Download presentation
Presentation is loading. Please wait.
Published byRebecca Butler Modified over 9 years ago
2
Chris Jackson The App Compat Guy Microsoft Corporation WCL401
3
When Do You Debug?
4
The Debugging Process
5
Application Compatibility Issues
6
Symbols: Privates 0x0000 0x9135 0x8E21 4 ntdll 0xA3419
7
Symbols: Publics 0x0000 0x9135 0x8E21 4 ntdll 0xA3419
8
Symbols Publics: http://msdl.microsoft.com/ download/symbolshttp://msdl.microsoft.com/ download/symbols Download for offline use Updated with every build Recommend symbol servers http://windowssdk.msdn.microsoft.com/en- us/library/ms681417.aspx
9
Symbol Paths _NT_SYMBOL_PATH srv* * ; srv* * ;…
10
Calling Conventions
11
__stdcall and the Stack Return Address Argument 2 Argument 1 EBPEBP EBPEBPESPESP
12
Public Windows Symbols Discovering Arguments using MSDN and the Debugger
13
Kernel Dump Files Complete (RAM) Kernel memory (~1/3 RAM) Small memory (64k)
14
User Mode Dump Files Full Mini Memory Memory information Handles Unloaded modules Thread information Secondary memory Process and Thread Environment Blocks …
15
Creating dump files Task Manager.dump ADPlus Crash Hang
16
ADPlus Configuration Files mscorsvr!RaiseTheException BU VOID j (poi(poi(poi(poi(esp+4))+8)+48) = 02000004) '.time;du poi((poi(esp+4)+10))+c;.dump /u /mfh d:\dumps\Insite.dmp;gc';'.time;du poi((poi(esp+4)+10))+c;gc' VOID
17
ADPlus Capturing and Analyzing a Crash Dump
18
Interactive Debugger Commands k* - callstack d* – memory b* - breakpoints u* – unassembling ~ - threads lm – loaded modules lmv m - module info
19
Color Coding Output Debugee level command window text User-selected command window line text Right click in title area
20
Frequently Interesting Registers
21
x86 Instruction Set, In (Very) Brief
22
From C to Assembly Code 1/2 ; int WINAPI WinMain(HINSTANCE hInstance, HINSTANCE hPrevInstance, LPSTR lpCmdLine, int nShowCmd) { push ebp mov ebp, esp sub esp, 288; 00000120H mov eax, DWORD PTR ___security_cookie xor eax, ebp DWORD PTR __$ArrayPad$[ebp], eax ; OSVERSIONINFO osvi; ; ZeroMemory(&osvi, sizeof(OSVERSIONINFO)); push 276; 00000114H push 0 lea eax, DWORD PTR _osvi$[ebp] push eax call _memset add esp, 12; 0000000cH ; osvi.dwOSVersionInfoSize = sizeof(OSVERSIONINFO); mov DWORD PTR _osvi$[ebp], 276 ; 00000114H ; GetVersionEx(&osvi); lea ecx, DWORD PTR _osvi$[ebp] push ecx call DWORD PTR __imp__GetVersionExW@4
23
From C to Assembly Code 2/2 ; if (osvi.dwMajorVersion != 5 || osvi.dwMinorVersion != 1) { cmp DWORD PTR _osvi$[ebp+4], 5 jne SHORT $LN1@WinMain cmp DWORD PTR _osvi$[ebp+8], 1 je SHORT $LN2@WinMain $LN1@WinMain: ; MessageBox(NULL, L"This application requires Windows XP", L"Unsupported Version", MB_OK | MB_ICONERROR); push 16; 00000010H push OFFSET $SG-5 push OFFSET $SG-6 push 0 call DWORD PTR __imp__MessageBoxW@16 ; return 1; mov eax, 1 jmp SHORT $LN3@WinMain $LN2@WinMain: ;}
24
Interactive Debugging Coaxing Secrets from a Misbehaving Application
25
Common Breakpoints “I run the executable and nothing happens” or “I click the menu item and nothing happens” bm kernel32!*create*process bm shell32!shellexecute* bm ole32!cocreateinstance* bp kernel32!winexec
26
Common Breakpoints “My application is doing something in the registry, where do I start?” Write? bm advapi32!regcreatekey* bm advapi32!regsetvalue* Read? bm advapi32!regenumkey* bm advapi32!reggetvalue* bm advapi32!regqueryvalue* bm advapi32!regquerymultiple Delete? bm advapi32!regdelete*
27
Common Breakpoints “My app creates a window and it looks funny” or “My app is supposed to create a window, and it doesn’t” bm user32!createwindow* bm user32!createdialog*param* bm user32!createmdiwindow* bp user32!destroywindow
28
Common Breakpoints “My app is missing a menu item” or “my app has a menu item that is inactive” bm user32!createmenu* bm user32!createpopupmenu* bm user32!loadmenu* bp user32!destroymenu
29
Common Breakpoints “I’m having problems with COM/COM+/DCOM” bm ole32!cocreateinstance* bm ole32!cogetclassobject* bm ole32!IClassFactory::CreateInstance*
30
Common Breakpoints “I’m having a problem where I can see an exception” bm ntdll!*RaiseException bm ntdll!RtlDispatchException bp ntdll!raise bp ntdll!RtlIsValidHandler bp ntdll!InvalidHandlerDetected bp ntdll!ExecuteHandler2 bp rpcrt4!RpcRaiseException bp rpcrt4!NdrpRaisePipeException bp ole32!RtlReportException
31
Common Breakpoints “My app has a problem using common dialogs” bm comdlg32!GetSaveFileName* bm comdlg32!GetOpenFileName*
32
Common Breakpoints “My app starts a service, where do I start?” bm advapi32!CreateService* bm advapi32!StartService* bm advapi32!ControlService*
33
Common Breakpoints “My app or one of its dlls appears to have problems even loading” bp kernel32!BaseThreadInitThunk bp ntdll!LdrpRunInitializeRoutines bp ntdll!LdrpMapDll bp ntdll!LdrpLoadDll bp ntdll!LdrpUnloadDll bm kernel32!LoadLibrary*
34
Common Breakpoints “My app is having problems with files or objects” Bm kernel32!CreateFile* Bm kernel32!DeleteFile* Bm Kernel32!ReadFile* Bm kernel32!CopyFile* Bm kernel32!WriteFile* Bm kernel32!GetPrivateProfileString Bm kernel32!GetFileAttributes* Bp kernel32!StgCreateDocfile Bm kernel32!GetFileVersionInfo* Bm kernel32!FindFirstFile* Bm kernel32!FindNextFile* Bm kernel32!MoveFile*
35
Common Breakpoints “My app is an msi, and I think I need to debug a custom action” Bp msi!CmsiCustomAction__CustomActionThread Bp msi!CmsiCustomAction__RunScriptAction Bp msi!CmsiEngine__FindAndRunAction
36
Common Breakpoints “My app is having networking issues. I have installed the proxy client, and I am connected.” Bm mpr!*wnetaddconnection* Bm mpr!*GetConnection* Bm ws2_32!*send* Bm ws2_32!*recv* Bm ws2_32!*getsockname* Bm ws2_32!*connect* Bm Wininet!*InternetOpen* Bm Wininet!*InternetConnect* Bm Wininet!*GetProxyInfo*
37
Common Breakpoints “My app may be dependent on the old TCP-IP stack” Bm Tcpip!FreeIprBuff Bm Tcpip!IPAllocBuff Bm Tcpip!IPFreeBuff Bm Tcpip!LookupRouteInformation
38
Common Breakpoints “My app has an embedded IE window and might be using URL monikers” Bm urlmon!URLOpenStream* Bm urlmon!URLDownloadToFile* Bm urlmon!IsValidURL* Bm urlmon!CreateURLMoniker*
39
Common Breakpoints “I think my app is mishandling critical sections” bm kernel32!EnterCriticalSection* bm kernel32!DeleteCriticalSection* bm kernel32!InitializeCriticalSection* bm kernel32!LeaveCriticalSection*
40
Common Breakpoints “I think my app is reporting a specific Windows error code” Bm kernel32!GetLastError* Bm kernel32!SetLastError* Bm kernel32!FormatMessage
41
More Interactive Debugging Coaxing Secrets from a Misbehaving Application
42
Additional Tools err.exe depends.exe pebrowse pro logman.exe Sysinternals ACT LUA Buglight
43
http://www.appcompatguy.com chris.jackson@microsoft.com
44
www.microsoft.com/teched Sessions On-Demand & Community http://microsoft.com/technet Resources for IT Professionals http://microsoft.com/msdn Resources for Developers www.microsoft.com/learning Microsoft Certification and Training Resources www.microsoft.com/learning Microsoft Certification & Training Resources Resources
45
Related Content Breakout Sessions (session codes and titles) WCL302 – Are You Breaking my Stuff Again? The Windows 7 App Compat Story WCL304 – Fix Your Broken Applications: The Black Art of Shims WCL401 – Not for the Faint of Heart: Hard Core App Compat Debugging
46
Track Resources →Want to find out which Windows Client sessions are best suited to help you in your deployment lifecycle? →Want to talk face-to-face with folks from the Windows Product Team? Meet us today at the Springboard Series Lounge, or visit us at www.microsoft.com/springboard www.microsoft.com/springboard Springboard Series The Springboard Series empowers you to select the right resources, at the right technical level, at the right point in your Windows® Client adoption and management process. Come see why Springboard Series is your destination for Windows 7.
47
Complete an evaluation on CommNet and enter to win!
48
© 2009 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.
Similar presentations
© 2025 SlidePlayer.com. Inc.
All rights reserved.