search

skelsec / minidump

Python library to parse and read Microsoft minidump file format
MIT License
270 stars 55 forks source link

Add support of parsing exception stream #4

Closed lucasg closed 5 years ago

lucasg commented 5 years ago

"Correctly" (this stream is not documented properly, so it's implementation-dependant) parse exception stream in order to extract exception chain records.

This is pretty important, since the information about a crash ( which then generated the crashdump) is stored in the exception stream. This is the entry point to analyze automatically crash dumps.

Exemple of exception output : 

(minidump_env) lucasg@lucasg:~/minidump/minidump$ python -m minidump.__main__  --exception ../dump/fizzbuzz_no_heap.dmp 
== ExceptionList ==
ThreadId   | ExceptionCode                            | ExceptionFlags | ExceptionRecord | ExceptionAddress | ExceptionInformation
----------------------------------------------------------------------------------------------------------------------------------
0x00002320 | ExceptionCode.EXCEPTION_ACCESS_VIOLATION | 0x00000000     | 0x00000000      | 0x00164d14       | [0, 0]

(the fizzbuzz crash dump can be found here : https://github.com/llvm-mirror/lldb/blob/master/packages/Python/lldbsuite/test/functionalities/postmortem/minidump/fizzbuzz_no_heap.dmp)

skelsec commented 5 years ago

Thank you for the contribution.