DBG_N_Exception

Debug Notification -7 - General Exception Notification

This notification returns:

For the pre-first chance for a breakpoint exception:

Cmd= DBG_N_Exception
Value= 0 (DBG_X_PRE_FIRST_CHANCE)
Addr= Linear address of breakpoint
Buffer= Exception number (XCPT_BREAKPOINT) (0xC000009F)

For the pre-first chance for a single-step exception:

Cmd= DBG_N_Exception
Value= 0 (DBG_X_PRE_FIRST_CHANCE)
Addr= Linear address of instruction after Single Step
Buffer= Exception number (XCPT_SINGLE_STEP) (0xC00000A0)

For the first chance for all exceptions:

Cmd= DBG_N_Exception
Value= 1 (DBG_X_FIRST_CHANCE)
Addr= Linear address of exception
Buffer= Pointer to Exception Report Record in debuggee's context
Len= Pointer to Exception Context Record in debuggee's context

For the last chance for all exceptions:

Cmd= DBG_N_Exception
Value= 2 (DBG_X_LAST_CHANCE)
Addr= Linear address of exception
Buffer= Pointer to Exception Report Record in debuggee's context
Len= Pointer to Exception Context Record in debuggee's context

For an invalid stack notification:

Cmd= DBG_N_Exception
Value= 3 (DBG_X_STACK_INVALID)
Addr= Linear address of exception
Buffer= Exception number

The scenarios under which a debug exception is reported are pre-first, first, and last chance, and invalid stack notification. The Value field of the user debug buffer indicates the scenario.

DosDebug has detected an exception (a trap or a fault) at the specified address. The exception number in the exception structure identifies the exception that was detected.

Exception notifications are always returned from the context of the thread that detected the exception. That is, the exception structure reflects the state of the thread that caused the exception, at the time the exception was detected.

The debugger is given a maximum of two chances to handle exceptions other than single-step or breakpoint exceptions, which have a maximum of three chances. The order of operations for handling an exception is as follows:

Debugger has the pre-first chance to handle the exception (for breakpoint and single-step exceptions).
Debugger has the first chance to handle the exception, or to invoke an exception handler if it is present.
Debugger has the last chance to handle the exception, or to invoke an exception handler if it is present.

An exception notification is returned for all exceptions, including those raised by the user via DosRaiseException.

An exception can have an informational, warning, or fatal severity. The severity is coded in the high-order three bits of the exception number for user-raised and system exceptions.

The debugger may dismiss the exception by returning XCPT_CONTINUE_EXECUTION, so that the user's context is restored, and execution continues at the point where the exception occurred. Otherwise, the debugger may return XCPT_CONTINUE_SEARCH. This causes the exception to be passed to the user's exception handlers (after the debugger's first chance), or causes the default action for the exception to occur (after the debugger's last chance).

For performance reasons, the single-step and breakpoint exceptions cause a "pre-first" notification. This is faster than the ordinary first exception notification. At the time of the notification, the debugger may decide if the single-step or breakpoint exception was an anticipated event. If it was anticipated, the debugger may return XCPT_CONTINUE_EXECUTION, as for an ordinary first notification. If it was not anticipated, the debugger may return XCPT_CONTINUE_SEARCH in order to raise an ordinary first notification for the single-step or breakpoint exception. With the second notification, this allows a maximum of three notifications for the single-step and breakpoint exceptions.

For breakpoint exceptions, the instruction pointer (EIP) of the debuggee is decremented to point to the breakpoint instruction.

Note: Do not confuse the family of floating point exceptions with the DBG_N_CoError error notification.

Restrictions

The error code may not be reliable in some situations for the page fault exception, due to hardware errors.