none
Which version of APPVerifier should I used to test my soft? RRS feed

  • Question

  •  

              I am chinese,please pardon  my poor english.

              I want to test my company's soft which names SST. It is run at amd64 bit CPU PC,But SST is not real 64 bit  program( the new 64 bit SSR is edited base on 32 bit SSR,therefore SSR 64 bit can run at 64 bit CPU PC).

              When  i run "TC2.4.1 : Does the application attempt to write to or replace files under Windows Resource Protection?"at amd64 bit cpu PC ;Load "ApplicationVerifier.amd64" to test SST,the result file MsiExec.exe.0.dat shows that  "103 error"and" 504 warning" which include 16 [LayerName="LuaPriv" StopCode="0x331B" Severity="Error"];but load "ApplicationVerifier.X86"to test SST,the result file MsiExec.exe.0.dat shows shows that "4 erro"and "53 warning" which include only one [LayerName="LuaPriv" StopCode="0x331B" Severity="Error"].

            Please help me analysis which version of the APPVerifier is good?

     

    Wednesday, September 10, 2008 6:38 AM

Answers

  • Hi,

     

    If there are no registry keys and WRP files those were written/modified, then you can ignore this error and continue further.

     

     

    Thanks.

    Thursday, September 11, 2008 1:03 PM

All replies

  •         我用中文再发一次我的疑问,我们的软件SST是应用在64位CPU的计算机上的,SST的版本是64位版本的,但是,SST(64bit)是基于SST(32bit)修改的,并非完全的64位程序。因此在使用APPVerifier工具的时候就出现了APPVerifier不同的版本测试的结果不一样。

           测试机是AMD64位的机器,用APPVerifier.amd64.exe测试得到16个LayerName="LuaPriv" StopCode="0x331B" 的ERROR,而用APPVerifier.X86.exe测试得到1个LayerName="LuaPriv" StopCode="0x331B" 的ERROR。

             因此希望专家能帮我分析一下,到底哪一个版本的APPVerifier适合我们公司要测试的SST软件。

     

          只有 一个错误的时候,结果如下:

    <avrf:logEntry Time="2008-09-10 : 11:55:57" LayerName="LuaPriv" StopCode="0x331B" Severity="Error">

      <avrf:message>Access was restricted to trusted users only.</avrf:message>
      <avrf:formatmessage>OpenProcess: Process (pid 0x0000092c) only grants requested 'PROCESS_VM_READ' to 'NT AUTHORITY\SYSTEM, BUILTIN\Administrators'</avrf:formatmessage>
      <avrfStick out tonguearameter1>74341d58 - Object Type</avrfStick out tonguearameter1>
      <avrfStick out tonguearameter2>27f1a4 - Object Name</avrfStick out tonguearameter2>
      <avrfStick out tonguearameter3>10 - Access Mask</avrfStick out tonguearameter3>
      <avrfStick out tonguearameter4>36e5fb8 - String SID</avrfStick out tonguearameter4>
    - <avrfTongue TiedtackTrace>
      <avrf:trace>vfluapriv!VerifierDisableLayer+3</avrf:trace>
      <avrf:trace>vfluapriv!VerifierDisableLayer+564</avrf:trace>
      <avrf:trace>vfluapriv!ResourceString::ResourceString+1d</avrf:trace>
      <avrf:trace>vfluapriv!VfCoreRedirectedStopMessage+56</avrf:trace>
      <avrf:trace>vfluapriv!VfCoreRedirectedStopMessage+e6</avrf:trace>
      <avrf:trace>vfluapriv!VfCoreRedirectOldStopFunctions+4d</avrf:trace>
      <avrf:trace>vfluapriv!AVrfpFaultTrace+252a</avrf:trace>
      <avrf:trace>NETAPI32!NetpDbgPrint+3a2</avrf:trace>
      <avrf:trace>NETAPI32!NetpDbgPrint+346</avrf:trace>
      <avrf:trace>NETAPI32!NetpIsRemote+137</avrf:trace>
      <avrf:trace>NETAPI32!NetpIsRemote+34a</avrf:trace>
      <avrf:trace>verifier!VerifierStopMessage+ea9</avrf:trace>
      <avrf:trace>vrfcore!__dyn_tls_init_callback+ffffffffffffffff</avrf:trace>
      <avrf:trace>ntdll!RtlReleasePebLock+28</avrf:trace>
      <avrf:trace>ntdll!LdrFindResourceDirectory_U+9bf</avrf:trace>
      <avrf:trace>ntdll!RtlGetNtVersionNumbers+102</avrf:trace>
      <avrf:trace>ntdll!LdrInitShimEngineDynamic+13c</avrf:trace>
      <avrf:trace>ntdll!LdrInitializeThunk+10</avrf:trace>
    Wednesday, September 10, 2008 7:51 AM
  • Hi,

     

    If the “Severity=Error” is searched and you get an Access Denied as the reason, you will need to search for that key on MSDN. If it is a published WRP registry key then you will find it in the list. 

     

    There are some WRP keys that are not published. In case if you are having such keys then you will have to manually go to the key and verify permissions. However if only the ADMINISTRATOR has rights (not SYSTEM, USERS…etc…but only ADMINISTRATOR) then it is probably a non published protected registry key. 

     

    Please Note, not all Access Denied registry entries will constitute failing the test case, because not all Access Denied messages are a result of accessing a WRP key, it could be a result of invalid hooking of the key. You will have to investigate that. 

     

    The other is if the “Severity=Error” indicates a replacement failure of a WRP File (such as kernel32.dll) it will indicate that the file was unable to be replaced.

    However you will get more clarification on the same at http://forums.microsoft.com/MSDN/ShowPost.aspx?PostID=1030641&SiteID=1.

     

    Hope above clarifies.

    Thanks.

     

    Wednesday, September 10, 2008 9:54 PM
  • Hello Pooja.Katiyar 

         Thanks very much for your every words!      

          We careful observed process monitor during SST.msi installtime.We found there are "msiexec.exe  (System)" and "msiexec.exe*32 (administrators)" in process monitor,noted "pid" matched two process image. contrast two pid with result of AppVerifier logs .AppVerifier logs "OpenProcess: Process (pid 0x0000092c) only grants requested 'PROCESS_VM_READ' to 'NT AUTHORITY\SYSTEM, BUILTIN\Administrators'" ,

    "Process (pid 0x0000092c) "is msiexec.exe*32's pid. the error is come from here.

     

    I don't know about SST.msi and msiexec.exe Which  caused the "331B"error ?

     

           The second testcase ,analyse the AppVerifier log  by WRP Identifier tool,the result show there are no registry Keys and WRP files were writed or modiftied.

           Above two test result,Can we pass TC2.4.1?

    Thursday, September 11, 2008 9:00 AM
  • Hi,

     

    If there are no registry keys and WRP files those were written/modified, then you can ignore this error and continue further.

     

     

    Thanks.

    Thursday, September 11, 2008 1:03 PM
  •  

    Thank you very much ! 
    I am waiting for this answer for a long time.
     
           And ,and,I would like to advice you another question,it is about "Which version of the APPVerifier more appropriate for testing  SST?"
          The test pc is a amd64 bit CPU PC,SST is not real 64 bit  program( The new 64 bit SST modified on the basis of 32 bit SST which is a mature software ,therefore SST 64 bit can run at 64 bit CPU PC).

           When  test "TC2.4.1 : Does the application attempt to write to or replace files under Windows Resource Protection?" at amd64 bit cpu PC ;

    Use "ApplicationVerifier.amd64" to test SST,the result file shows "103 error"and" 504 warning" which include 16 [LayerName="LuaPriv" StopCode="0x331B" Severity="Error"];

             But use "ApplicationVerifier.X86" to test SST,the result file shows "4 error"and "53 warning" which include only one [LayerName="LuaPriv" StopCode="0x331B" Severity="Error"].

    64 bit SST installed in Program Files(x86) by the default installation.64 bit SST includes 64 bit drivers and other files are 32bit .

             Which version of the APPVerifier more appropriate for testing  SST ?

    Friday, September 12, 2008 1:07 AM
  • Hello Bukaiwen,

     

    When deciding which version of Application Verifier to use during any test case, please use this simple criteria.

     

    Match the "bitness'.

     

    Use amd64 version of Application Verifier for native 64 bit binaries. x86 for 32 bit binaries.

     

    Also, I do not suggest the use of WRP Identifier tool, as it has never worked consistently on Windows Server 2008. If you are not finding any errors, you may miss errors that can be encountered during actual Certification testing, causing delays and failures.

     

     

    Thank you for your question,

     

    Friday, September 12, 2008 11:37 PM