1

I tried to ask google and search here or at stackoverflow, but could not find the results I was looking for. Sorry if the question is a duplicate (please provide a link or hint to google it; thank you):

When I'm fuzzing some app.exe on Windows, should I try to investigate the crash when I find 'first chance' or 'second chance' in Windbg output?

For example:

(cbc.fc8): Access violation - code c0000005 (first chance) First chance exceptions are reported before any exception handling. This exception may be expected and handled. eax=01f11218 ebx=00560000 ecx=803a3a3a edx=803a3a3a esi=01f11210 edi=01f72000 eip=7c911980 esp=0227c828 ebp=0227c834 iopl=0 nv up ei pl zr na pe nc cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00010246 ntdll!RtlInitializeCriticalSection+0x32b: 7c911980 8b09 mov ecx,dword ptr [ecx] ds:0023:803a3a3a=????????

hft
  • 4,910
  • 17
  • 32
user183440
  • 11
  • 1
  • doesn't this article answer your question: https://docs.microsoft.com/en-us/security-risk-detection/concepts/first-chance-exception ? – buherator Aug 02 '18 at 13:23
  • Thank you very much! Some how - probably "yes for 100%" but (as a n00b ;)) I need to ask: so I should definitely check more 'second chance' exceptions in the debuger's output. yes? – user183440 Aug 02 '18 at 15:18
  • during fuzzing first chance exceptions may be valuable, especially if the app (or the framework it was built with) tries to handle all exceptions. – buherator Aug 03 '18 at 07:06

0 Answers0