[PATCH 3/3] ntdll: fix up instruction pointer in contextinsideraise_exception

[Dmitry Timoshkov]

"Peter Oberndorfer" <kumbayo84 at arcor.de> wrote:

> The strange thing is my testcase [patch 2/3] shows/(should show) that the debugger
> gets a unmodified eip for a first chance exception
> + if (de.u.Exception.dwFirstChance)
> + {
> + /* debugger gets first chance exception with unmodified ctx.Eip */
> + ok((DWORD)ctx.Eip == (DWORD)code_mem_address + 0xb, "Eip at %x instead of 0x%x\n",
> + ctx.Eip, (DWORD)code_mem_address + 0xb);
> 
> and the modified one when the application did not handle the exception

Could that be due to an error in your test?

> Unfortunetely i don't own that book :-(
> Could you please verify in the pseudocode that the modified context gets sent to the debugger,
> and not some unmodified copy?

The pseudocode of KiDispatchException as the very first thing calls KeContextFromKframes
and then unconditionally decrements context.Eip in the case of STATUS_BREAKPOINT.

> Or maybe they unfix the context again in the send_to_debugger function ;-)
> Or the pseudo code is not fully correct.

That's a possibility, yes.

-- 
Dmitry.