MarioVilas
commented
3 years ago Hi! Thanks for your kind words! :)
As for your questions: I've only implemented the raw Win32 part of it all, so there's currently no support for digging into .NET exceptions or generating WinDbg dumps. Been meaning to implement the second one for a while but I never seem to find the time.
The WinDbg dumps can be generated using this API call: https://docs.microsoft.com/en-us/windows/win32/api/minidumpapiset/nf-minidumpapiset-minidumpwritedump
You'd have to write your own wrapper, because I haven't done so yet. Here's what the API wrappers look like: https://github.com/MarioVilas/winappdbg/blob/master/winappdbg/win32/dbghelp.py
As for the .NET exceptions, sadly I've no idea what they look like in native code, since I'm not a .NET coder myself... :(
Hope that helps, and let me know if you need anything else!
Winappdbg is a great tool!
I have a couple of questions:
1. Any way to filter the type/text of a CLR Exception?
Currently I can filter a .NET CLR exception (inside an event handler) by using:
if (code == win32.EXCEPTION_DEBUG_EVENT and event.get_exception_code() == 0xE0434352):, but I cannot figure out how to "dig" inside the .NET exception (similar to !PrintException or !pe with the SOS.dll in WinDbg) to filter further on its text/type/etc.
2. Any way to generate a WinDbg/Visual Studio compatible .dmp full memory dump file (similar to .dump /ma in WinDbg, for example)?
I know I can use
crash.fetch_extra_data( event, takeMemorySnapshot = 2 ), but I am not sure how to convert the result to a .dmp file.Any pointers will be greatly appreciated.