Tracing seh exception

[acheron2302]

I am using tiny tracer when I encounter a problem where if the problem use seh exception for anti-debug but tiny tracer is also effect by it, the result in the end will look like this:

<random rva>;ntdll.KiUserExceptionDispatcher
<random rva>;ntdll.[RtlInterlockedCompareExhange64+1e2]*

The main reason I can think of is because tiny tracer doesn't run the exception part. The SEH exception look like this:

Is there anyway to keep tracing SEH exception?

[hasherezade]

Hi!

Is there anyway to keep tracing SEH exception?

Yes. In a normal situation (if the application didn't crash) the tracer will follow past the exception handler. Check this example: https://hshrzd.wordpress.com/2021/10/23/flare-on-8-task-9/ - and the corresponding log here.

Fragment:

35ace;ntdll.RtlAllocateHeap
284c;ntdll.KiUserExceptionDispatcher
6b7a;kernel32.VirtualProtect
6bba;kernel32.VirtualProtect
6bd3;ntdll.[RtlDeleteAce+1c0]*
284f;kernel32.GetCurrentProcess
2876;ntdll.KiUserExceptionDispatcher
6b7a;kernel32.VirtualProtect
6bba;kernel32.VirtualProtect
6bd3;ntdll.[RtlDeleteAce+1c0]*
2879;kernel32.CheckRemoteDebuggerPresent
264f1;ntdll.RtlEnterCriticalSection
2652e;ntdll.RtlLeaveCriticalSection

If it wasn't able to follow, there was probably some other problem. I guess the application just crashed on this exception.