Exception Dispatching - PowerPoint PPT Presentation

About This Presentation

Title:

Exception Dispatching

Description:

CSRSS(Client/Server Run-Time Subsystem) ... WindowsSystem32Drwtsn32.exe. Not really a debugger. A postmortem tool. Activation ... – PowerPoint PPT presentation

Number of Views:175

Avg rating:3.0/5.0

Slides: 29

Provided by: yanl

Category:

more less

Transcript and Presenter's Notes

Title: Exception Dispatching

1

Exception Dispatching

2
Structured Exception Handling (1)

Windows introduced a facility known as structured
exception handling
When (exceptions occur)
Allows applications to gain control
Application can fix condition and
Return to the place the exception occurred,
Unwind the stack (terminating execution of the
subroutine that raised the exception),
Or declare back to the system that the exception
isnt recognized and the system should continue
searching for an exception handler that might
process the exception.

3
Structured Exception Handling (2)

Although exception handling is made accessible
through language extensions
It is a system mechanism
Not language-specific.
On x86
all exceptions have predefined interrupt numbers
that directly correspond to the entry in the
interrupt dispatch table (IDT).
Table on next page shows
x86-defined exceptions
Interrupt numbers
Because first entries of IDT are used for
exceptions
Hardware interrupts are assigned entries later

4
(No Transcript)
5
Exception Dispatcher

Many exceptions are serviced by kernel module --
exception dispatcher
Other simple exceptions are resolved by trap
handler.
Exception dispatchers job is to find an
exception handler to handle the exception.

6
Kernel Handle Exception

Kernel traps and handles exceptions to user
programs.
For example, encountering a breakpoint while
executing a program being debugged generates an
exception, which the kernel handles by calling
the debugger.
Kernel handles certain other exceptions by
returning unsuccessful state code to caller.

7
Stack Frame

A few exceptions are allowed to filter back,
untouched, to user mode.
For example, a memory access violation or an
arithmetic overflow generates an exception.
Environment subsystem
Establish frame-based exception handlers to deal
with these exceptions.
Frame-based refer to exception handlers
association with particular procedure activation.
When a procedure is invoked, a Stack frame
representing that activation of the procedure is
pushed onto the stack.
Stack frame can associating with some exception
handlers, each of which protects a particular
block of code in source program.
When exception occurs, kernel search for an
exception handler associated with current stack
frame, if none exist, kernel search for previous
one, and so on.
If still none exist, kernel call its own default
one.

8
Trap frame

When exception occurs, a chain of events begins
in kernel.
CPU hardware transfer control to kernel trap
handler, which create a trap frame.
if (exception is resolved)
Trap frame allow system to resume where if left
off.
Trap handler create an exception record
containing the reason for exception and relative
information.

9
Default exception handling

If exception occurred in kernel mode, exception
dispatcher call a routine to locate a frame-based
exception handler to handle it.
Unhandled kernel-mode exceptions are considered
fatal operating system errors, you can assume
dispatcher always finds an exception handler.
If it occurred in user mode, what exception
dispatcher does is more complex, youll see in
Chapter 6.
Windows subsystem has debugger port and exception
port to receive notification of user-mode
exceptions.
Kernel use these in its default exception
handling.

10
(No Transcript)
11
Exception Dispatcher (1)

Exception dispatchers first action
See whether process that incurred exception has
associated debugger process.
If (it does system is Windows 2000)
Exception dispatcher
Send first-chance debug message via local
procedure call (LPC) to the debugger port
associated with the process.
LPC message
Is sent to session manager process, which then
dispatches it to appropriate debugger process.
On Windows XP and Server 2003
Exception dispatcher send debugger object message
to debug object associated with process.

12
Exception Dispatcher (2)

If(No debugger process attached process
debugger doesnt handle exception)
Exception dispatcher
Switches into user mode
Copy trap frame to user stack formatted as a
CONTEXT data structure.
Call routine to find frame-based exception
handler.
If(none is found none handles the exception)
Exception dispatcher
Switches back into kernel mode
Call debugger to allow user to do more debugging.

13
Exception Dispatcher (3)

If(debugger isnt running no frame-based
handlers be found)
The kernel
Send message to exception port associated with
threads process.
Exception port
Registered by environment subsystem that controls
this thread.
Give the environment subsystem, which presumably
is listening at the port, the opportunity to
translate exception into environment-specific
signal or exception.
CSRSS(Client/Server Run-Time Subsystem)
Present message box notifying user of fault and
terminate process,
When (POSIX get message from kernel)
POSIX subsystem send POSIX-style signal to thread
If(kernel progresses this far in processing
exception subsystem do not handle exception)
Kernel
Execute default exception handler to terminate
process

14
Unhandled Exceptions

All Windows thread
Have an exception handler declared at the top of
the stack that processes unhandled exceptions
The exception handler
Is declared in internal Windows start-of-process
or start-of-thread function.
Start-of-process function
Run when first thread in a process begins
execution.
Call main entry point in the image.
Start-of-thread function
Run when a user create additional threads.
Call user-supplied thread start routine specified
in CreateThread call.

15
Windows Unhandled Exception Filter (1)

If(thread has unhandled exception)
Windows unhandled exception filter is called
Purpose of this function
Provide system-defined behavior for what to do

16
Windows Unhandled Exception Filter (2)

Two important value
Auto
Debugger
Auto
Tell unhandled exception filter Whether to
automatically run debugger
Or, ask user what to do
Default 1
Launch debugger automatically.
Installing development tools (ex Visual Studio)
changes this to 0
Debugger value
A string
Pointing to path of debugger executable to run in
the case of unhandled exception

17
Debugger

Default debugger is Dr. Watson
\Windows\System32\Drwtsn32.exe
Not really a debugger
A postmortem tool
Activation
Capture state of the crashed application
Records it in
Log file (Drwtsn32.log)
Process crash dump file (User.dmp)
\Documents And Settings\All Users\Documents\DrWats
on

18
(No Transcript)
19
Configuration for Dr. Watson
20
Log File Crash Dump File

Log file
Contain basic information
Exception code
Name of the failed image
List of loaded DLLs
Stack and instruction trace for the thread that
incurred exception
Crash dump file
Contain private pages in process at the time of
exception
This crash dump file can be opened by WinDbg
(Windows debugger, comes with Debugging Tools
package, or Visual Studio 2003 and later)
Overwritten each time a process crash.

21
Visual Notification (1)

Windows 2000 Pro.
Visual notification, default on
After generate crash dump and records information
in log file.
Message box displayed by Dr. Watson

22
Visual Notification (2)

Dr. Watson process
Remains until message box is dismissed.
This is why visual notification is turned off by
default in Windows 2000 Server system.
This default is used
Because
If(server application fail)
Usually nobody can dismiss message box.
Instead
Server applications should log errors to the
Windows event log.

23
Message Box On Windows 2000