From db69a9a7e1f5d25bf7ab735758650f99a99e2e39 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Herm=C3=A8s=20B=C3=A9lusca-Ma=C3=AFto?= Date: Wed, 27 Aug 2025 23:00:59 +0200 Subject: [PATCH] [RTL][NDK] Improve RtlUnhandledExceptionFilter(2) (#8353) - Reimplement `RtlUnhandledExceptionFilter()` by just calling `RtlUnhandledExceptionFilter2()`. - Return an adequate exception filter value `EXCEPTION_CONTINUE_SEARCH` from `RtlUnhandledExceptionFilter2()`, instead of some random error. If `ExceptionCode` is `STATUS_POSSIBLE_DEADLOCK` however, return `EXCEPTION_CONTINUE_EXECUTION` instead, as shown by a test from Whindmar Saksit. - The second parameter of `RtlUnhandledExceptionFilter2()` is not a flag, but a pointer to string `PCSTR` ! See https://skanthak.hier-im-netz.de/download/NTDLL.H who is the only one online who has the correct definition, whose usage I've double-checked on Win7 ntdll.dll. This is used in the `` slot in the displayed debugger message: ``` *** An Access Violation occurred in : The instruction at
tried to write to a NULL pointer ``` For example, see: https://community.osr.com/t/access-violation/33435 --- sdk/include/ndk/rtlfuncs.h | 2 +- sdk/lib/rtl/exception.c | 23 +++++++++++++---------- 2 files changed, 14 insertions(+), 11 deletions(-) diff --git a/sdk/include/ndk/rtlfuncs.h b/sdk/include/ndk/rtlfuncs.h index 20913ab01d2..d49ba84c53c 100644 --- a/sdk/include/ndk/rtlfuncs.h +++ b/sdk/include/ndk/rtlfuncs.h @@ -676,7 +676,7 @@ NTSYSAPI LONG NTAPI RtlUnhandledExceptionFilter( - _In_ struct _EXCEPTION_POINTERS* ExceptionInfo + _In_ PEXCEPTION_POINTERS ExceptionInfo ); __analysis_noreturn diff --git a/sdk/lib/rtl/exception.c b/sdk/lib/rtl/exception.c index 63a65e884b5..6ea7fc58a1c 100644 --- a/sdk/lib/rtl/exception.c +++ b/sdk/lib/rtl/exception.c @@ -87,7 +87,7 @@ RtlRaiseStatus(IN NTSTATUS Status) EXCEPTION_RECORD ExceptionRecord; CONTEXT Context; - /* Capture the context */ + /* Capture the context */ RtlCaptureContext(&Context); /* Create an exception record */ @@ -234,14 +234,14 @@ static VOID } static VOID - PrintStackTrace(struct _EXCEPTION_POINTERS *ExceptionInfo) +PrintStackTrace(struct _EXCEPTION_POINTERS *ExceptionInfo) { PVOID StartAddr; CHAR szMod[128] = ""; PEXCEPTION_RECORD ExceptionRecord = ExceptionInfo->ExceptionRecord; PCONTEXT ContextRecord = ExceptionInfo->ContextRecord; - /* Print a stack trace. */ + /* Print a stack trace */ DbgPrint("Unhandled exception\n"); DbgPrint("ExceptionCode: %8x\n", ExceptionRecord->ExceptionCode); @@ -310,12 +310,10 @@ static VOID */ LONG NTAPI -RtlUnhandledExceptionFilter(IN struct _EXCEPTION_POINTERS* ExceptionInfo) +RtlUnhandledExceptionFilter( + _In_ PEXCEPTION_POINTERS ExceptionInfo) { - /* This is used by the security cookie checks, and also called externally */ - UNIMPLEMENTED; - PrintStackTrace(ExceptionInfo); - return ERROR_CALL_NOT_IMPLEMENTED; + return RtlUnhandledExceptionFilter2(ExceptionInfo, ""); } /* @@ -325,12 +323,17 @@ LONG NTAPI RtlUnhandledExceptionFilter2( _In_ PEXCEPTION_POINTERS ExceptionInfo, - _In_ ULONG Flags) + _In_ PCSTR Function) { /* This is used by the security cookie checks, and also called externally */ UNIMPLEMENTED; + ASSERT(ExceptionInfo && ExceptionInfo->ExceptionRecord); + PrintStackTrace(ExceptionInfo); - return ERROR_CALL_NOT_IMPLEMENTED; + + if (ExceptionInfo->ExceptionRecord->ExceptionCode == STATUS_POSSIBLE_DEADLOCK) + return EXCEPTION_CONTINUE_EXECUTION; + return EXCEPTION_CONTINUE_SEARCH; } /*