Getting the exception record

greg_pearce · December 3, 2003, 4:37pm

Which parameter to KeBugCheckEx is a pointer to the exception record?

I’m running win2003 server. My call stack looks like this at time of
failure:

f83365c0 80534806 0000008e c0000005 f88a7cad nt!KeBugCheckEx+0x19
f833697c 804f44e7 f8336998 00000000 f83369ec nt!KiDispatchException+0x2f5
f83369e4 804f4496 80721a54 ffb01cc0 00000000
nt!CommonDispatchException+0x4a (FPO: [0,20,0])
f8336a94 f88a1a70 fed12440 80721a54 ffb01cc0 nt!Kei386EoiHelper+0x17e
f8336adc f88a2cd9 81d34f48 81d34fdc 80721a54
FTKFSD!FsdHandleUserResponse+0xd0 (CONV: stdcall)
[c:\current\driver\fsddevio.c @ 388]
(rest of stack not shown)

Thanks and Regards,

Greg

OSR_Community_User · December 12, 2003, 5:28pm

The first parameter to KeBugCheckEx() is the bugcheck code, which you can
look up in the debugger help to find out what the other parameters are. The
following parameters are the ones listed in the debugger help as the
parameters for the stop.

So, in your case:
f83365c0 80534806 0000008e c0000005 f88a7cad nt!KeBugCheckEx+0x19 would show
up as
STOP 8E(c0000005, f88a7cad …

Your stack analysis doesn’t show the fourth and fifth parameters to
KeBugCheckEx, which would be parameters 3 and 4 as shown in the debugger
help for stop 8E:

Parameter Description
1 The exception code that was not handled
2 The address at which the exception occurred
3 The trap frame
4 Reserved

Given the address of the exception, the exception code and the trap frame,
you probably don’t need the exception record, but you’ll probably find that
one of the parameters to nt!KiDispatchException in the next stack frame down
is the exception record.

Rex Theobald

“greg pearce” wrote in message news:xxxxx@windbg…
>
> Which parameter to KeBugCheckEx is a pointer to the exception record?
>
> I’m running win2003 server. My call stack looks like this at time of
> failure:
>
> f83365c0 80534806 0000008e c0000005 f88a7cad nt!KeBugCheckEx+0x19
> f833697c 804f44e7 f8336998 00000000 f83369ec nt!KiDispatchException+0x2f5
> f83369e4 804f4496 80721a54 ffb01cc0 00000000
> nt!CommonDispatchException+0x4a (FPO: [0,20,0])
> f8336a94 f88a1a70 fed12440 80721a54 ffb01cc0 nt!Kei386EoiHelper+0x17e
> f8336adc f88a2cd9 81d34f48 81d34fdc 80721a54
> FTKFSD!FsdHandleUserResponse+0xd0 (CONV: stdcall)
> [c:\current\driver\fsddevio.c @ 388]
> (rest of stack not shown)
>
> Thanks and Regards,
>
> Greg
>
>