"Peter Oberndorfer" <[EMAIL PROTECTED]> wrote:
The strange thing is my testcase [patch 2/3] shows/(should show) that the
debugger
gets a unmodified eip for a first chance exception
+ if (de.u.Exception.dwFirstChance)
+ {
+ /* debugger gets first chance exception with unmodified ctx.Eip */
+ ok((DWORD)ctx.Eip == (DWORD)code_mem_address + 0xb, "Eip at %x instead of
0x%x\n",
+ ctx.Eip, (DWORD)code_mem_address + 0xb);
and the modified one when the application did not handle the exception
Could that be due to an error in your test?
Unfortunetely i don't own that book :-(
Could you please verify in the pseudocode that the modified context gets sent
to the debugger,
and not some unmodified copy?
The pseudocode of KiDispatchException as the very first thing calls
KeContextFromKframes
and then unconditionally decrements context.Eip in the case of
STATUS_BREAKPOINT.
Or maybe they unfix the context again in the send_to_debugger function ;-)
Or the pseudo code is not fully correct.
That's a possibility, yes.
--
Dmitry.
