Debugging specific access violation in JNI module

Question

I'm trying to debug Access Violation error in C++ components running in process of Java-based service via JNI with WinDBG. There are two problems I currently face:

1. Java itself uses first-chance access violation exceptions to do some internal thread syncronization (at least that's how it seems), so I can't just break on all first-chance access violations (according to Java bugs database this is intended behavior, so we should not expect any fix)
2. Exception is handled in outer code (that should protect production environment against misbehaving of C++ code)

Currently I see one way to distinguish between Java's AV and mine - Java's are happening at the addresses that belong to modules that does not have any symbols loaded, or at any other point of the memory, and I'm interested in catching AVs that happen at the places that have symbols loaded.

Seems I have all elements on how to achieve it with WinDbg, but can't assemble them together:

sxe -c ".if (ln) {gN}" av

The problem is I can't specify input of ln command in .if statement (because it expects an expression), and also I'm not sure how to check if output of ln is empty.

Answer 1

We have a native C++ service that loads jvm.dll and calls into it. Tons of AVs from it :-(. Luckily they were always from at most two different instructions inside jvm.dll so I do sxe -c ".if (@eip == <addr1>) || (@eip == <addr2>) {gn}" av and that works for me.

Answer 2

Interesting case ! I think using ln and check the output will be terrible slow (and don’t know how to do it either). A slightly different approach: The pseudo @$ip should contain the address of the exception

First chance exceptions are reported before any exception handling.
 <cut cut >
 eip=0041625d
 0:000> r @$ip
 $ip=0041625d

Use the rebase utility to change the default load address for your .dll's to a high values and hope they all are loaded up there.

Then you can test on: @$ip > “RebaseAddr”