| Debugging Continuable and Non-Continuable Stops |
Debugging a Continuable Stop
Here is an example of an invalid handle exception that has been raised by the Detect invalid handle usage option.
First, the following message appears:
Invalid�handle�-�code�c0000008�(first�chance)
===================================================
VERIFIER�STOP�00000300:�pid�0x558:�invalid�handle�exception�for�current�stack�trace
��������C0000008�:�Exception�code.
��������0012FBF8�:�Exception�record.�Use�.exr�to�display�it.
��������0012FC0C�:�Context�record.�Use�.cxr�to�display�it.
��������00000000�:
===================================================
This�verifier�stop�is�continuable.
After�debugging�it�use�'go'�to�continue.
===================================================
Break�instruction�exception�-�code�80000003�(first�chance)
eax=00000000�ebx=6a27c280�ecx=6a226447�edx=0012fa4c�esi=00942528�edi=6a27c260
eip=6a22629c�esp=0012facc�ebp=0012faf0�iopl=0���������nv�up�ei�pl�zr�na�po�nc
cs=001b��ss=0023��ds=0023��es=0023��fs=003b��gs=0000�������������efl=00000246
ntdll!DbgBreakPoint:
6a22629c�cc���������������int�����3
Notice that the message tells you that this Application Verifier Stop can be continued. After you understand what has transpired, you can continue running the target application.
First, you should use the !avrf extension. This gives information about the current failure:
0:000>�!avrf
Global�flags:�00000100
Application�verifier�global�flag�is�set.
Application�verifier�settings�(00000004):
���-�no�heap�checking�enabled!
���-�handle�checks
Page�heap�is�not�active�for�this�process.
Current�stop�00000300�:�c0000008�0012fbf8�0012fc0c�00000000�.
����Using�an�invalid�handle�(either�closed�or�simply�bad).
The final line of this display summarizes the problem.
You may want to look at some logs at this point. After you are done, use the g�(Go) command to start the application again:
0:000>�g
Debugging a Non-Continuable Stop
Here is an example of an access violation that has been raised by the page heap option.
First, the following message appears:
Access�violation�-�code�c0000005�(first�chance)
===================================================
VERIFIER�STOP�00000008:�pid�0x504:�exception�raised�while�verifying�block�header
��������00EC1000�:�Heap�handle
��������00F10FF8�:�Heap�block
��������00000000�:�Block�size
��������00000000�:
===================================================
This�verifier�stop�is�not�continuable.�Process�will�be�terminated when�you�use�the�'go'�debugger�command.
===================================================
Break�instruction�exception�-�code�80000003�(first�chance)
eax=00000000�ebx=00000000�ecx=6a226447�edx=0012fab7�esi=00f10ff8�edi=00000008
eip=6a22629c�esp=0012fb5c�ebp=0012fb80�iopl=0���������nv�up�ei�pl�zr�na�po�nc
cs=001b��ss=0023��ds=0023��es=0023��fs=003b��gs=0000�������������efl=00000246
ntdll!DbgBreakPoint:
6a22629c�cc���������������int�����3
In this case, the message tells you that this Application Verifier Stop cannot be continued. The error is too severe for the process to continue running, and there is no way for Application Verifier to salvage the process.
The !avrf extension can be used to give information about the current failure:
0:000>�!avrf
Global�flags:�02000100
Application�verifier�global�flag�is�set.
Page�heap�global�flag�is�set.
Application�verifier�settings�(00000001):
���-�full�page�heap
Page�heaps�active�in�the�process�(format:�pageheap,�lightheap,�flags):
����00941000�,�00a40000�,�3�(pageheap�traces�)
����00b41000�,�00c40000�,�3�(pageheap�traces�)
����00cb1000�,�00db0000�,�3�(pageheap�traces�)
����00ec1000�,�00fc0000�,�3�(pageheap�traces�)
Current�stop�00000008�:�00ec1000�00f10ff8�00000000�00000000�.
����Corrupted�heap�block.
The final line of this display summarizes the problem.
You may also want to look at some logs at this point. You may want to use the .restart�(Restart Target Application) command at this point. Or perhaps you may prefer to end your Application Verifier session and begin fixing the bugs in your code.