进程是否可能在Windows上捕获另一个进程的未处理异常？ [英] Is it possible for a process to catch an unhandled exception of another process on windows?

问题描述

一个进程是否可能捕获系统上另一个进程的未处理异常？

Is it possible for a process to catch an unhandled exception of another process on the system?

如果可能，在哪种情况下是可能的？例如，如果第二个进程不是由第一个进程启动？

If possible, under which circumstances is it possible? Is it for instance possible if the second process is not started by the first?

我主要寻找关于原生c ++的答案。

I am mainly looking for an answer regarding native c++.

推荐答案

Windows异常：结构化异常处理（SEH）是每个线程。在进程中的另一个线程可能能够操纵目标线程的堆栈来插入其自己的处理程序，但是这将是很难得到正确的（尤其是在x86上缺乏一致的调用约定）。另一个进程可能注入一个dll&线程进入一个进程来做到这一点。这将很难得到正确，特别是没有紧密耦合到目标进程的细节（什么函数被调用和如何）。

Windows Exceptions: Structured Exception Handling (SEH) is per thread. Another thread in the process might be able to manipulate the stack of the target thread to insert its own handler, but that is going to be hard to get right (especially with the lack of consistent calling convention on x86). Another process could inject a dll & thread into a process to do this. This will be hard to get right, especially without close coupling to the details of the target process (what functions are called and how).

在第二个想法调试器可以做到这一点，因此Win32调试器API必须具有此功能。进程可以调试同一会话中的其他进程（具有较低或相等的完整性级别），或者如果用户具有任何进程的调试进程特权。

On second thoughts debuggers can do this, so the Win32 debugger APIs must have this capability. A process can debug other processes in the same session (with lower or equal integrity level), or if the user has the "debug process" privileged any process.

这篇关于进程是否可能在Windows上捕获另一个进程的未处理异常？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！