如何在EXCEPTION_POINTERS异常期间获得EExternal？

Question

如何获得EXCEPTION_POINTERS，即两者都是：

• PEXCEPTION_RECORD和
• PCONTEXT

EExternal异常期间的数据？

背景

当Windows抛出异常时，它会传递一个PEXCEPTION_POINTERS；指向异常信息的指针：

typedef struct _EXCEPTION_POINTERS {
   PEXCEPTION_RECORD ExceptionRecord;
   PCONTEXT          ContextRecord;
} EXCEPTION_POINTERS, *PEXCEPTION_POINTERS;

当Delphi抛出一个EExternal异常时，它只包含一半的信息，即PEXCEPTION_RECORD：

EExternal = class(Exception)
public
  ExceptionRecord: PExceptionRecord;
end;

在EExternal异常期间，如何同时获得两者？

示例用法

我试图用德尔菲的MiniDumpWriteDump函数编写一个Minidump。

该函数有几个可选参数：

function MiniDumpWriteDump(
    hProcess: THandle; //A handle to the process for which the information is to be generated.
    ProcessID: DWORD; //The identifier of the process for which the information is to be generated.
    hFile: THandle; //A handle to the file in which the information is to be written.
    DumpType: MINIDUMP_TYPE; //The type of information to be generated.
    {in, optional}ExceptionParam: PMinidumpExceptionInformation; //A pointer to a MINIDUMP_EXCEPTION_INFORMATION structure describing the client exception that caused the minidump to be generated.
    {in, optional}UserStreamParam: PMinidumpUserStreamInformation;
    {in, optional}CallbackParam: PMinidumpCallbackInformation): Boolean;

在基本级别上，我可以省略以下三个可选参数：

MiniDumpWriteDump(
    GetCurrentProcess(), 
    GetCurrentProcessId(),
    hFileHandle,
    nil,  //PMinidumpExceptionInformation
    nil,
    nil);

而且它成功了。缺点是微型程序缺少异常信息。该信息(可选)使用第四个miniExceptionInfo参数传递：

TMinidumpExceptionInformation = record
    ThreadId: DWORD;
    ExceptionPointers: PExceptionPointers;
    ClientPointers: BOOL;
end;
PMinidumpExceptionInformation = ^TMinidumpExceptionInformation;

这很好，但我需要一种方法来获得EXCEPTION_POINTERS提供的异常发生时由Windows提供的方式。

TExceptionPointers结构包含两个成员：

EXCEPTION_POINTERS = record
   ExceptionRecord : PExceptionRecord;
   ContextRecord : PContext;
end;

我知道德尔福的PExceptionRecord异常是所有“EExternal”异常的基础，它包含所需的EExternal

EExternal = class(Exception)
public
  ExceptionRecord: PExceptionRecord;
end;

但它不包含关联的ContextRecord.

PEXCEPTION_RECORD还不够好吗？

如果我试图将EXCEPTION_POINTERS传递给MiniDumpWriteDump，则留下ContextRecord 0：

procedure TDataModule1.ApplicationEvents1Exception(Sender: TObject; E: Exception);
var
   ei: TExceptionPointers;
begin
   if (E is EExternal) then
   begin
      ei.ExceptionRecord := EExternal(E).ExceptionRecord;
      ei.ContextRecord := nil;
      GenerateDump(@ei);
   end;

   ...
end;

function GenerateDump(exceptionInfo: PExceptionPointers): Boolean;
var
   miniEI: TMinidumpExceptionInformation;
begin
   ...

   miniEI.ThreadID := GetCurrentThreadID();
   miniEI.ExceptionPointers := exceptionInfo;
   miniEI.ClientPointers := True;

   MiniDumpWriteDump(
       GetCurrentProcess(), 
       GetCurrentProcessId(),
       hFileHandle,
       @miniEI,  //PMinidumpExceptionInformation
       nil,
       nil);
end;

则该函数出现错误0x8007021B失败。

只完成了部分ReadProcessMemory或WriteProcessMemory请求

那SetUnhandledExceptionFilter呢

为什么不直接使用SetUnhandledExceptionFilter并获取所需的指针呢？

SetUnhandledExceptionFilter(@DebugHelpExceptionFilter);

function DebugHelpExceptionFilter(const ExceptionInfo: TExceptionPointers): Longint; stdcall;
begin
   GenerateDump(@ExceptionInfo);
   Result := 1;  //1 = EXCEPTION_EXECUTE_HANDLER
end;

这方面的问题是，未过滤的异常处理程序只有在异常未被过滤时才会启动。因为这是Delphi，也因为我处理异常：

procedure DataModule1.ApplicationEvents1Exception(Sender: TObject; E: Exception);
var
    ei: TExceptionPointers;
begin
    if (E is EExternal) then
    begin
       //If it's EXCEPTION_IN_PAGE_ERROR then we have to terminate *now*
       if EExternal(E).ExceptionRecord.ExceptionCode = EXCEPTION_IN_PAGE_ERROR then
       begin
           ExitProcess(1);
           Exit;
       end;

       //Write minidump
       ...
    end;

    {$IFDEF SaveExceptionsToDatabase}
    SaveExceptionToDatabase(Sender, E);
    {$ENDIF}

    {$IFDEF ShowExceptionForm}
    ShowExceptionForm(Sender, E);
    {$ENDIF}
end;

应用程序没有(我也不希望它)以WER错误终止。

如何在使用EXCEPTION_POINTERS时获得EExternal

注意事项：您可以忽略从背景开始的所有内容。这是不必要的填充设计，使我看起来更聪明。

先发制人的嘲讽赫弗南评论:你应该停止使用德尔菲5。

奖金阅读

• 崩溃转储分析(Windows) (如何调用MiniDumpWriteDump的详细示例)
• CodeProject:用微型转储和Visual .NET对应用程序进行死后调试 (一般谈论概念、优点，以及如何生成和使用微型转储)
• Stackoverflow:当我的进程崩溃时，如何为它创建微型程序？ (迷你转储世界的初步介绍)
• Stackoverflow:可以防止微软报告单个应用程序的错误吗？ (在Delphi中设置未过滤的处理程序)

Answer 1

由于Delphi不直接公开上下文指针，而是只提取异常指针，并且在系统的核心中这样做，所以解决方案将在某种程度上特定于您正在使用的Delphi版本。

我已经有一段时间没有安装Delphi 5了，但是我确实安装了Delphi 2007，我相信Delphi 5和Delphi 2007之间的概念在这方面基本上没有改变。

考虑到这一点，下面是一个如何在Delphi 2007中完成此操作的示例：

program Sample;

{$APPTYPE CONSOLE}

uses
  Windows,
  SysUtils;


var
  SaveGetExceptionObject : function(P: PExceptionRecord):Exception;

// we show just the content of the general purpose registers in this example
procedure DumpContext(Context: PContext);
begin
  writeln('eip:', IntToHex(Context.Eip, 8));
  writeln('eax:', IntToHex(Context.Eax, 8));
  writeln('ebx:', IntToHex(Context.Ebx, 8));
  writeln('ecx:', IntToHex(Context.Ecx, 8));
  writeln('edx:', IntToHex(Context.Edx, 8));
  writeln('esi:', IntToHex(Context.Esi, 8));
  writeln('edi:', IntToHex(Context.Edi, 8));
  writeln('ebp:', IntToHex(Context.Ebp, 8));
  writeln('esp:', IntToHex(Context.Esp, 8));
end;

// Below, we redirect the ExceptObjProc ptr to point to here
// When control reaches here we locate the context ptr on
// stack, call the dump procedure, and then call the original ptr
function HookGetExceptionObject(P: PExceptionRecord):Exception;
var
  Context: PContext;
begin
  asm
    // This +44 value is likely to differ on a Delphi 5 setup, but probably
    // not by a lot. To figure out what value you should use, set a
    // break-point here, then look in the stack in the CPU window for the
    // P argument value on stack, and the Context pointer should be 8 bytes
    // (2 entries) above that on stack.
    // Note also that the 44 is sensitive to compiler switches, calling
    // conventions, and so on.
    mov eax, [esp+44]
    mov Context, eax
  end;
  DumpContext(Context);
  Result := SaveGetExceptionObject(P);
end;

var
  dvd, dvs, res: double; // used to force a div-by-zero error
begin
  dvd := 1; dvs := 0;
  SaveGetExceptionObject := ExceptObjProc;
  ExceptObjProc := @HookGetExceptionObject;
  try
    asm
      // this is just for register context verification
      // - don't do this in production
      mov esi, $BADF00D5;
    end;
    // cause a crash
    res := dvd / dvs;
    writeln(res);
  except
    on E:Exception do begin
      Writeln(E.Classname, ': ', E.Message);
      Readln;
    end;
  end;
end.