Error: Unknown exception [at bdump (line 128 col 5)]

[nonetype]

Hi. I'm dumping user process using !bdump "C:\temp\dump"
While saving register data, Error: Unknown exception [at bdump (line 128 col 5)] occurs
line 128 is const User = host.currentThread.Registers.User; in __collect_user function.
With some debugging, I figured out host.currentThread occurs the error.(on running var curThread = host.currentThread;, it raises same error)
add) host.currentProcess too

kd> dx -r1 Debugger.State.Scripts.test.Contents.host
Debugger.State.Scripts.test.Contents.host                 : [object Object]
    currentApiVersionSupported : [object Object]
    currentApiVersionInitialized : [object Object]
    diagnostics      : [object Object]
    metadata         : [object Object]
    namespace       
    currentSession   : Remote KD: KdSrv:Server=@{<Local>},Trans=@{NET:Port=55555,Key=1pq9apo3ygxuf.3alfsb0xnsp1g.1j12s4iuq947e.3e7nv6a7o7t7y,Target}
    currentProcess   : Unknown exception
    currentThread    : Unknown exception
    memory           : [object Object]
    typeSystem       : [object Object]

Test Environment

• Windows 10, x86/x64 (tested on both arch VM)
  • 1 vCPU, 4G RAM, Hyper-V enabled
• using 'windbg x86' / 'windbg preview' (tested both)
  • used kdnet
• dumps x86 user-process

Steps

• !process 0 0 testprogram.exe
• .process /i [proc]
• g
• bp testprogram+0x1234
• g
• .scriptload C:\temp\bdump.js
• !bdump "C:\\temp\\dump"

Full logs

kd> !process 0 0 testprogram.exe
PROCESS af60f840  SessionId: 1  Cid: 1554    Peb: 07e37000  ParentCid: 0bb8
    DirBase: bffff880  ObjectTable: a138fbc0  HandleCount: 712.
    Image: testprogram.exe

kd> .process /i af60f840
You need to continue execution (press 'g' <enter>) for the context
to be switched. When the debugger breaks in again, you will be in
the new process context.
kd> g
Break instruction exception - code 80000003 (first chance)
nt!RtlpBreakWithStatusInstruction:
8537cdc4 cc              int     3
kd> .reload
Connected to Windows 10 19041 x86 compatible target at (Thu Nov  4 15:03:21.843 2021 (UTC + 9:00)), ptr64 FALSE
Loading Kernel Symbols
...............................................................
................................................................
...............................................
Loading User Symbols
................................................................
................................................................
........
Loading unloaded module list
...........
kd> bp 0x1234+testprogram
kd> g
Breakpoint 0 hit
testprogram+0x1234:
001b:xxxxxxxx 8bff            mov     edi,edi
kd> .scriptload C:\temp\bdump.js
[bdump] Usage: !bdump "C:\\path\\to\\dump"
[bdump] Usage: !bdump_full "C:\\path\\to\\dump"
[bdump] Usage: !bdump_active_kernel "C:\\path\\to\\dump"
[bdump] This will create a dump directory and fill it with a memory and register files
[bdump] NOTE: you must include the quotes and escape the backslashes!
JavaScript script successfully loaded from 'C:\temp\bdump.js'
kd> !bdump "C:\\temp\\dump"
[bdump] creating dir...
[bdump] saving regs...
Error: Unknown exception [at bdump (line 128 col 5)]

• Related issue: Error: Unknown exception  microsoft/WinDbg-Samples#13

[yrp604]

Thanks for the full logs and exhaustive testing!

Unless I've misunderstood something, host.currentThread should essentially always exist, meaning this would be a windbg bug. I'm not really sure how I could handle this other than dumping the regs with r and parsing them out, but that seems pretty gross. If you set the breakpoint a few instructions early then step to your location, does that help convince windbg to create host.currentThread. Does host.currentThread exist in other windbg contexts? (e.g. notepad.exe, etc).

[nonetype]

I tried (1) set the breakpoint a few instructions early (2) dump cmd.exe, but it raises same error

Thank you for answering, and I'll try to find another way.

[nonetype]

Resolved.
I saw 0vercl0k/wtf@e278c94 today 😂
after running !wow64exts.sw command, currentProcess and currentThread appears correctly.