(ExceptionInfo->ExceptionRecord->ExceptionInformation[0] != pE->dwSubCode))
{
continue;
}
wcscpy(szException, pE->cName);
// Determine how to handle the exception
switch (pE->dwIgnore)
{
case eActive:
bIgnore = FALSE;
break;
case eFirstChance:
bIgnore = TRUE;
break;
case eSecondChance:
bIgnore = g_bWin2000 || (g_dwLastEip == lpContext->Eip);
g_dwLastEip = lpContext->Eip;
break;
case eExitProcess:
// Try using unhandled exception filters to catch this
bIgnore = TRUE;//g_bWin2000 || IsBadCodePtr((FARPROC)lpContext->Eip);
if (bIgnore)
{
ExitProcess(0);
TerminateProcess(GetCurrentProcess(), 0);
}
g_dwLastEip = lpContext->Eip;
break;
}
if (bIgnore) break;
}
}
//
// Dump out the exception
//
DPFN( eDbgLevelWarning, "Exception %S (%08lx)\n",
szException,
dwCode);
#ifdef DBG
DPFN( eDbgLevelWarning, "eip=%08lx\n",
lpContext->Eip);
DPFN( eDbgLevelWarning, "eax=%08lx, ebx=%08lx, ecx=%08lx, edx=%08lx\n",
lpContext->Eax,
lpContext->Ebx,
lpContext->Ecx,
lpContext->Edx);
DPFN( eDbgLevelWarning, "esi=%08lx, edi=%08lx, esp=%08lx, ebp=%08lx\n",
lpContext->Esi,
lpContext->Edi,
lpContext->Esp,
lpContext->Ebp);
DPFN( eDbgLevelWarning, "cs=%04lx, ss=%04lx, ds=%04lx, es=%04lx, fs=%04lx, gs=%04lx\n",
lpContext->SegCs,
lpContext->SegSs,
lpContext->SegDs,
lpContext->SegEs,
lpContext->SegFs,
lpContext->SegGs);
#endif
LONG lRet;
if (bIgnore)
{
if ((DWORD)lpContext->Eip <= (DWORD)0xFFFF)
{
LOGN( eDbgLevelError, "[ExceptionFilter] Exception %S (%08X), stuck at bad address, killing current thread.", szException, dwCode);
lRet = EXCEPTION_CONTINUE_SEARCH;
return lRet;
}
LOGN( eDbgLevelWarning, "[ExceptionFilter] Exception %S (%08X) ignored.", szException, dwCode);
lpContext->Eip += GetInstructionLengthFromAddress((LPBYTE)lpContext->Eip);
g_dwLastEip = 0;
lRet = EXCEPTION_CONTINUE_EXECUTION;
}
else
{
DPFN( eDbgLevelWarning, "Exception NOT handled\n\n");
lRet = EXCEPTION_CONTINUE_SEARCH;
}
return lRet;
}
/*++
Parse the command line for particular exceptions. The format of the command
line is:
[EXCEPTION_NAME[:0|1|2]];[EXCEPTION_NAME[:0|1|2]]...
or "*" which ignores all first chance exceptions.
Eg:
ACCESS_VIOLATION:2;PRIV_INSTRUCTION:0;BREAKPOINT
Will ignore:
1. Access violations - second chance
2. Priviliged mode instructions - do not ignore
3. Breakpoints - ignore
--*/
BOOL
ParseCommandLine(
LPCSTR lpCommandLine
)
{
CSTRING_TRY
{
CStringToken csTok(lpCommandLine, L" ;");
int iLast = -1;
//
// Run the string, looking for exception names
//
CString token;
// Each cl token may be followed by a : and an exception type
// Forms can be:
// *
// *:SecondChance
// INVALID_DISPOSITION
// INVALID_DISPOSITION:Active
// INVALID_DISPOSITION:0
//
while (csTok.GetToken(token))
{
CStringToken csSingleTok(token, L":");
CString csExcept;
CString csType;
// grab the exception name and the exception type
csSingleTok.GetToken(csExcept);
csSingleTok.GetToken(csType);
// Convert ignore value to emode (defaults to eFirstChance)
EMODE emode = ToEmode(csType);
if (token.Compare(L"*") == 0)
{
for (int i = 0; i < ELISTSIZE; i++)
{
g_eList[i].dwIgnore = emode;
}
}
else
{
// Find the exception specified
for (int i = 0; i < ELISTSIZE; i++)
{
if (csExcept.CompareNoCase(g_eList[i].cName) == 0)
{
g_eList[i].dwIgnore = emode;
break;
}
}
}
}
}
CSTRING_CATCH
{
return FALSE;
}
//
// Dump results of command line parse
//
DPFN( eDbgLevelInfo, "===================================\n");
DPFN( eDbgLevelInfo, " Ignore Exception \n");
DPFN( eDbgLevelInfo, "===================================\n");
DPFN( eDbgLevelInfo, " 1 = First chance \n");
DPFN( eDbgLevelInfo, " 2 = Second chance \n");
DPFN( eDbgLevelInfo, " 3 = ExitProcess on second chance \n");
DPFN( eDbgLevelInfo, "-----------------------------------\n");
for (int i = 0; i < ELISTSIZE; i++)
{
if (g_eList[i].dwIgnore != eActive)
{
DPFN( eDbgLevelInfo, "%S %S\n", ToWchar(g_eList[i].dwIgnore), g_eList[i].cName);
}
}
DPFN( eDbgLevelInfo, "-----------------------------------\n");
return TRUE;
}
/*++
Register hooked functions
--*/
BOOL
NOTIFY_FUNCTION(
DWORD fdwReason)
{
if (fdwReason == DLL_PROCESS_ATTACH)
{
// Run the command line to check for adjustments to defaults
if (!ParseCommandLine(COMMAND_LINE))
{
return FALSE;
}
// Try to find new exception handler
_pfn_RtlAddVectoredExceptionHandler pfnExcept;
pfnExcept = (_pfn_RtlAddVectoredExceptionHandler)
GetProcAddress(
GetModuleHandle(L"NTDLL.DLL"),
"RtlAddVectoredExceptionHandler");
if (pfnExcept)
{
(_pfn_RtlAddVectoredExceptionHandler) pfnExcept(
0,
(PVOID)ExceptionFilter);
g_bWin2000 = FALSE;
}
else
{
// Windows 2000 reverts back to the old method which unluckily
// doesn't get called for C++ exceptions
SetUnhandledExceptionFilter(ExceptionFilter);
g_bWin2000 = TRUE;
}
}
return TRUE;
}
HOOK_BEGIN
CALL_NOTIFY_FUNCTION
HOOK_END
IMPLEMENT_SHIM_END