Alois Kraus

blog

  Home  |   Contact  |   Syndication    |   Login
  133 Posts | 8 Stories | 368 Comments | 162 Trackbacks

News



Archives

Post Categories

Programming

Microsoft publishes way too many tools to check all of them out. One pretty cool debugging tool is Application Verifier which you can download here. The official docs mention that it is only meant for unmanaged code. But it does work in mixed mode applications as well so you can try to hunt down your managed heap corruption, double closed handles, … with this tool.

When you start it the first time you select the executable you want to check and then enable from the right menu the checks you want to enable:

image

For most checks you need to start (or attach) the application under a debugger. When a fishy condition is found by Application Verifier it will either cause a debugger break or an exception. Then you can find out with the !avrf (ups did I mention that there is only one true debugger: Windbg out there) debugger extension command what check was triggered.

The only thing that bugged me for quite some time that I could enable checks but when a check did assert I could not use the debugger command !avrf. The documentation (Help – Help) does mention problems very briefly without being helpful:

If symbols for ntdll.dll and verifier.dll are missing, the !avrf extension will generate an error message.

When I tried to use it

windbg FastRegex.exe

I was greeted with the message

0:000> !avrf
Verifier package version >= 3.00
*** ERROR: Module load completed but symbols could not be loaded for C:\Windows\SYSTEM32\vfbasics.dll
*************************************************************************
***                                                                   ***
***                                                                   ***
***    Your debugger is not using the correct symbols                 ***
***                                                                   ***
***    In order for this command to work properly, your symbol path   ***
***    must point to .pdb files that have full type information.      ***
***                                                                   ***
***    Certain .pdb files (such as the public OS symbols) do not      ***
***    contain the required information.  Contact the group that      ***
***    provided you with these symbols if you need this command to    ***
***    work.                                                          ***
***                                                                   ***
***    Type referenced: vfbasics!_AVRF_EXCEPTION_LOG_ENTRY                ***
***                                                                   ***
*************************************************************************
No type information found for `_AVRF_EXCEPTION_LOG_ENTRY'.
Please fix the symbols for `vfbasics.dll'.

How nice. Ok no problem I thought I only have to check my symbol path (correct) and reload the pdbs with .reload –f for all loaded modules and try again. But the result was that the message did not go away although I did have the pdbs loaded. What the heck was going on? Google did lead no results (yes I am not working for MS so I can still use Google ;-)). But luckily I know people who work for MS and know what was wrong.

The solution was to prepend the symbol path with C:\Windows\system32 and then the rest. Why? Application Verifier does install private symbols into the system32 directory. When I did reload the pdbs for the missing symbols due to my malformed symbol path I did get from the MS symbol server the stripped pdbs with only public symbols which are useless for the !avrf extension since it does use internal structures.

I could not believe it but this was the issue. It would be nice to update the docs to mention this pitfall. On my machine with AppVerfier 4.1.1078 I do get the following pdbs installed into the %WINDIR%\system32 directory.

08.02.2010  07:32         3.296.256 appverif.pdb
08.02.2010  07:32         2.419.712 vfbasics.pdb
08.02.2010  07:32         5.172.224 vfcompat.pdb
08.02.2010  07:32         4.344.832 vfLuaPriv.pdb
08.02.2010  07:32           240.640 vfntlmless.pdb
08.02.2010  07:32         3.927.040 vfprint.pdb
08.02.2010  07:32         4.697.088 vfprintpthelper.pdb
08.02.2010  07:32         1.690.624 vrfcore.pdb

After that I could use Application Verifier as the docs state.

posted on Friday, June 25, 2010 8:52 AM

Feedback

# re: Application Verifier – First Steps 11/28/2010 10:11 AM Roel Van de Paar
Note that you may still runto issues (as I did). The problem is that you need to list System32 *before* any other paths. If you don't WinDBG may try and load the pdb symbol file for vfbasics from the Microsoft Symbol server (if you are using that option) *before* trying System32. Seemingly, the problem is that it pdb on the Microsoft Symbol server is quite a bit smaller:

17/09/2008 05:59 PM 216,064 vfbasics.pdb

(This is the one automatically downloaded from the Microsoft Symbol server)

Than the one in System32:

10/09/2008 07:19 AM 2,001,920 vfbasics.pdb

So, you should use something like this (also adding the actual command needed):

.sympath+ C:\Windows\System32
.sympath+ srv*c:\symbolscache*http://msdl.microsoft.com/download/symbols

# re: Application Verifier – First Steps 4/29/2013 8:46 AM Ofer
And on x64 systems it is: c:\windows\SysWOW64

Post A Comment
Title:
Name:
Email:
Comment:
Verification: