Analyze application failures the easier way with Dependency Walker

Analyze application failures the easier way with Dependency Walker

  • Comments 2
  • Likes

Hi all, Paras here once again.

It is not uncommon to see application crashes and we all know how frustrating it becomes when an application crashes the moment we try to launch it. To annoy us more it leaves us with very little to go on fix the problem. The first reaction is to try launching it multiple times in the hope that it may work. Second, we may try to restart the machine or even reinstalling the application. But in all this process we never find out the root cause of the problem.

One of the ways to approach this problem is to take a dump of the application and analyze it, which I know everyone is not comfortable with, and can be hard to do if the app never even launches correctly. However today we are going to discuss an easier way to find the root cause of an application crash, typically those which crash the moment you launch them.

All you need to do is download Dependency Walker from this link: http://support.microsoft.com/kb/256872

Dependency Walker is a tool that tracks and logs files that are accessed when an executable launches. It can also track what files are being called by a DLL or SYS file, but in this case we are concerned with just tracking an application launch. It is able to track file registration errors, access violations, invalid page faults or even missing files.

Once downloaded we just need to drag and drop the .EXE into the Dependency Walker window and it will immediately list all the dependencies. If the application failure is due to a missing module then it will be highlighted clearly. Below is an example of this.

 

Depends1

 

The tool clearly tells us that the ‘OurLibrary.dll’ module is missing. We can assume that replacing this DLL should fix our problem.

But if we have a case wherein the application is not missing any modules but still fails to launch then we need to profile the application and capture the activity that takes place while the application is trying to launch. In this example, my application fails the moment I try to launch it and I get the following error:

 

image

 

Using the ERR.exe tool we know that the error 0xc0000142 translates to “STATUS_DLL_INIT_FAILED” so for a start we know that the problem is happening while loading or initializing the DLL. Now I use Dependency Walker to capture the application failure. Drag and drop the .EXE in the tool and click on the Profile button and choose “Start Profiling”.

 

image

 

Once you click OK, the tool will start profiling the application while writing all the information to a log file and eventually bring up the error message.

 

image

 

We now need to concentrate on the log file especially on the activity that is logged just prior to the app crash. In my case I see the following.

 

Depends2

 

This says “DllMain(0x10000000, DLL_PROCESS_ATTACH, 0x0018FD24) in "OURLIBRARY.DLL" returned 0 (0x0).

I am not a developer, so I turned to BING to assist. I found the following in MSDN:

“If the return value is FALSE when DllMain is called because the process uses the LoadLibrary function, LoadLibrary returns NULL. (The system immediately calls your entry-point function with DLL_PROCESS_DETACH and unloads the DLL.) If the return value is FALSE when DllMain is called during process initialization, the process terminates with an error.”

This directly nails the problem. My application is calling DLLMain which returns a false value and the OS simply terminates the process. So now I know for sure that the issue is regarding a faulty DLL and I can contact the people who wrote it for assistance. So, I hope this helps explain a small part of the overall functionality of Dependency Walker. Give it a shot, you may find it very useful.

 

Regards,

Paras Pant

Share this post :


Your comment has been posted.   Close
Thank you, your comment requires moderation so it may take a while to appear.   Close
Leave a Comment
  • Hi,

    The version of Dependency Walker in the KB article linked to in this post seems to be v 2.1.3623 from June 25, 2002.

    However, you can get a newer v2.2.6000 (built October 29, 2006) from www.dependencywalker.com.

  • " you can get a newer v2.2.6000 (built October 29, 2006) from www.dependencywalker.com"

    I would not follow that link! Its a webpage out of Microsoft and the downloads are also out of Microsoft.

    For my experience all Microsoft tools are all from Microsoft domain, so when someone come out with independent domains as dependencywalker.com is not reliable