dotnet · max-charlamb · Apr 21, 2026 · Copilot · Apr 24, 2026
diff --git a/src/coreclr/System.Private.CoreLib/src/System/Runtime/ExceptionServices/AsmOffsets.cs b/src/coreclr/System.Private.CoreLib/src/System/Runtime/ExceptionServices/AsmOffsets.cs
@@ -189,12 +189,12 @@ class AsmOffsets
     public const int SIZEOF__EHEnum = 0x20;
     public const int OFFSETOF__StackFrameIterator__m_pRegDisplay = 0x20;
     public const int OFFSETOF__ExInfo__m_pPrevExInfo = 0;
-    public const int OFFSETOF__ExInfo__m_pExContext = 0xa8;
-    public const int OFFSETOF__ExInfo__m_exception = 0xb0;
-    public const int OFFSETOF__ExInfo__m_kind = 0xb8;
-    public const int OFFSETOF__ExInfo__m_passNumber = 0xb9;
-    public const int OFFSETOF__ExInfo__m_idxCurClause = 0xbc;
-    public const int OFFSETOF__ExInfo__m_frameIter = 0xc0;
+    public const int OFFSETOF__ExInfo__m_pExContext = 0xa0;
+    public const int OFFSETOF__ExInfo__m_exception = 0xa8;
+    public const int OFFSETOF__ExInfo__m_kind = 0xb0;
+    public const int OFFSETOF__ExInfo__m_passNumber = 0xb1;
+    public const int OFFSETOF__ExInfo__m_idxCurClause = 0xb4;
+    public const int OFFSETOF__ExInfo__m_frameIter = 0xb8;
     public const int OFFSETOF__ExInfo__m_notifyDebuggerSP = OFFSETOF__ExInfo__m_frameIter + SIZEOF__StackFrameIterator;
     public const int OFFSETOF__ExInfo__m_pCatchHandler = OFFSETOF__ExInfo__m_frameIter + SIZEOF__StackFrameIterator + 0x48;
     public const int OFFSETOF__ExInfo__m_handlingFrameSP = OFFSETOF__ExInfo__m_frameIter + SIZEOF__StackFrameIterator + 0x50;
@@ -217,12 +217,12 @@ class AsmOffsets
     public const int SIZEOF__EHEnum = 0x10;
     public const int OFFSETOF__StackFrameIterator__m_pRegDisplay = 0x14;
     public const int OFFSETOF__ExInfo__m_pPrevExInfo = 0;
-    public const int OFFSETOF__ExInfo__m_pExContext = 0x5c;
-    public const int OFFSETOF__ExInfo__m_exception = 0x60;
-    public const int OFFSETOF__ExInfo__m_kind = 0x64;
-    public const int OFFSETOF__ExInfo__m_passNumber = 0x65;
-    public const int OFFSETOF__ExInfo__m_idxCurClause = 0x68;
-    public const int OFFSETOF__ExInfo__m_frameIter = 0x6c;
+    public const int OFFSETOF__ExInfo__m_pExContext = 0x58;
+    public const int OFFSETOF__ExInfo__m_exception = 0x5c;
+    public const int OFFSETOF__ExInfo__m_kind = 0x60;
+    public const int OFFSETOF__ExInfo__m_passNumber = 0x61;
+    public const int OFFSETOF__ExInfo__m_idxCurClause = 0x64;
+    public const int OFFSETOF__ExInfo__m_frameIter = 0x68;
     public const int OFFSETOF__ExInfo__m_notifyDebuggerSP = OFFSETOF__ExInfo__m_frameIter + SIZEOF__StackFrameIterator;
     public const int OFFSETOF__ExInfo__m_pCatchHandler = OFFSETOF__ExInfo__m_frameIter + SIZEOF__StackFrameIterator + 0x2c;
     public const int OFFSETOF__ExInfo__m_handlingFrameSP = OFFSETOF__ExInfo__m_frameIter + SIZEOF__StackFrameIterator + 0x30;

diff --git a/src/coreclr/debug/daccess/dacdbiimpl.cpp b/src/coreclr/debug/daccess/dacdbiimpl.cpp
@@ -4817,9 +4817,9 @@ HRESULT STDMETHODCALLTYPE DacDbiInterfaceImpl::HasUnhandledException(VMPTR_Threa
         else
         {
             // most managed exceptions are just a throwable bound to a
-            // native exception. In that case this handle will be non-null
-            OBJECTHANDLE ohException = pThread->GetThrowableAsHandle();
-            if (ohException != (OBJECTHANDLE)NULL)
+            // native exception. In that case the exception will be non-null
+            OBJECTREF exception = pThread->GetExceptionState()->GetThrowable();
+            if (exception != NULL)
             {
                 // during the UEF we set the unhandled bit, if it is set the exception
                 // was unhandled
@@ -4955,8 +4955,10 @@ HRESULT STDMETHODCALLTYPE DacDbiInterfaceImpl::GetCurrentException(VMPTR_Thread
 
         Thread * pThread = vmThread.GetDacPtr();
 
-        // OBJECTHANDLEs are really just TADDRs.
-        OBJECTHANDLE ohException = pThread->GetThrowableAsHandle();        // ohException can be NULL
+        // Get the exception handle. The exception object is stored directly in ExInfo::m_exception,
+        // but debugger APIs require a handle. Use m_LastThrownObjectHandle which is kept in sync
+        // via SafeSetThrowables.
+        OBJECTHANDLE ohException = pThread->m_LastThrownObjectHandle;
 
         if (ohException == (OBJECTHANDLE)NULL)
         {

diff --git a/src/coreclr/debug/daccess/dacimpl.h b/src/coreclr/debug/daccess/dacimpl.h
@@ -3397,6 +3397,13 @@ class ClrDataExceptionState : public IXCLRDataExceptionState
                           Thread* thread,
                           ULONG32 flags,
                           ClrDataExStateType* exInfo,
+                          // Target address of a slot containing the exception Object*.
+                          // This may be a GC handle table slot (e.g. m_LastThrownObjectHandle)
+                          // or the address of ExInfo::m_exception on the target stack.
+                          // Both are valid: the ExInfo lives on the stack which is captured
+                          // in dumps and stable while the target thread is suspended. The
+                          // slot has the same lifetime as the ExInfo — both become invalid
+                          // when ExInfo::PopExInfos calls ReleaseResources.
                           OBJECTHANDLE throwable,
                           ClrDataExStateType* prevExInfo);
     virtual ~ClrDataExceptionState(void);

diff --git a/src/coreclr/debug/daccess/request.cpp b/src/coreclr/debug/daccess/request.cpp
@@ -3308,7 +3308,7 @@ ClrDataAccess::GetNestedExceptionData(CLRDATA_ADDRESS exception, CLRDATA_ADDRESS
     }
     else
     {
-        *exceptionObject = TO_CDADDR(*PTR_TADDR(pExData->m_hThrowable));
+        *exceptionObject = dac_cast<TADDR>(pExData->m_exception);
         *nextNestedException = PTR_HOST_TO_TADDR(pExData->m_pPrevNestedInfo);
     }
 
@@ -4064,35 +4064,30 @@ HRESULT ClrDataAccess::GetClrWatsonBucketsWorker(Thread * pThread, GenericModeBl
     // By default, there are no buckets
     PTR_VOID pBuckets = NULL;
 
-    // Get the handle to the throwble
-    OBJECTHANDLE ohThrowable = pThread->GetThrowableAsHandle();
-    if (ohThrowable != NULL)
+    // Get the current throwable
+    OBJECTREF oThrowable = pThread->GetExceptionState()->GetThrowable();
+    if (oThrowable != NULL)
     {
-        // Get the object from handle and check if the throwable is preallocated or not
-        OBJECTREF oThrowable = ObjectFromHandle(ohThrowable);
-        if (oThrowable != NULL)
+        // Does the throwable have buckets?
+        U1ARRAYREF refWatsonBucketArray = ((EXCEPTIONREF)oThrowable)->GetWatsonBucketReference();
+        if (refWatsonBucketArray != NULL)
         {
-            // Does the throwable have buckets?
-            U1ARRAYREF refWatsonBucketArray = ((EXCEPTIONREF)oThrowable)->GetWatsonBucketReference();
-            if (refWatsonBucketArray != NULL)
-            {
-                // Get the watson buckets from the throwable for non-preallocated
-                // exceptions
-                pBuckets = dac_cast<PTR_VOID>(refWatsonBucketArray->GetDataPtr());
-            }
-            else
+            // Get the watson buckets from the throwable for non-preallocated
+            // exceptions
+            pBuckets = dac_cast<PTR_VOID>(refWatsonBucketArray->GetDataPtr());
+        }
+        else
+        {
+            // This is a preallocated exception object - check if the UE Watson bucket tracker
+            // has any bucket details
+            pBuckets = pThread->GetExceptionState()->GetUEWatsonBucketTracker()->RetrieveWatsonBuckets();
+            if (pBuckets == NULL)
             {
-                // This is a preallocated exception object - check if the UE Watson bucket tracker
-                // has any bucket details
-                pBuckets = pThread->GetExceptionState()->GetUEWatsonBucketTracker()->RetrieveWatsonBuckets();
-                if (pBuckets == NULL)
+                // Since the UE watson bucket tracker does not have them, look up the current
+                // exception tracker
+                if (pThread->GetExceptionState()->GetCurrentExceptionTracker() != NULL)
                 {
-                    // Since the UE watson bucket tracker does not have them, look up the current
-                    // exception tracker
-                    if (pThread->GetExceptionState()->GetCurrentExceptionTracker() != NULL)
-                    {
-                        pBuckets = pThread->GetExceptionState()->GetCurrentExceptionTracker()->GetWatsonBucketTracker()->RetrieveWatsonBuckets();
-                    }
+                    pBuckets = pThread->GetExceptionState()->GetCurrentExceptionTracker()->GetWatsonBucketTracker()->RetrieveWatsonBuckets();
                 }
             }
         }

diff --git a/src/coreclr/debug/daccess/task.cpp b/src/coreclr/debug/daccess/task.cpp
@@ -4556,13 +4556,17 @@ ClrDataExceptionState::GetPrevious(
     {
         if (m_prevExInfo)
         {
+            // Pass the address of the ExInfo's m_exception field as the "handle".
+            // This is not a real GC handle — it is a target address of an OBJECTREF
+            // slot on the stack. It has the same lifetime as the ExInfo (both are
+            // invalidated by PopExInfos/ReleaseResources). See dacimpl.h comment.
             *exState = new (nothrow)
                 ClrDataExceptionState(m_dac,
                                       m_appDomain,
                                       m_thread,
                                       CLRDATA_EXCEPTION_DEFAULT,
                                       m_prevExInfo,
-                                      m_prevExInfo->m_hThrowable,
+                                      (OBJECTHANDLE)dac_cast<TADDR>(&m_prevExInfo->m_exception),
                                       m_prevExInfo->m_pPrevNestedInfo);
             status = *exState ? S_OK : E_OUTOFMEMORY;
         }
@@ -4920,13 +4924,15 @@ ClrDataExceptionState::NewFromThread(ClrDataAccess* dac,
 
     exState = thread->GetExceptionState()->m_pCurrentTracker;
 
+    // Pass the address of the ExInfo's m_exception field as the "handle".
+    // See dacimpl.h comment on the throwable parameter.
     exIf = new (nothrow)
         ClrDataExceptionState(dac,
                               AppDomain::GetCurrentDomain(),
                               thread,
                               CLRDATA_EXCEPTION_DEFAULT,
                               exState,
-                              exState->m_hThrowable,
+                              (OBJECTHANDLE)dac_cast<TADDR>(&exState->m_exception),
                               exState->m_pPrevNestedInfo);
     if (!exIf)
     {

diff --git a/src/coreclr/debug/ee/debugger.cpp b/src/coreclr/debug/ee/debugger.cpp
@@ -7867,11 +7867,14 @@ BOOL Debugger::ShouldSendCatchHandlerFound(Thread* pThread)
     else
     {
         BOOL forceSendCatchHandlerFound = FALSE;
-        OBJECTHANDLE objHandle = pThread->GetThrowableAsHandle();
-        OBJECTHANDLE retrievedHandle = m_pForceCatchHandlerFoundEventsTable->Lookup(objHandle); //destroy handle
-        if (retrievedHandle != NULL)
+        OBJECTHANDLE objHandle = pThread->m_LastThrownObjectHandle;
+        if (objHandle != NULL)
         {
-            forceSendCatchHandlerFound = TRUE;
+            OBJECTHANDLE retrievedHandle = m_pForceCatchHandlerFoundEventsTable->Lookup(objHandle);
+            if (retrievedHandle != NULL)
+            {
+                forceSendCatchHandlerFound = TRUE;
+            }
         }
         return forceSendCatchHandlerFound;
     }

diff --git a/src/coreclr/vm/datadescriptor/datadescriptor.inc b/src/coreclr/vm/datadescriptor/datadescriptor.inc
@@ -138,7 +138,7 @@ CDAC_TYPE_END(Exception)
 CDAC_TYPE_BEGIN(ExceptionInfo)
 CDAC_TYPE_INDETERMINATE(ExceptionInfo)
 CDAC_TYPE_FIELD(ExceptionInfo, T_POINTER, PreviousNestedInfo, offsetof(ExInfo, m_pPrevNestedInfo))
-CDAC_TYPE_FIELD(ExceptionInfo, TYPE(ObjectHandle), ThrownObjectHandle, offsetof(ExInfo, m_hThrowable))
+CDAC_TYPE_FIELD(ExceptionInfo, T_POINTER, ThrownObject, offsetof(ExInfo, m_exception))
 CDAC_TYPE_FIELD(ExceptionInfo, T_UINT32, ExceptionFlags, cdac_data<ExInfo>::ExceptionFlagsValue)
 CDAC_TYPE_FIELD(ExceptionInfo, T_POINTER, StackLowBound, cdac_data<ExInfo>::StackLowBound)
 CDAC_TYPE_FIELD(ExceptionInfo, T_POINTER, StackHighBound, cdac_data<ExInfo>::StackHighBound)

diff --git a/src/coreclr/vm/eedbginterfaceimpl.cpp b/src/coreclr/vm/eedbginterfaceimpl.cpp
@@ -239,15 +239,16 @@ OBJECTHANDLE EEDbgInterfaceImpl::GetThreadException(Thread *pThread)
     }
     CONTRACTL_END;
 
-    OBJECTHANDLE oh = pThread->GetThrowableAsHandle();
-
-    if (oh != NULL)
+    // The exception object is stored directly in ExInfo::m_exception (no handle).
+    // Return m_LastThrownObjectHandle which is kept in sync via SafeSetThrowables
+    // before any debugger notification fires. Assert this invariant in debug builds.
+#ifdef _DEBUG
+    ExInfo* pTracker = pThread->GetExceptionState()->GetCurrentExceptionTracker();
+    if (pTracker != NULL && pTracker->m_exception != NULL && pThread->m_LastThrownObjectHandle != NULL)
     {
-        return oh;
+        _ASSERTE(ObjectFromHandle(pThread->m_LastThrownObjectHandle) == pTracker->m_exception);
     }
-
-    // Return the last thrown object if there's no current throwable.
-    // This logic is similar to UpdateCurrentThrowable().
+#endif
     return pThread->m_LastThrownObjectHandle;
 }
 
@@ -261,21 +262,7 @@ bool EEDbgInterfaceImpl::IsThreadExceptionNull(Thread *pThread)
     }
     CONTRACTL_END;
 
-    //
-    // We're assuming that the handle on the
-    // thread is a strong handle and we're goona check it for
-    // NULL. We're also assuming something about the
-    // implementation of the handle here, too.
-    //
-    OBJECTHANDLE h = pThread->GetThrowableAsHandle();
-    if (h == NULL)
-    {
-        return true;
-    }
-
-    void *pThrowable = *((void**)h);
-
-    return (pThrowable == NULL);
+    return pThread->IsThrowableNull() && pThread->IsLastThrownObjectNull();
 }
 
 void EEDbgInterfaceImpl::ClearThreadException(Thread *pThread)

diff --git a/src/coreclr/vm/excep.cpp b/src/coreclr/vm/excep.cpp
@@ -1849,7 +1849,7 @@ BOOL IsInFirstFrameOfHandler(Thread *pThread, IJitManager *pJitManager, const ME
     CONTRACTL_END;
 
     // if don't have a throwable the aren't processing an exception
-    if (IsHandleNullUnchecked(pThread->GetThrowableAsHandle()))
+    if (pThread->IsThrowableNull())
         return FALSE;
 
     EH_CLAUSE_ENUMERATOR pEnumState;

diff --git a/src/coreclr/vm/exceptionhandling.cpp b/src/coreclr/vm/exceptionhandling.cpp
@@ -2922,7 +2922,7 @@ ExInfo::StackRange::StackRange()
 void ExInfo::EnumMemoryRegions(CLRDataEnumMemoryFlags flags)
 {
     // ExInfo is embedded so don't enum 'this'.
-    OBJECTHANDLE_EnumMemoryRegions(m_hThrowable);
+    OBJECTREF_EnumMemoryRegions(m_exception);
     m_ptrs.ExceptionRecord.EnumMem();
     m_ptrs.ContextRecord.EnumMem();
 }
@@ -2973,7 +2973,7 @@ extern "C" void QCALLTYPE AppendExceptionStackFrame(QCall::ObjectHandleOnStack e
             _ASSERTE(pMD == codeInfo.GetMethodDesc());
 #endif // _DEBUG
 
-            StackTraceInfo::AppendElement(pExInfo->m_hThrowable, ip, sp, pMD, &pExInfo->m_frameIter.m_crawl);
+            StackTraceInfo::AppendElement((OBJECTHANDLE)&pExInfo->m_exception, ip, sp, pMD, &pExInfo->m_frameIter.m_crawl);
         }
     }
 
@@ -3772,7 +3772,7 @@ CLR_BOOL SfiInitWorker(StackFrameIterator* pThis, CONTEXT* pStackwalkCtx, CLR_BO
                 if (pMD != NULL)
                 {
                     GCX_COOP();
-                    StackTraceInfo::AppendElement(pExInfo->m_hThrowable, 0, GetRegdisplaySP(pExInfo->m_frameIter.m_crawl.GetRegisterSet()), pMD, &pExInfo->m_frameIter.m_crawl);
+                    StackTraceInfo::AppendElement((OBJECTHANDLE)&pExInfo->m_exception, 0, GetRegdisplaySP(pExInfo->m_frameIter.m_crawl.GetRegisterSet()), pMD, &pExInfo->m_frameIter.m_crawl);
 
 #if defined(DEBUGGING_SUPPORTED)
                     if (NotifyDebuggerOfStub(pThread, pFrame))
@@ -3954,7 +3954,7 @@ CLR_BOOL SfiNextWorker(StackFrameIterator* pThis, uint* uExCollideClauseIdx, CLR
             void* callbackCxt = NULL;
             Interop::ManagedToNativeExceptionCallback callback = Interop::GetPropagatingExceptionCallback(
                 &codeInfo,
-                pTopExInfo->m_hThrowable,
+                pTopExInfo->m_exception,
                 &callbackCxt);
 
             if (callback != NULL)
@@ -4091,7 +4091,7 @@ CLR_BOOL SfiNextWorker(StackFrameIterator* pThis, uint* uExCollideClauseIdx, CLR
                 if (pMD != NULL)
                 {
                     GCX_COOP();
-                    StackTraceInfo::AppendElement(pTopExInfo->m_hThrowable, 0, GetRegdisplaySP(pTopExInfo->m_frameIter.m_crawl.GetRegisterSet()), pMD, &pTopExInfo->m_frameIter.m_crawl);
+                    StackTraceInfo::AppendElement((OBJECTHANDLE)&pTopExInfo->m_exception, 0, GetRegdisplaySP(pTopExInfo->m_frameIter.m_crawl.GetRegisterSet()), pMD, &pTopExInfo->m_frameIter.m_crawl);
 
 #if defined(DEBUGGING_SUPPORTED)
                     if (NotifyDebuggerOfStub(pThread, pFrame))

diff --git a/src/coreclr/vm/exinfo.cpp b/src/coreclr/vm/exinfo.cpp
@@ -13,7 +13,6 @@
 
 ExInfo::ExInfo(Thread *pThread, EXCEPTION_RECORD *pExceptionRecord, CONTEXT *pExceptionContext, ExKind exceptionKind) :
     m_pPrevNestedInfo(pThread->GetExceptionState()->GetCurrentExceptionTracker()),
-    m_hThrowable{},
     m_ptrs({pExceptionRecord, pExceptionContext}),
     m_fDeliveredFirstChanceNotification(FALSE),
     m_ExceptionCode((pExceptionRecord != PTR_NULL) ? pExceptionRecord->ExceptionCode : 0),
@@ -72,14 +71,7 @@ void ExInfo::TakeExceptionPointersOwnership(PAL_SEHException* ex)
 
 void ExInfo::ReleaseResources()
 {
-    if (m_hThrowable)
-    {
-        if (!CLRException::IsPreallocatedExceptionHandle(m_hThrowable))
-        {
-            DestroyHandle(m_hThrowable);
-        }
-        m_hThrowable = NULL;
-    }
+    m_exception = NULL;
 
 #ifndef TARGET_UNIX
     // Clear any held Watson Bucketing details

diff --git a/src/coreclr/vm/exinfo.h b/src/coreclr/vm/exinfo.h
@@ -92,8 +92,6 @@ struct ExInfo
 
     // Previous ExInfo in the chain of exceptions rethrown from their catch / finally handlers
     PTR_ExInfo     m_pPrevNestedInfo;
-    // thrown exception object handle
-    OBJECTHANDLE   m_hThrowable;
     // EXCEPTION_RECORD and CONTEXT_RECORD describing the exception and its location
     DAC_EXCEPTION_POINTERS m_ptrs;
     // Information for the funclet we are calling
@@ -218,12 +216,7 @@ struct ExInfo
         }
         CONTRACTL_END;
 
-        if (0 != m_hThrowable)
-        {
-            return ObjectFromHandle(m_hThrowable);
-        }
-
-        return NULL;
+        return m_exception;
     }
 
    inline BOOL DeliveredFirstChanceNotification()
@@ -257,19 +250,6 @@ struct ExInfo
         return !m_ExceptionFlags.UnwindHasStarted();
     }
 
-#ifndef DACCESS_COMPILE
-    void DestroyExceptionHandle()
-    {
-        // Never, ever destroy a preallocated exception handle.
-        if ((m_hThrowable != NULL) && !CLRException::IsPreallocatedExceptionHandle(m_hThrowable))
-        {
-            DestroyHandle(m_hThrowable);
-        }
-
-        m_hThrowable = NULL;
-    }
-#endif // !DACCESS_COMPILE
-
 #ifdef DACCESS_COMPILE
     void EnumMemoryRegions(CLRDataEnumMemoryFlags flags);
 #endif