16

Simply, I cannot run App verifier (WOW or 64-bit). It simply does not start. Event viewer says:

Faulting application name: appverif.exe, version: 10.0.18362.1, time stamp: 0x58ca3409 Faulting module name: ntdll.dll, version: 10.0.18362.1139, time stamp: 0x335bbdaf Exception code: 0xc0000374 Fault offset: 0x000dfa1d Faulting process ID: 0x2ad0 Faulting application start time: 0x01d6aa7ad4a12bf6 Faulting application path: C:\Windows\SysWOW64\appverif.exe Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll Report ID: 235c3a4d-2d54-4436-99bf-b54a217c9a7f

Additionally, I tried to run appverif.exe (in system and syswow64) under Visual Studio and I see:

Application Verifier blows up in Visual Studio debugger

EDIT (Update based on comments) Some are suggesting that Application Verifier does not have a GUI. However, last time I ran it, I saw the following:

Application Verifier Gui

r webby
  • 443
  • 3
  • 13
  • 1
    The error code is `STATUS_HEAP_CORRUPTION`. Are you sure this is AppVerifier failing as opposed to AopVerifier reporting a bug in your test application? – IInspectable Oct 25 '20 at 08:31
  • Well, since App verifier never even opens its GUI, I have no idea what programs are set to use Application Verifier?! Just to be clear, I am not running any program inside Application Verifier. It is App verifier *itself* that crashes -- on all 3 machines. – r webby Oct 25 '20 at 09:48
  • use [gflags.exe](https://learn.microsoft.com/en-us/windows-hardware/drivers/debugger/gflags-flag-table) to enable appverifier for your target application – magicandre1981 Oct 25 '20 at 10:03
  • AppVerifier doesn't have a dedicated GUI, but rather communicates issues by way of exceptions that can be intercepted by any Windows debugger. That's its standard mode of operation. – IInspectable Oct 25 '20 at 16:09
  • 1
    Hi -- Didn't it used to have a GUI that allowed you to add applications and view logs? – r webby Oct 25 '20 at 19:22
  • The image you posted is the configuration UI that ultimately writes to the Image File Execution Options registry key. So yes, there is *some* UI, that even lets you view logs of previous runs. Though that isn't the default mode of the AppVerifier engine. By default, it throws exceptions when it observes an issue. Given how tedious it is to change AppVerifier from throwing exception to logging issues (and how unhelpful the logs are) I indeed forgot that AppVerifier can be run without a debugger. Anyway, now you know where to look in the registry to find AppVerifier's configuration. – IInspectable Oct 25 '20 at 20:50
  • maybe you activated appverfier to appverifier and this now triggers the crash? – magicandre1981 Oct 26 '20 at 14:57
  • @magicandre1981 I cleared out the registry key above. Bear in mind it also does this in three different machines :-( – r webby Oct 27 '20 at 04:39
  • I just installed Win10 1903 SDK and see the same on Win10 (1909). The GUI doesn't open, but on Windows 8.1, the GUI runs. so this is an Windows 10 issue – magicandre1981 Oct 27 '20 at 14:34
  • I just tested it on 1809 and here it also closes. On 1709 the application runs. so MS broke it in maybe one of the lastest Windows 10 monthly Updates – magicandre1981 Oct 27 '20 at 14:44
  • does my workaround also work for you? Or does it only work on my system? – magicandre1981 Oct 28 '20 at 08:09
  • I'm also unable to run app verifier too: https://stackoverflow.com/questions/64562643/application-verifier-not-launching-on-microsoft-windows-10-pro – vengy Oct 28 '20 at 13:50
  • @vengy also try my [workaround](https://stackoverflow.com/a/64563452/1466046) to run it as trustedinstaller – magicandre1981 Oct 28 '20 at 14:18
  • It does have a GUI. I use it all the time. After installing Windows update KB4577671 the GUI stopped displaying. This happened on 2 PCs. If you run appverif from VS you'll see it exit with a return code of 32. Using PsExec64.exe -i -s C:\Windows\System32\appverif.exe from the answer below works for me. – GBrookman Nov 10 '20 at 16:39
  • 1
    @rwebby there is now real solution available with an updated 2004 SDK. – magicandre1981 Dec 16 '20 at 18:59

3 Answers3

18

I asked Microsoft employee Gov Maharaj (from application compatibility team) and they already know about the issue and the issue is fixed in an update for the Windows 10 2004 SDK which was released in December 2020 (19041.685.201201-2105.vb_release_svc_prod1_WindowsSDK.iso):

The Windows 10 SDK, Version 2004 SDK servicing update (released 12/16/2020) contains the following fixes. If you encounter these issues, we recommend that you update your version of the SDK as soon as possible to avoid them:

  • Resolved issue that prevented AppVerifier from working

Download and install the update to fix it.

magicandre1981
  • 27,895
  • 5
  • 86
  • 127
  • Sadly, I cannot confirm this as Windows Defender detects trojans in the installer of ProcessHacker. Looks like they have this one sewn up, for now! :-( – r webby Oct 28 '20 at 09:51
  • 2
    never ever use defender on a dev system, it runs all unknown files in emulator which is slow and on dev system tons of files that defender hasn't seen are produced. And processhacker is safe to use – magicandre1981 Oct 28 '20 at 11:30
  • TendMicro also report ProcessHacker as Trojan or Chrome would not even let me download it. If you have a backchannel report this as false positive. It is really a shame or configure some exclusion directories if your scanner supports it. – Alois Kraus Nov 02 '20 at 21:12
  • 2
    @AloisKraus they follow Microsoft bullshit, they also had to block all sysinterals tools as they use same API like ProcessHacker and NOD32 is fine and doesn't block it – magicandre1981 Nov 02 '20 at 21:39
  • 2
    This worked for me! In the installer uncheck everything except "App Verifier", then once installation is finished, launch C:\Windows\System32\appverif.exe. Bam! – serg06 Apr 14 '21 at 15:30
  • I had to uninstall all my WinSDKs (I had 2 versions installed) and [re-install the WinSDK](https://developer.microsoft.com/en-us/windows/downloads/windows-10-sdk/), but then it worked – bobobobo Sep 13 '21 at 20:13
  • Installing the new SDK version (without uninstalling the old version) fixed the problem for me. – David Gausmann Oct 06 '21 at 14:44
  • I downloaded the new SDK, ran the installed which downloaded the SDK installed and pointed me to a file that downloaded the SDK installer, which pointed me to a file that... you get the idea. The installer did create a directory full of some individual installers though. None of these installed appverif.exe as far as I can tell. – Luther May 21 '22 at 16:42
17

I managed to run the verifier under a SYSTEM account using PsExec:

...PsTools\PsExec64.exe -i -s C:\Windows\System32\appverif.exe

JonMerel
  • 352
  • 1
  • 2
0

I've tried the recommended methods - installing the latest windows SDK and running the program through 'PsExec64.exe -i -s' but neither worked. This program seems to be something Microsoft periodically breaks, judging by what I've read.

I ran appverif.exe through visual studio and saw the following call stack on crash:

    ntdll.dll!RtlReportCriticalFailure()   Unknown
ntdll.dll!RtlpHeapHandleError()    Unknown
ntdll.dll!RtlpHpHeapHandleError()  Unknown
ntdll.dll!RtlpLogHeapFailure() Unknown
ntdll.dll!RtlpFreeHeapInternal()    Unknown

ntdll.dll!RtlFreeHeap() Unknown msvcrt.dll!00007ffd44449c9c() Unknown appverifUI.dll!00007ffc9a41f9d6() Unknown appverifUI.dll!00007ffc9a411636() Unknown appverif.exe!00007ff64965281b() Unknown appverif.exe!00007ff6496615ed() Unknown kernel32.dll!00007ffd43957034() Unknown ntdll.dll!RtlUserThreadStart() Unknown

It seems to be crashing after a heap free.

Luther
  • 1,786
  • 3
  • 21
  • 38