Package winappdbg :: Module event :: Class ExceptionEvent

[frames] | no frames]

Class ExceptionEvent

source code

Exception event.

Instance Methods

[hide private]

str

get_exception_name(self)
Returns: Name of the exception as defined by the Win32 API.

source code

str

get_exception_description(self)
Returns: User-friendly name of the exception.

source code

bool

is_first_chance(self)
Returns: True for first chance exceptions, False for last chance. source code

bool

is_last_chance(self)
Returns: The opposite of is_first_chance.

source code

bool

is_noncontinuable(self)
Returns: True if the exception is noncontinuable, False otherwise. source code

bool

is_continuable(self)
Returns: The opposite of is_noncontinuable.

source code

bool

is_user_defined_exception(self)
Determines if this is an user-defined exception.

source code

bool

is_system_defined_exception(self)
Returns: The opposite of is_user_defined_exception.

source code

int

get_exception_code(self)
Returns: Exception code as defined by the Win32 API.

source code

int

get_exception_address(self)
Returns: Memory address where the exception occured.

source code

int

get_exception_information(self, index)
Returns: Exception information DWORD.

source code

list( int )

get_exception_information_as_list(self)
Returns: Exception information block.

source code

int

get_fault_type(self)
Returns: Access violation type.

source code

int

get_fault_address(self)
Returns: Access violation memory address.

source code

int

get_ntstatus_code(self)
Returns: NTSTATUS status code that caused the exception.

source code

bool

is_nested(self)
Returns: Returns True if there are additional exception records associated with this exception. source code

list( win32.EXCEPTION_RECORD )

get_raw_exception_record_list(self)
Traverses the exception record linked list and builds a Python list.

source code

list( ExceptionEvent )

get_nested_exceptions(self)
Traverses the exception record linked list and builds a Python list.

source code

__init__(self, debug, raw)
x.__init__(...) initializes x; see help(type(x)) for signature (Inherited from winappdbg.event.Event)

source code

int

get_event_code(self)
Returns: Debug event code as defined in the Win32 API. (Inherited from winappdbg.event.Event)

source code

str

get_event_description(self)
Returns: User-friendly description of the event. (Inherited from winappdbg.event.Event)

source code

str

get_event_name(self)
Returns: User-friendly name of the event. (Inherited from winappdbg.event.Event)

source code

int

get_pid(self)
Returns: Process global ID where the event occured. (Inherited from winappdbg.event.Event)

source code

Process

get_process(self)
Returns: Process where the event occured. (Inherited from winappdbg.event.Event)

source code

Thread

get_thread(self)
Returns: Thread where the event occured. (Inherited from winappdbg.event.Event)

source code

int

get_tid(self)
Returns: Thread global ID where the event occured. (Inherited from winappdbg.event.Event)

source code

Inherited from object: __delattr__, __format__, __getattribute__, __hash__, __new__, __reduce__, __reduce_ex__, __repr__, __setattr__, __sizeof__, __str__, __subclasshook__

Class Variables

[hide private]

str eventName = 'Exception event'
User-friendly name of the event.

str eventDescription = 'An exception was raised by the debugee.'
User-friendly description of the event.

__exceptionMethod = {1073741855: 'wow64_breakpoint', 107380736...

__exceptionName = {1073741855: 'EXCEPTION_WX86_BREAKPOINT', 10...

__exceptionDescription = {1073741855: 'WOW64 breakpoint', 1073...

dict( int → str ) exceptionDescription
Mapping of exception constants to user-friendly strings.

dict( int → str ) exceptionName
Mapping of exception constants to their names.

Instance Variables

[hide private]

Breakpoint

breakpoint
If the exception was caused by one of our breakpoints, this member contains a reference to the breakpoint object.

int

continueStatus
Continue status to pass to win32.ContinueDebugEvent. (Inherited from winappdbg.event.Event)

Debug

debug
Debug object that received the event. (Inherited from winappdbg.event.Event)

Hook

hook
If the exception was caused by a function hook, this member contains a reference to the hook object.

DEBUG_EVENT

raw
Raw DEBUG_EVENT structure as used by the Win32 API. (Inherited from winappdbg.event.Event)

Properties

[hide private]

str eventMethod
Method name to call when using EventHandler subclasses.

Inherited from object: __class__

Method Details

[hide private]

get_exception_name(self)

source code

Returns: str: Name of the exception as defined by the Win32 API.

get_exception_description(self)

source code

Returns: str: User-friendly name of the exception.

is_first_chance(self)

source code

Returns: bool: True for first chance exceptions, False for last chance.

is_last_chance(self)

source code

Returns: bool: The opposite of is_first_chance.

is_noncontinuable(self)

source code

Returns: bool: True if the exception is noncontinuable, False otherwise.
Attempting to continue a noncontinuable exception results in an EXCEPTION_NONCONTINUABLE_EXCEPTION exception to be raised.

is_continuable(self)

source code

Returns: bool: The opposite of is_noncontinuable.

is_user_defined_exception(self)

source code

Determines if this is an user-defined exception. User-defined exceptions may contain any exception code that is not system reserved.

Often the exception code is also a valid Win32 error code, but that's up to the debugged application.

Returns: bool: True if the exception is user-defined, False otherwise.

is_system_defined_exception(self)

source code

Returns: bool: The opposite of is_user_defined_exception.

get_exception_code(self)

source code

Returns: int: Exception code as defined by the Win32 API.

get_exception_address(self)

source code

Returns: int: Memory address where the exception occured.

get_exception_information(self, index)

source code

Parameters:

index (int) - Index into the exception information block.

Returns: int

Exception information DWORD.

get_exception_information_as_list(self)

source code

Returns: list( int ): Exception information block.

get_fault_type(self)

source code

Returns: int

Access violation type. Should be one of the following constants:

Raises:

NotImplementedError - Wrong kind of exception.

Note: This method is only meaningful for access violation exceptions, in-page memory error exceptions and guard page exceptions.

get_fault_address(self)

source code

Returns: int

Access violation memory address.

Raises:

NotImplementedError - Wrong kind of exception.

Note: This method is only meaningful for access violation exceptions, in-page memory error exceptions and guard page exceptions.

get_ntstatus_code(self)

source code

Returns: int

NTSTATUS status code that caused the exception.

Raises:

NotImplementedError - Not an in-page memory error.

Note: This method is only meaningful for in-page memory error exceptions.

is_nested(self)

source code

Returns: bool: Returns True if there are additional exception records associated with this exception. This would mean the exception is nested, that is, it was triggered while trying to handle at least one previous exception.

get_raw_exception_record_list(self)

source code

Traverses the exception record linked list and builds a Python list.

Nested exception records are received for nested exceptions. This happens when an exception is raised in the debugee while trying to handle a previous exception.

Returns: list( win32.EXCEPTION_RECORD ): List of raw exception record structures as used by the Win32 API.
There is always at least one exception record, so the list is never empty. All other methods of this class read from the first exception record only, that is, the most recent exception.

get_nested_exceptions(self)

source code

Traverses the exception record linked list and builds a Python list.

Nested exception records are received for nested exceptions. This happens when an exception is raised in the debugee while trying to handle a previous exception.

Returns: list( ExceptionEvent ): List of ExceptionEvent objects representing each exception record found in this event.
There is always at least one exception record, so the list is never empty. All other methods of this class read from the first exception record only, that is, the most recent exception.

Class Variable Details

[hide private]

__exceptionMethod

Value:

{1073741855: 'wow64_breakpoint',
 1073807365: 'debug_control_c',
 1080890248: 'ms_vc_exception',
 2147483649: 'guard_page',
 2147483650: 'datatype_misalignment',
 2147483651: 'breakpoint',
 2147483652: 'single_step',
 3221225477: 'access_violation',
...

__exceptionName

Value:

{1073741855: 'EXCEPTION_WX86_BREAKPOINT',
 1073807365: 'DBG_CONTROL_C',
 1080890248: 'MS_VC_EXCEPTION',
 2147483649: 'EXCEPTION_GUARD_PAGE',
 2147483650: 'EXCEPTION_DATATYPE_MISALIGNMENT',
 2147483651: 'EXCEPTION_BREAKPOINT',
 2147483652: 'EXCEPTION_SINGLE_STEP',
 3221225477: 'EXCEPTION_ACCESS_VIOLATION',
...

__exceptionDescription

Value:

{1073741855: 'WOW64 breakpoint',
 1073807365: 'Debug Control-C',
 1080890248: 'Microsoft Visual C++ exception',
 2147483649: 'Guard page hit',
 2147483650: 'Datatype misalignment',
 2147483651: 'Breakpoint',
 2147483652: 'Single step event',
 3221225477: 'Access violation',
...

Instance Variable Details

[hide private]

breakpoint

If the exception was caused by one of our breakpoints, this member contains a reference to the breakpoint object. Otherwise it's not defined. It should only be used from the condition or action callback routines, instead of the event handler.

Type:: Breakpoint

hook

If the exception was caused by a function hook, this member contains a reference to the hook object. Otherwise it's not defined. It should only be used from the hook callback routines, instead of the event handler.

Type:: Hook

Property Details

[hide private]

eventMethod

Method name to call when using EventHandler subclasses. Used internally.

Get Method:: unreachable.eventMethod(self)