Presentation is loading. Please wait.

Presentation is loading. Please wait.

Chris Jackson The App Compat Guy Microsoft Corporation WCL401.

Similar presentations


Presentation on theme: "Chris Jackson The App Compat Guy Microsoft Corporation WCL401."— Presentation transcript:

1

2 Chris Jackson The App Compat Guy Microsoft Corporation WCL401

3 When Do You Debug?

4 The Debugging Process

5 Application Compatibility Issues

6 Symbols: Privates 0x0000 0x9135 0x8E21 4 ntdll 0xA3419

7 Symbols: Publics 0x0000 0x9135 0x8E21 4 ntdll 0xA3419

8 Symbols Publics: http://msdl.microsoft.com/ download/symbolshttp://msdl.microsoft.com/ download/symbols Download for offline use Updated with every build Recommend symbol servers http://windowssdk.msdn.microsoft.com/en- us/library/ms681417.aspx

9 Symbol Paths _NT_SYMBOL_PATH srv* * ; srv* * ;…

10 Calling Conventions

11 __stdcall and the Stack Return Address Argument 2 Argument 1 EBPEBP EBPEBPESPESP

12 Public Windows Symbols Discovering Arguments using MSDN and the Debugger

13 Kernel Dump Files Complete (RAM) Kernel memory (~1/3 RAM) Small memory (64k)

14 User Mode Dump Files Full Mini Memory Memory information Handles Unloaded modules Thread information Secondary memory Process and Thread Environment Blocks …

15 Creating dump files Task Manager.dump ADPlus Crash Hang

16 ADPlus Configuration Files mscorsvr!RaiseTheException BU VOID j (poi(poi(poi(poi(esp+4))+8)+48) = 02000004) '.time;du poi((poi(esp+4)+10))+c;.dump /u /mfh d:\dumps\Insite.dmp;gc';'.time;du poi((poi(esp+4)+10))+c;gc' VOID

17 ADPlus Capturing and Analyzing a Crash Dump

18 Interactive Debugger Commands k* - callstack d* – memory b* - breakpoints u* – unassembling ~ - threads lm – loaded modules lmv m - module info

19 Color Coding Output Debugee level command window text User-selected command window line text Right click in title area

20 Frequently Interesting Registers

21 x86 Instruction Set, In (Very) Brief

22 From C to Assembly Code 1/2 ; int WINAPI WinMain(HINSTANCE hInstance, HINSTANCE hPrevInstance, LPSTR lpCmdLine, int nShowCmd) { push ebp mov ebp, esp sub esp, 288; 00000120H mov eax, DWORD PTR ___security_cookie xor eax, ebp DWORD PTR __$ArrayPad$[ebp], eax ; OSVERSIONINFO osvi; ; ZeroMemory(&osvi, sizeof(OSVERSIONINFO)); push 276; 00000114H push 0 lea eax, DWORD PTR _osvi$[ebp] push eax call _memset add esp, 12; 0000000cH ; osvi.dwOSVersionInfoSize = sizeof(OSVERSIONINFO); mov DWORD PTR _osvi$[ebp], 276 ; 00000114H ; GetVersionEx(&osvi); lea ecx, DWORD PTR _osvi$[ebp] push ecx call DWORD PTR __imp__GetVersionExW@4

23 From C to Assembly Code 2/2 ; if (osvi.dwMajorVersion != 5 || osvi.dwMinorVersion != 1) { cmp DWORD PTR _osvi$[ebp+4], 5 jne SHORT $LN1@WinMain cmp DWORD PTR _osvi$[ebp+8], 1 je SHORT $LN2@WinMain $LN1@WinMain: ; MessageBox(NULL, L"This application requires Windows XP", L"Unsupported Version", MB_OK | MB_ICONERROR); push 16; 00000010H push OFFSET $SG-5 push OFFSET $SG-6 push 0 call DWORD PTR __imp__MessageBoxW@16 ; return 1; mov eax, 1 jmp SHORT $LN3@WinMain $LN2@WinMain: ;}

24 Interactive Debugging Coaxing Secrets from a Misbehaving Application

25 Common Breakpoints “I run the executable and nothing happens” or “I click the menu item and nothing happens” bm kernel32!*create*process bm shell32!shellexecute* bm ole32!cocreateinstance* bp kernel32!winexec

26 Common Breakpoints “My application is doing something in the registry, where do I start?” Write? bm advapi32!regcreatekey* bm advapi32!regsetvalue* Read? bm advapi32!regenumkey* bm advapi32!reggetvalue* bm advapi32!regqueryvalue* bm advapi32!regquerymultiple Delete? bm advapi32!regdelete*

27 Common Breakpoints “My app creates a window and it looks funny” or “My app is supposed to create a window, and it doesn’t” bm user32!createwindow* bm user32!createdialog*param* bm user32!createmdiwindow* bp user32!destroywindow

28 Common Breakpoints “My app is missing a menu item” or “my app has a menu item that is inactive” bm user32!createmenu* bm user32!createpopupmenu* bm user32!loadmenu* bp user32!destroymenu

29 Common Breakpoints “I’m having problems with COM/COM+/DCOM” bm ole32!cocreateinstance* bm ole32!cogetclassobject* bm ole32!IClassFactory::CreateInstance*

30 Common Breakpoints “I’m having a problem where I can see an exception” bm ntdll!*RaiseException bm ntdll!RtlDispatchException bp ntdll!raise bp ntdll!RtlIsValidHandler bp ntdll!InvalidHandlerDetected bp ntdll!ExecuteHandler2 bp rpcrt4!RpcRaiseException bp rpcrt4!NdrpRaisePipeException bp ole32!RtlReportException

31 Common Breakpoints “My app has a problem using common dialogs” bm comdlg32!GetSaveFileName* bm comdlg32!GetOpenFileName*

32 Common Breakpoints “My app starts a service, where do I start?” bm advapi32!CreateService* bm advapi32!StartService* bm advapi32!ControlService*

33 Common Breakpoints “My app or one of its dlls appears to have problems even loading” bp kernel32!BaseThreadInitThunk bp ntdll!LdrpRunInitializeRoutines bp ntdll!LdrpMapDll bp ntdll!LdrpLoadDll bp ntdll!LdrpUnloadDll bm kernel32!LoadLibrary*

34 Common Breakpoints “My app is having problems with files or objects” Bm kernel32!CreateFile* Bm kernel32!DeleteFile* Bm Kernel32!ReadFile* Bm kernel32!CopyFile* Bm kernel32!WriteFile* Bm kernel32!GetPrivateProfileString Bm kernel32!GetFileAttributes* Bp kernel32!StgCreateDocfile Bm kernel32!GetFileVersionInfo* Bm kernel32!FindFirstFile* Bm kernel32!FindNextFile* Bm kernel32!MoveFile*

35 Common Breakpoints “My app is an msi, and I think I need to debug a custom action” Bp msi!CmsiCustomAction__CustomActionThread Bp msi!CmsiCustomAction__RunScriptAction Bp msi!CmsiEngine__FindAndRunAction

36 Common Breakpoints “My app is having networking issues. I have installed the proxy client, and I am connected.” Bm mpr!*wnetaddconnection* Bm mpr!*GetConnection* Bm ws2_32!*send* Bm ws2_32!*recv* Bm ws2_32!*getsockname* Bm ws2_32!*connect* Bm Wininet!*InternetOpen* Bm Wininet!*InternetConnect* Bm Wininet!*GetProxyInfo*

37 Common Breakpoints “My app may be dependent on the old TCP-IP stack” Bm Tcpip!FreeIprBuff Bm Tcpip!IPAllocBuff Bm Tcpip!IPFreeBuff Bm Tcpip!LookupRouteInformation

38 Common Breakpoints “My app has an embedded IE window and might be using URL monikers” Bm urlmon!URLOpenStream* Bm urlmon!URLDownloadToFile* Bm urlmon!IsValidURL* Bm urlmon!CreateURLMoniker*

39 Common Breakpoints “I think my app is mishandling critical sections” bm kernel32!EnterCriticalSection* bm kernel32!DeleteCriticalSection* bm kernel32!InitializeCriticalSection* bm kernel32!LeaveCriticalSection*

40 Common Breakpoints “I think my app is reporting a specific Windows error code” Bm kernel32!GetLastError* Bm kernel32!SetLastError* Bm kernel32!FormatMessage

41 More Interactive Debugging Coaxing Secrets from a Misbehaving Application

42 Additional Tools err.exe depends.exe pebrowse pro logman.exe Sysinternals ACT LUA Buglight

43 http://www.appcompatguy.com chris.jackson@microsoft.com

44 www.microsoft.com/teched Sessions On-Demand & Community http://microsoft.com/technet Resources for IT Professionals http://microsoft.com/msdn Resources for Developers www.microsoft.com/learning Microsoft Certification and Training Resources www.microsoft.com/learning Microsoft Certification & Training Resources Resources

45 Related Content Breakout Sessions (session codes and titles) WCL302 – Are You Breaking my Stuff Again? The Windows 7 App Compat Story WCL304 – Fix Your Broken Applications: The Black Art of Shims WCL401 – Not for the Faint of Heart: Hard Core App Compat Debugging

46 Track Resources →Want to find out which Windows Client sessions are best suited to help you in your deployment lifecycle? →Want to talk face-to-face with folks from the Windows Product Team? Meet us today at the Springboard Series Lounge, or visit us at www.microsoft.com/springboard www.microsoft.com/springboard Springboard Series The Springboard Series empowers you to select the right resources, at the right technical level, at the right point in your Windows® Client adoption and management process. Come see why Springboard Series is your destination for Windows 7.

47 Complete an evaluation on CommNet and enter to win!

48 © 2009 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.


Download ppt "Chris Jackson The App Compat Guy Microsoft Corporation WCL401."

Similar presentations


Ads by Google