One of the most exciting additions Microsoft made in Windows Server 2003 to its kernel executable, KERNEL32, is vectored exception handling (VEH). This facility provides new flexibility in how exceptions are processed. Here's a brief synopsis here along with an illustration of the process (Figure 1).
Figure 1. How vectored and structured exceptions are prioritized in Windows Server 2003.
Traditional structured exception handling (SEH) with its
__except mechanisms is inherently thread specific. Exceptions can only be handled by the thread that set up a handler. (The compiler and OS handle all the messy details of this and expose just the relatively simple
__except syntax to you.) More importantly, with SEH you might set up a handler, only to have the exception grabbed first by another handler that doesn't know how to deal with the exception properly.
Vectored exception handling works more like a traditional notification callback scheme. To handle exceptions, call the AddVectoredExceptionHandler API, passing it the address of your exception callback function. When an exception occurs, the callback function receives a pointer to an
EXCEPTION_POINTERS structure. This is the same structure that SEH callbacks can receive via the
GetExceptionInformation API. From fields in the
EXCEPTION_POINTERS structure, you can learn the exception code (for instance, 0xC0000005) and the register values (via the included
The VEH callback chooses to either handle the exception or chain it onto the next handler in the list. It determines what happens by returning the appropriate value from the callback. Each process has a linked list of VEH callbacks. As part of processing an exception, the operating system walks the VEH list and calls the handlers. To remove a handle from the list, use the
How does vectored exception handling coexist with SEH? Good question! Immediately before walking the SEH chain, the system walks the vectored exception handler list. Put another way, VEH handlers have priority over SEH handlers. Matt Prietek has written a program, VEH Demo, that shows how this works. VEHDemo installs a couple of vectored exception handlers and uses a structured exception handler to show how VEH and SEH work together. The resulting output shows the interactions between the new VEH and the traditional SHE.
It's clear that VEH gives developers a much more flexible way of handling exceptions without giving up the functionality of the long-familiar SEH.
Excerpted and adapted from "Discover Improved System Info, New Kernel, Debugging, Security, and UI APIs" by Matt Prietrek.
A previous and more-detailed article on VEH by Matt is available for reading and download.