Search code examples
windowscrashstructured-exception

Ways for an unmanaged Windows process to crash?

I am trying to understand the ways in which an unmanaged user-mode Windows process can "crash" (which is really too much of a catch-all term).

Here are the ways I know of so far:

  • Unhandled Structured Exception
    • Default UnhandledExceptionFilter: postmortem debugger in pre-Vista; WerFault in Vista+
    • Custom UnhandledExceptionFilter: may do whatever it likes, including exiting quietly?
  • "Hard" crash (not sure if there's a technical term for this)
    • E.g. hitting the stack overflow guard page while handling a stack overflow: the OS simply makes the process disappear without a trace?
  • "Normal" exit:
    • E.g. where the language provides its own error handling mechanism that makes a fatal crash look to the OS like the application has shut down normally.

Is this roughly right? Are there any other ways for a user-mode Windows process to die?

Solution
    • Unhandled exception - this is usually what people would call "crash"
    • Exception with corrupted stack - if the stack is corrupted and the exception chain cannot be walked, the process is silently killed.
    • Explicit termination
      • From another process (e.g. TaskManager, kill.exe) calling TerminateProcess,
      • C/C++ runtime fatal error, /GS stack cookie corruption, etc.
    • Attaching a debugger and quiting the debugger without detaching
    • Console application will terminate if you kill the corresponding conhost.exe process