Is it a Read, Write or Execute AV?

I didn't find this documented in the Visual Studio documentation, but it is in the latest Windows SDK. In case anyone was interested, and would like to be able to tell from inside an app whether an AV was triggered by NX, this will do it:

 

DWORD FilterFunc( LPEXCEPTION_POINTERS pExcept )

{

    if( pExcept != NULL )

    {

        if( pExcept->ExceptionRecord->ExceptionCode == EXCEPTION_ACCESS_VIOLATION )

        {

            switch( pExcept->ExceptionRecord->ExceptionInformation[0] )

            {

            case 0:

                printf("Read AV\n");

            case 1:

                printf("Write AV\n");

            case 8:

                printf("Execute AV\n");

            }

        }

    }

    return EXCEPTION_CONTINUE_SEARCH;

}

 

You'd call it like so:

 

    __except( FilterFunc( GetExceptionInformation() ) )

    {

    }