0

I am using MSVC2019 and COM and compiling using /EHa getting a SEH from ntdll.dll from TppRaiseInvalidParameter that I am trying to catch but seem unable to. I know exactly why the exception is thrown, but that is not the issue here.

I tried using all the mechanisms described in the MSDN docs (__try/__except, _set_se_translator, SetUnhandledExceptionFilter), but none seem to trigger in this case. I also tried raising exceptions using RaiseException and RtlRaiseException (used by TppRaiseInvalidParameter) and those seem to be caught no problem in the __except handler.

The only thing I've been able to spot in TppRaiseInvalidParameter is that it calls __SEH_prolog4_GS at the beginning, but from what I've read that is normal code generated by the compiler for SEHs, but I'm new to SEHs in general.

My questions are: why can't I catch that exception? Is there any way to catch it?

Minimal code for reproduction

extern "C"
{
    void (WINAPI* TppRaiseInvalidParameter)();
}

void func()
{
    __try
    {
        HMODULE ntdll;
        GetModuleHandleExA(GET_MODULE_HANDLE_EX_FLAG_UNCHANGED_REFCOUNT, "ntdll.dll", &ntdll);
        TppRaiseInvalidParameter = reinterpret_cast<decltype(TppRaiseInvalidParameter)>((LONG)ntdll + 0x104EBDL); // it's not an exported function and your offset may be different
        TppRaiseInvalidParameter();
    }
    __except (EXCEPTION_EXECUTE_HANDLER)
    {
        puts("exception caught");
    }
}
Radu C
  • 303
  • 2
  • 11
  • I can reproduce the issue only if the application is run from VS with debugger. If it is run standalone it seems the exception is caught as expected. – dewaffled Nov 18 '22 at 19:49
  • And [AddVectoredExceptionHandler](https://learn.microsoft.com/en-us/windows/win32/api/errhandlingapi/nf-errhandlingapi-addvectoredexceptionhandler) seems to be able to catch the exception before the debugger. – dewaffled Nov 18 '22 at 19:55
  • @dewaffled: Indeed, that seems to be the case with the demo code, but it's not the same in the project (exception not caught even with no debugger attached). Any ideas why it would be caught when the debugger is not attached? It seems like a different behavior to exceptions raised directly by `RaiseException` or `RtlRaiseException`. – Radu C Nov 18 '22 at 20:17
  • @dewaffled: Regarding vectored exceptions I thought that is a different mechanism to structured exceptions, but I might have been wrong. Also MSDN says that it's not suitable for x64 (https://learn.microsoft.com/en-us/windows/win32/debug/using-a-vectored-exception-handler). I'll try it myself and maybe I'll find the cause. – Radu C Nov 18 '22 at 20:18
  • I think they just messed up with this x64-incompatibility note - they have `#ifdef _AMD64_` in the example code, so, i believe it should be ok (have not checked though). but it would indeed at least require some tweaking on other architectures like ARM. – dewaffled Nov 18 '22 at 20:37

0 Answers0