Menu

The !avrf extension controls the settings of Application Verifier and displays a variety of output produced by Application Verifier.

Syntax

!avrf

The !avrf command without any parameters shows the Application Verifier settings and information about the current and previous Application Verifier breaks if any.

!avrf �vs { Length | -aAddress }

Displays the virtual space operation log. Length specifies the number of records to display starting from the most recent. Address specifies the virtual address. Records of the virtual operations containing this virtual address will be displayed.

!avrf -hp { Length | -a Address }

Displays the heap operation log. Address specifies the heap address. Records of the heap operations containing this heap address will be displayed.

!avrf -cs { Length | -a Address }

Displays the critical section delete log. Length specifies the number of records to display starting from the most recent. Address specifies the critical section address. Records for the particular critical section are displayed when Address is specified.

!avrf -dlls [ Length ]

Displays the DLL load/unload log. Length specifies the number of records to display starting from the most recent.

!avrf -trm

Displays a log of all terminated and suspended threads.

!avrf -ex [ Length ]

Displays the exception log. Application Verifier tracks all the exceptions happening in the application.

!avrf -threads [ ThreadID ]

Displays information about threads in the target process. For child threads, the stack size and the CreateThread flags specified by the parent are displayed as well. Providing a thread ID will display information only for that particular thread.

!avrf -tp [ ThreadID ]

Displays the thread pool log. This log may contain stack traces for various operations such as changing the thread affinity mask, changing thread priority, posting thread messages, initializing COM, and uninitializing COM from within the thread pool callback. Providing a thread ID will display information only for that particular thread.

!avrf -srw [ Address | Address Length ] [ -stats ]

Displays the Slim Reader/Writer (SRW) log. Specifying Address will display records pertaining to that SRW lock address. When Length is specified along with the Address , all SRW locks within that address range are displayed. The -stats option dumps the SRW lock statistics.

!avrf -leak [ -m ModuleName ] [ -r ResourceType ] [ -a Address ] [ -t ]

Displays the outstanding resources log. These resources may or may not be leaks at any given point. Specifying ModuleName (including the extension) displays all outstanding resources in the specified module. Specifying ResourceType displays outstanding resources of that particular resource type. Specifying Address dumps records of outstanding resources with that address. ResourceType can be one of the following:

  • Heap: Displays heap allocations using Win32 Heap APIs

  • Local: Displays Local/Global allocations

  • CRT: Displays allocations using CRT APIs

  • Virtual: Displays Virtual reservations

  • BSTR: Displays BSTR allocations

  • Registry: Displays Registry key opens

  • Power: Displays power notification objects

  • Handle: Displays thread, file, and event handle allocations

!avrf �trace TraceIndex

Displays a stack trace for the specified trace index. Some structures use this 16-bit index number to identify a stack trace. This index points to a location within the stack trace database. If you are analyzing such a structure, you will find this syntax useful.

!avrf -cnt

Displays a list of global counters.

!avrf -brk [ BreakEventType ]

Specifies that this is a break-event command. When !avrf -brk is used with no additional parameters, the break event settings are displayed. BreakEventType specifies the type number of the break event. For a list of possible types, use !avrf -brk .

!avrf -flt [ EventTypeProbability ]

Specifies that this is a fault-injection command. When !avrf -flt is used with no additional parameters, the current fault injection settings are displayed. EventType specifies the type number of the event. Probability specifies the frequency with which the event will fail. This can be any integer between 0 and 1,000,000 (0xF4240).

!avrf -flt break EventType

Causes Application Verifier to break into the debugger each time this fault is injected.

!avrf -flt stacks Length

Displays Length number of stack traces for the most recent fault-injected operations.

!avrf -trg [ StartEnd | dll Module | all ]

Specifies that this is a target range command. When -trg is used with no additional parameters, the current target ranges are displayed. Start specifies the beginning address of the target range or exclusion range. End specifies the ending address of the target range or exclusion range. Module specifies the name of a module to be targeted or excluded. Module should include the full module name, including the .exe or .dll extension. Path information should not be included. Specifying all causes all target ranges or exclusion ranges to be reset.

!avrf -skp [ StartEnd | dll Module | all | Time ]

Specifies that this is an exclusion range command. Start specifies the beginning address of the target range or exclusion range. End specifies the ending address of the target range or exclusion range. Module specifies the name of a module to be targeted or excluded. Module should include the full module name, including the .exe or .dll extension. Path information should not be included. Specifying all causes all target ranges or exclusion ranges to be reset. Specifying Time causes all faults to be suppressed for Time milliseconds after execution resumes.

Output

The following is the output provided by !avrf command in the debugger.

Copy Code
0:000> !avrf
Application verifier settings (816431A7):

�� - full page heap
�� - COM
�� - RPC
�� - Handles
�� - Locks
�� - Memory
�� - TLS
�� - Exceptions
�� - Threadpool
�� - Leak
�� - SRWLock

No verifier stop active.

Note: Sometimes bugs found by verifier manifest themselves as raised
exceptions (access violations, stack overflows, invalid handles), 
and it is not always necessary to have a verifier stop.

DLL

Windows NT 4.0

Unavailable

Windows�2000

Unavailable

Windows XP and later

Exts.dll

Comments

When the !avrf extension is used with no parameters, it displays the current Application Verifier options.

If an Application Verifier Stop has occurred, the !avrf extension with no parameters will reveal the nature of the stop and what caused it.

If symbols for ntdll.dll and verifier.dll are missing, the !avrf extension will generate an error message.