v1.11 A C++ class and DLL which logs unhandled
Welcome to CExceptionLogger, a freeware C++ class and DLL which
intercepts and logs details about unhandled exceptions such as access violations,
stack overflows and division by zero. The class was originally based upon the February 2002
MSDN article called "Under the Hood: Improved Error Reporting with DBGHELP 5.1 by
By default the CExceptionLogger class will generate a log file with the name
"YYMMDDHHMMSSmmm_name of exe.exception" in your temp directory. In this file (which is ASCII if the CExceptionLogger is
build as ASCII and UNICODE if the CExceptionLogger is build as a UNICODE) is the
- Date and Time when the exception occurred
- Exception Code
- Details about exception if an access violation
- Details about exception address including linear address, section, offset
and module path
- Full path of the process
- Current Win32 working directory
- Command line for the process
- Process ID
- Thread ID where the exception occurred.
- Computer Name, User Name, Number of Processors, Page Size, Various Memory
stats, Object counts, Windows version, Windows Build, Service Pack level,
Suite Information, Register Owner, Registered
Organisation, Processor Details, various Wow64 values, various terminal
services related values, The Windows install type, Windows Directory, Windows System directory,
Shared Windows Directory, Boot type,
Monitor and display device info, mouse info, network status, current
hardware profile values, code page details
and locale and language details.
- Environment strings which the current process is using
- Enumeration of all the processes currently running including
ii) Process ID
iii) Reference Count
iv) Parent Process ID
v) Base Thread priority
- Enumeration of all the threads in the process including
i) Thread ID
ii) Priority and Delta priority
iv) Creation Time
v) Kernel and User Time
- Enumeration of the Modules in the process including
i) Name and full path
ii) Global and per Process reference count
iii) module handle
v) All symbols for that module fully expanded (see details later)
- All the x86 registers (or x64 registers if compiled for 64 bit Windows)
- Call Stack where exception occurred, including section, offset, module,
function and line information.
- At each stack frame as well as for all modules, all variables and parameters
all also logged. All basic types such as voids, chars, shorts, words, ints,
DWORDS, floats, doubles and longs are logged. UDT's including structs, unions
and classes are also fully recursed into to display their members. Info for
each type includes its name, address, type and value. In addition if the variable
is a array, each value in the array is fully logged. In addition each call stack
frame can display a raw stack dump in addition to the raw machine code around
that stack frame.
If you are using the DLL version of the code, the level of information can be configured via registry values. See the code
in ExceptHandler.cpp for details.
In addition, again by default, you will get a minidump file generated with
the name "YYMMDDHHMMSSmmm_name of exe.dmp" in your temp directory. You can load
this file up into Visual Studio to do post mortem analysis of the crash almost
as easy as if the crash occurred when the application is being debugged
zip file contains the
CExceptionLogger source code and a simple test program to exercise the class
- You are allowed to include the source code in
any product (commercial, shareware, freeware or otherwise) when your product
is released in binary form.
- You are allowed to modify the source code in
any way you want except you cannot modify the copyright details at the top
of each module.
- If you want to distribute source code with
your application, then you are only allowed to distribute versions released
by the author. This is to maintain a single distribution point for the
V1.0 (14 March 2002)
V1.01 (20 March 2003)
- Now includes flags to limit what is displayed in the
- These flag values and the location of the log file can
now optionally be configured at run time via registry values.
V1.02 (26 March 2003)
- Tidied up #pragma message text
- Removed the unused variable m_bAppendToLog
- Changed the default flags the class uses
- Flag values and location of the log file can now
optionally be configured at run time via an API in the XCPTHLR DLL itself.
This is now documented and implemented in the XCPTHLR module.
- Reworked the sample app to be a GUI based app, where
you can change the crash handler flags manually. Also the crash is now
generated by hitting a button.
V1.03 (27 March 2003)
- Now pulls in DbgHelp support via GetProcAddress. This
makes the code more robust in the absence of the DbgHelp DLL.
V1.04 (19 April 2003)
- Now optionally writes out the raw machine code at each
call stack frame
- Now optionally writes out the raw stack at each call
- Now optionally writes out the process list on the
- Now optionally writes out system details including
Computer Name, User Name, Number of Processors, Page Size, lowest memory
address, highest memory address, OS details, OS version, OS Build, OS service
pack, OS type, Windows Directory, Windows System Directory, Registered
Organisation and Registered User.
- Now optionally writes out the environment strings
- Tidied up some indentation and alignment problems.
V1.05 (20 April 2003)
- Removed usage of CRT function "_tcsicmp" in preference
- Removed old unused pragma error entry
- Now optionally writes out stats as returned from
- Code now requires a recent copy of the Platform SDK to
- Now optionally writes out display device stats
- Now optionally writes out Code page stats
- Now optionally writes out Locale and language stats
- Now optionally writes out boot type
V1.06 (22 April 2003)
- Fixed a problem in LogRawMemory which was causing an
- Now uses GetDC and GetDevCaps to report screen settings
instead of EnumDisplaySettings as a more reliable mechanism.
V1.07 (1 June 2003)
- Now optionally logs the File Version details for all
processes and dlls which are included in the log files.
V1.08 (19 November 2003)
- Fixed a bug in CExceptionLogger::GetAddressDetails in
the usage of VirtualQuery. Thanks to Fredrik Savander for reporting this
V1.09 (21 July 2006)
- Updated copyright details.
- Integrated the functionality of _EXCEPTION_LOGGER_DATA into the
- Code now uses newer C++ style casts instead of C style casts.
- Updated the code to clean compile on VC 2005
- Now includes support for logging of Windows Longhorn Server and Windows
- Now includes support for logging of Windows Server 2003 R2
- Now includes support for logging of various suite flags including:
Embedded, Storage Server, Security Appliance, BackOffice components, MS
Small Business Server, Enterprise Edition, Terminal Services, Datacenter
Edition, Home Edition, Web Edition, Media Center Edition, Tablet Edition
- Updated documentation to use the same style as the web site.
- Now logs the GDI and User object count.
- Now reports Page Faults, Peak Working Set Size, Working Set Size, Peak
Paged pool, Paged pool usage, Peak Non-paged pool usage, Non-paged pool
usage, Peak Pagefile usage and Pagefile usage.
- Now reports if running on Wow64
- Now reports the process handle count
- Now reports if the process is running in a terminal services environment
- Now reports the Terminal services Session id value
- Updated code to work correctly for x64 Windows.
- Exception log file can now be accessed by other apps while
CExceptionLogger is writing to it.
- Now reports the info returned from GetNativeSystemInfo
- Now reports the info returned from GetSystemWow64Directory
- Now reports if 3D-Now, cmpxchg, Floating point software emulation,
Pentium FDIV bug, MMX, DEP, PAE, RDTSC, SSE, SSE2, SSE3, cmpxchg16b and
cmp8xchg16 are supported
- Now reports the Shared Windows directory
- Now reports if the program is running on the Terminal Services session
currently attached to the physical console
- Now reports on various Terminal Services values returned from
- Now reports the total number of pages commited by the system, the
current maximum number of page commits, the maximum number of page commit
totals since last reboot, the total amount of physical memory in pages, the
amount of physical memory available to user process in pages, the total
amount of system cache memory in pages, the total amount of the sum of paged
and nonpaged kernel pools in pages, the total amount of paged kernel pool in
pages, the total amount of nonpaged kernel pool in pages, the size of a
page, the total number of open handles, the total number of processes and
the total number of threads.
- Added support for returning information from WTSQuerySessionInformation.
- Memory dump is shown as upper case hex now.
- Now reports the info returned from GetCurrentHwProfile.
- Segment registers are now shown as 4 byte values
V1.10 (24 January 2008)
- Updated to support creating minidumps
- The location for the logging file and the minidump file is now your temp
directory. This means that files will be correctly created even with
least-privileged user accounts, and it also prevents the files from taking
up hard drive space after they are no longer needed.
- The name for the logging file is "YYMMDDHHMMSSmmm_name of
- The name for the minidump file is "YYMMDDHHMMSSmmm_name of exe.dmp".
- Support for EXCEPTION_LOGGER_ONE_EXCEPTION_PER_FILE has been dropped as
now the filenames include timestamps to make them unique.
- Updated sample app to clean compile on VC 2005 + VC 2008.
- Updated copyright details.
- Updated sample app to remove VC 6 style appwizard comments
- Updated sample app to use C++ style casts instead of C style casts
- Because the logging and minidump files now are hard coded to include
timestamps, the SetXCPTHLRFileName function has been replaced with
SetXCPTHLRDirectory. By default this is set to your temp directory. A
corollary SetXCPTHLRDirectory function is now also available.
- Updated usage instructions in the documentation.
- Binaries included in download are now build with VC 2005 SP1
10 August 2008
- Updated zip to include v22.214.171.124 of dbghelp.dll.
V1.11 (4 June 2012)
- Updated copyright details.
- The code now only supports VC 2005 or later.
- Updated project settings to more modern defaults.
- Code now compiles cleanly using Code Analysis (/analyze)
- Fixed a bug in reporting of the SOFTWARE\Microsoft\Windows NT\CurrentVersion\CurrentType
- The class and DLL now allows the exception handler to be tested in debug
mode through the use of XCPTHLRGenerateSampleException and CExceptionLogger::GenerateSampleException
- Fixed a file handle leak in CExceptionLogger::GenerateMiniDump.
- The Log directory and not the Log file name is now read from the registry.
- The default flag values and the location of the log directory are now
read from HKEY_CURRENT_USER instead of HKEY_LOCAL_MACHINE. This helps avoid
Registry virtualization issues on Windows Vista or later.
- Fixed issues in the format string when using a MEMORYSTATUS struct with
- The Processor architecture as returned from GetSystemInfo is now logged.
- The Allocation granularity as returned from GetSystemInfo is now logged.
- The Processor level as returned from GetSystemInfo is now logged.
- The Processor revision as returned from GetSystemInfo is now
- The active processor mask as returned from GetSystemInfo is now logged.
- LogSystemDetails now supports logging information about Windows Server
2008, 2008 R2, 2012, Vista, 7 and 8.
- More OSVERSIONINFOEX::wSuiteMask values are now logged
- LogSystemDetails now support GR_GDIOBJECTS_PEAK
- LogSystemDetails now supports GR_USEROBJECTS_PEAK
- LogSystemDetails now supports IsProcessorFeaturePresent(PF_CHANNELS_ENABLED)
- LogSystemDetails now supports IsProcessorFeaturePresent(PF_XSAVE_ENABLED)
- The data logged by calling GetNativeSystemInfo is now consistent with
the same set of data which GetSystemInfo reports.
- LogSystemDetails now logs details for all the CPUs on the computer
- LogSystemDetails now supports BuildGUID, BuildLab, BuildLabEx &
InstallDate values from HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion
- Code now displays detailed information about multi monitor setups
- The code now correctly reports 24 and 32 bit color depths via
WTS_CLIENT_DISPLAY when in a terminal services environment.
- Fixed a problem getting a function pointer to
- SetDirectory method now supports auto expansion of system environment
- Fixed a bug in the setup of the "IMAGEHLP_LINE64 LineInfo" prior to the
call to SymGetLineFromAddr64. Thanks to Michael Schaart for reporting this
- WTSInitialProgram and WTSSessionId details are now displayed when in a
terminal services environment.