Chris Jackson The App Compat Guy Microsoft Corporation WCL401

When Do You Debug?

The Debugging Process

Application Compatibility Issues

Symbols: Privates 0x0000 0x9135 0x8E21 4 ntdll 0xA3419

Symbols: Publics 0x0000 0x9135 0x8E21 4 ntdll 0xA3419

Symbols Publics: download/symbolshttp://msdl.microsoft.com/ download/symbols Download for offline use Updated with every build Recommend symbol servers us/library/ms aspx

Symbol Paths _NT_SYMBOL_PATH srv* * ; srv* * ;…

Calling Conventions

__stdcall and the Stack Return Address Argument 2 Argument 1 EBPEBP EBPEBPESPESP

Public Windows Symbols Discovering Arguments using MSDN and the Debugger

Kernel Dump Files Complete (RAM) Kernel memory (~1/3 RAM) Small memory (64k)

User Mode Dump Files Full Mini Memory Memory information Handles Unloaded modules Thread information Secondary memory Process and Thread Environment Blocks …

Creating dump files Task Manager.dump ADPlus Crash Hang

ADPlus Configuration Files mscorsvr!RaiseTheException BU VOID j (poi(poi(poi(poi(esp+4))+8)+48) = ) '.time;du poi((poi(esp+4)+10))+c;.dump /u /mfh d:\dumps\Insite.dmp;gc';'.time;du poi((poi(esp+4)+10))+c;gc' VOID

ADPlus Capturing and Analyzing a Crash Dump

Interactive Debugger Commands k* - callstack d* – memory b* - breakpoints u* – unassembling ~ - threads lm – loaded modules lmv m - module info

Color Coding Output Debugee level command window text User-selected command window line text Right click in title area

Frequently Interesting Registers

x86 Instruction Set, In (Very) Brief

From C to Assembly Code 1/2 ; int WINAPI WinMain(HINSTANCE hInstance, HINSTANCE hPrevInstance, LPSTR lpCmdLine, int nShowCmd) { push ebp mov ebp, esp sub esp, 288; H mov eax, DWORD PTR ___security_cookie xor eax, ebp DWORD PTR __$ArrayPad$[ebp], eax ; OSVERSIONINFO osvi; ; ZeroMemory(&osvi, sizeof(OSVERSIONINFO)); push 276; H push 0 lea eax, DWORD PTR _osvi$[ebp] push eax call _memset add esp, 12; cH ; osvi.dwOSVersionInfoSize = sizeof(OSVERSIONINFO); mov DWORD PTR _osvi$[ebp], 276 ; H ; GetVersionEx(&osvi); lea ecx, DWORD PTR _osvi$[ebp] push ecx call DWORD PTR

From C to Assembly Code 2/2 ; if (osvi.dwMajorVersion != 5 || osvi.dwMinorVersion != 1) { cmp DWORD PTR _osvi$[ebp+4], 5 jne SHORT cmp DWORD PTR _osvi$[ebp+8], 1 je SHORT ; MessageBox(NULL, L"This application requires Windows XP", L"Unsupported Version", MB_OK | MB_ICONERROR); push 16; H push OFFSET $SG-5 push OFFSET $SG-6 push 0 call DWORD PTR ; return 1; mov eax, 1 jmp SHORT ;}

Interactive Debugging Coaxing Secrets from a Misbehaving Application

Common Breakpoints “I run the executable and nothing happens” or “I click the menu item and nothing happens” bm kernel32!*create*process bm shell32!shellexecute* bm ole32!cocreateinstance* bp kernel32!winexec

Common Breakpoints “My application is doing something in the registry, where do I start?” Write? bm advapi32!regcreatekey* bm advapi32!regsetvalue* Read? bm advapi32!regenumkey* bm advapi32!reggetvalue* bm advapi32!regqueryvalue* bm advapi32!regquerymultiple Delete? bm advapi32!regdelete*

Common Breakpoints “My app creates a window and it looks funny” or “My app is supposed to create a window, and it doesn’t” bm user32!createwindow* bm user32!createdialog*param* bm user32!createmdiwindow* bp user32!destroywindow

Common Breakpoints “My app is missing a menu item” or “my app has a menu item that is inactive” bm user32!createmenu* bm user32!createpopupmenu* bm user32!loadmenu* bp user32!destroymenu

Common Breakpoints “I’m having problems with COM/COM+/DCOM” bm ole32!cocreateinstance* bm ole32!cogetclassobject* bm ole32!IClassFactory::CreateInstance*

Common Breakpoints “I’m having a problem where I can see an exception” bm ntdll!*RaiseException bm ntdll!RtlDispatchException bp ntdll!raise bp ntdll!RtlIsValidHandler bp ntdll!InvalidHandlerDetected bp ntdll!ExecuteHandler2 bp rpcrt4!RpcRaiseException bp rpcrt4!NdrpRaisePipeException bp ole32!RtlReportException

Common Breakpoints “My app has a problem using common dialogs” bm comdlg32!GetSaveFileName* bm comdlg32!GetOpenFileName*

Common Breakpoints “My app starts a service, where do I start?” bm advapi32!CreateService* bm advapi32!StartService* bm advapi32!ControlService*

Common Breakpoints “My app or one of its dlls appears to have problems even loading” bp kernel32!BaseThreadInitThunk bp ntdll!LdrpRunInitializeRoutines bp ntdll!LdrpMapDll bp ntdll!LdrpLoadDll bp ntdll!LdrpUnloadDll bm kernel32!LoadLibrary*

Common Breakpoints “My app is having problems with files or objects” Bm kernel32!CreateFile* Bm kernel32!DeleteFile* Bm Kernel32!ReadFile* Bm kernel32!CopyFile* Bm kernel32!WriteFile* Bm kernel32!GetPrivateProfileString Bm kernel32!GetFileAttributes* Bp kernel32!StgCreateDocfile Bm kernel32!GetFileVersionInfo* Bm kernel32!FindFirstFile* Bm kernel32!FindNextFile* Bm kernel32!MoveFile*

Common Breakpoints “My app is an msi, and I think I need to debug a custom action” Bp msi!CmsiCustomAction__CustomActionThread Bp msi!CmsiCustomAction__RunScriptAction Bp msi!CmsiEngine__FindAndRunAction

Common Breakpoints “My app is having networking issues. I have installed the proxy client, and I am connected.” Bm mpr!*wnetaddconnection* Bm mpr!*GetConnection* Bm ws2_32!*send* Bm ws2_32!*recv* Bm ws2_32!*getsockname* Bm ws2_32!*connect* Bm Wininet!*InternetOpen* Bm Wininet!*InternetConnect* Bm Wininet!*GetProxyInfo*

Common Breakpoints “My app may be dependent on the old TCP-IP stack” Bm Tcpip!FreeIprBuff Bm Tcpip!IPAllocBuff Bm Tcpip!IPFreeBuff Bm Tcpip!LookupRouteInformation

Common Breakpoints “My app has an embedded IE window and might be using URL monikers” Bm urlmon!URLOpenStream* Bm urlmon!URLDownloadToFile* Bm urlmon!IsValidURL* Bm urlmon!CreateURLMoniker*

Common Breakpoints “I think my app is mishandling critical sections” bm kernel32!EnterCriticalSection* bm kernel32!DeleteCriticalSection* bm kernel32!InitializeCriticalSection* bm kernel32!LeaveCriticalSection*

Common Breakpoints “I think my app is reporting a specific Windows error code” Bm kernel32!GetLastError* Bm kernel32!SetLastError* Bm kernel32!FormatMessage

More Interactive Debugging Coaxing Secrets from a Misbehaving Application

Additional Tools err.exe depends.exe pebrowse pro logman.exe Sysinternals ACT LUA Buglight

Sessions On-Demand & Community Resources for IT Professionals Resources for Developers Microsoft Certification and Training Resources Microsoft Certification & Training Resources Resources

Related Content Breakout Sessions (session codes and titles) WCL302 – Are You Breaking my Stuff Again? The Windows 7 App Compat Story WCL304 – Fix Your Broken Applications: The Black Art of Shims WCL401 – Not for the Faint of Heart: Hard Core App Compat Debugging

Track Resources →Want to find out which Windows Client sessions are best suited to help you in your deployment lifecycle? →Want to talk face-to-face with folks from the Windows Product Team? Meet us today at the Springboard Series Lounge, or visit us at Springboard Series The Springboard Series empowers you to select the right resources, at the right technical level, at the right point in your Windows® Client adoption and management process. Come see why Springboard Series is your destination for Windows 7.

Complete an evaluation on CommNet and enter to win!

© 2009 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.