How do I get AppVerifier/WinDbg working on Windows 10?

Question

I'm on Windows 10 17134, and have Windows 10 SDK 16299 installed. I actually had an older version of Windows and 4 different versions of the SDK, but decided to upgrade to the latest Windows release and uninstall all my Win10 SDKs and install just the version we're using for our project 16299. Some people on the team are able to run AppVerifier, but most cannot.

I've tried to simplify the test to simply connecting it to Notepad.exe with Basic tests and here's what that looks like. Note the save button is greyed out because it is indeed saved. If you don't click save, nothing takes effect.

Then when I try to run notepad.exe directly, I get this error:

This is exactly the same error I get with our project. Now looking closely at the help documentation, I find this:

Alright, so I have WinDbg as I installed the complete Windows 10 SDK. And following the guide I ran the suggested commandline:

> C:\Program Files (x86)\Windows Kits\10\Debuggers\x86>windbg -xd av -xd
> ch -xd sov notepad.exe

It fires up WinDbg with the following output, which again matches the behavior of our project:

I admit, I have never used WinDbg before, and not clear how I should be doing this. My original intention is to diagnose a Heap corruption in my project. So hopefully someone can explain why it works for some people and not others, or if I'm doing something wrong. Thanks!

Answer 1

With just a single additional step. At the bottom of my last image, you can type the command 'k' to generate a call stack. That generates this information:

> # ChildEBP RetAddr  00 0016f3d4 0f758c21 vrfcore!VerifierStopMessageEx+0x599 01 0016f420 0f75b235
> vfbasics!AVrfpSanityCheckAddressRange+0x57
**> *** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\Windows\SysWOW64\hmpalert.dll** -  02 0016f42c 74485868
> vfbasics!AVrfpRtlEnterCriticalSection+0x15 WARNING: Stack unwind
> information not available. Following frames may be wrong. 03 0016f480
> 74481b37 hmpalert!CVCCP+0x76b8 04 0016f784 77d4f72e
> hmpalert!CVCCP+0x3987 05 0016f848 77d4ecf0
> ntdll!AVrfpSnapDllImports+0x166 06 0016f868 77d4f5a6
> ntdll!AVrfpDllLoadNotificationInternal+0xb4 07 0016f878 77d4e6a5
> ntdll!AVrfpSnapAlreadyLoadedDlls+0x41 08 0016f8a8 77d425dc
> ntdll!AVrfInitializeVerifier+0x19f 09 0016fb14 77d01e92
> ntdll!LdrpInitializeProcess+0x150d 0a 0016fb70 77d01d5c
> ntdll!_LdrpInitialize+0xe0 0b 0016fb80 00000000
> ntdll!LdrInitializeThunk+0x1c

hmpalert.dll is part of Sophos (Interceptx or Hitman Pro). This file causes application verifier to fail.