Archive

Archive for September, 2016

On Debugging Virtual Applications Part 4: The Case of the Missing Dump

September 27, 2016 Leave a comment

I’ve been blogging lately (well . . . not exactly lately) about debugging virtual applications that misbehave – whether by hanging, crashing, or spewing some strange error message. In discussing the use of tools, one question I often get is the relationship of attaching the debuggers to the virtual application inside or outside the virtual environment. With App-V 5, it only matters in certain circumstances at the user mode level as virtualized applications work from a state-separated registry and file system that leverage the native file system and registry.

When a developer is troubleshooting a virtual application that they have developed, or an IT Pro Debugger is attempting to reverse engineer an application issue, I usually recommend they attach to the virtual process as they would any other application at first. You may decide due to necessity or preference to attach a debugger or a tool to the virtual application process within the context of the virtual environment by launching it in the application’s “bubble.” You may want to be advised that once you do this, the debugging tool will also be running virtually and will behave accordingly.

I bring this up due to an interesting issue that was encountered by one of our partners a while back: There was an issue with a plug-in to Internet Explorer causing it to hang shortly after the BHO had been triggered while running in standard isolation (i.e. no Dynamic Virtualization involved.) Given that the individual had developed the code for the plug-in, they wanted to capture a full user mode memory dump of the instance of Internet Explorer that was running virtually. The issue could not be reproduced in the developer’s environment so there was the usual suspicion of something environmental being a factor. Since standard WER (Windows Error Reporting) is somewhat limited by default, the customer was leveraging ProcDump -h to capture a user mode memory dump of the IEXPLORE.EXE process.

Here’s the thing: while Procdump appeared to attach to and generate a dump successfully, there were no dumps to be found per the developer. Upon further inquiry, I found that the developer was doing the following:

  1. Using C: as a target. This is not good on many levels.
  2. Running ProcDump from a command prompt in the application’s (IEXPLORE.EXE) virtual environment.

While running it in the bubble was not necessarily a bad thing, I had the developer simply redirect the output to %TEMP% instead of C:. The dumps showed up as normal. When asked why C: mattered, I told him that due to coupling factors (specifying an unexcluded folder, VFS Write mode, running as an administrator, and launching in the bubble, the dump file was treated as application state data and was redirected to the VFS CoW location. Upon a quick demonstration, it was discovered buried beneath the user’s VFS folder.

 

164

 

 

I should note that there shouldn’t be any concern with regards to the usability of these redirected dumps. I will also note that upon repairing the App-V package in questions, the user freed up around 12GB of disk space. I guess they had been trying the ProcDump command quite a bit. J

 

Advertisements

Application Virtualization and Compatibility at Microsoft Ignite 2016!

September 26, 2016 Leave a comment

Greetings all! If you are headed to Atlanta for #MSIgnite this year, I wanted to give you a heads up of some key sessions that will interest those of you looking specifically for application compatibility, App-V, and UE-V-related content. If you do not have a chance to see any of these in person, you can choose to later view the recordings (which I will post links to) or even catch some of them streamed live! AppCompat and WaaS, App-V, UE-V, IE EMIE, Office AppCompat, and UWP compatibility all are being covered at this event! I’m excited and will be there! Dave Falkus and I will be speaking on Friday discussing App-V, UE-V, and its incorporation in the Windows 10 Anniversary Edition! (BRK2207)

BRK2125: Evaluate compatibility in Windows 10 and WaaS using telemetry driven insights – 9/28 (Wed) 9-9:45 EST

https://myignite.microsoft.com/sessions/2763

Bring existing desktop apps to the Universal Windows Platform (Project Centennial) – 9/27 (Tues) 12:30pm – 1:45pm

https://myignite.microsoft.com/sessions/2566

BRK2066: Bring existing web apps to Windows 10 with Hosted Web Apps –  9/27 (Tues) 2:15pm – 3:30pm

https://myignite.microsoft.com/sessions/2576

BRK2207: Discover how App-V and UE-V align with an Evergreen Windows 10 – 9/30 (Fri) 10:45am – 12:00pm

https://myignite.microsoft.com/sessions/3218

BRK4018: Fix web app compatibility with Enterprise Mode – 9/29 (Thu) 12:30pm – 1:45pm

https://myignite.microsoft.com/sessions/2856

BRK4003: Discover Microsoft browser security and compatibility internals – 9/28 (Wed) 2:15pm – 3:30pm

https://myignite.microsoft.com/sessions/2583

BRK3047: Secure Tier 2: hardening workstations and retiring technical debt – 9/29 (Thu) 9:00am – 10:15am

https://myignite.microsoft.com/sessions/2584

Categories: Uncategorized