debugging library load issues on windows

 Posted on October 31, 2017

gflags is quite a versatile tool for debugging all low level things. I have been using it in particular to debug heap and library load issues.

one can launch the gui, however i have preferred cmd line usage more often.

to enable library load debugging:

gflags -i <your-app.exe> +sls

Just ensure you do gflags -i <your-app.exe> -sls to remove loader-snaps

then launch & attach debugger to your app, or start it from debugger- it should provide you wealth of information about how library loads happen on windows.

Here is one such output taken from windbg, towards the end of listing it identified LoadLibrary failed as exported symbol could not be located.

14ad0:7084 @ 540581859 - LdrLoadDll - ENTER: DLL name: xmlExtensions
14ad0:7084 @ 540581859 - LdrpLoadDllInternal - ENTER: DLL name: xmlExtensions.DLL
14ad0:7084 @ 540581859 - LdrpLoadDllInternal - RETURN: Status: 0x00000000
14ad0:7084 @ 540581859 - LdrLoadDll - RETURN: Status: 0x00000000
14ad0:7084 @ 540581859 - LdrpGetProcedureAddress - INFO: Locating procedure "..." by name
14ad0:7084 @ 540581859 - LdrGetDllHandleEx - ENTER: DLL name: xmlAdapter
14ad0:7084 @ 540581859 - LdrpFindLoadedDllInternal - RETURN: Status: 0xc0000135
14ad0:7084 @ 540581859 - LdrGetDllHandleEx - RETURN: Status: 0xc0000135
14ad0:7084 @ 540581859 - LdrLoadDll - ENTER: DLL name: D:\workdir\wntx64\lib\xmlAdapter.dll
14ad0:7084 @ 540581859 - LdrpLoadDllInternal - ENTER: DLL name: D:\workdir\wntx64\lib\xmlAdapter.dll
14ad0:7084 @ 540581859 - LdrpResolveDllName - ENTER: DLL name: D:\workdir\wntx64\lib\xmlAdapter.dll
14ad0:7084 @ 540581859 - LdrpResolveDllName - RETURN: Status: 0x00000000
14ad0:7084 @ 540581859 - LdrpMapViewOfSection - ENTER: DLL name: D:\workdir\wntx64\lib\xmlAdapter.dll
ModLoad: 00007ffa`05ad0000 00007ffa`05faf000   D:\workdir\wntx64\lib\xmlAdapter.dll
14ad0:7084 @ 540581859 - LdrpMapViewOfSection - RETURN: Status: 0x00000000
14ad0:7084 @ 540581859 - LdrpFindDllActivationContext - INFO: Probing for the manifest of DLL "D:\workdir\wntx64\lib\xmlAdapter.dll" failed with status 0xc000008a
14ad0:7084 @ 540581859 - LdrpFindKnownDll - ENTER: DLL name: Tk100.dll
14ad0:7084 @ 540581859 - LdrpFindKnownDll - RETURN: Status: 0xc0000135
14ad0:1f750 @ 540581859 - LdrpSearchPath - ENTER: DLL name: Tk100.dll
14ad0:7084 @ 540581859 - LdrpPreprocessDllName - INFO: DLL api-ms-win-crt-runtime-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\ucrtbase.dll by API set
14ad0:7084 @ 540581859 - LdrpPreprocessDllName - INFO: DLL api-ms-win-crt-heap-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\ucrtbase.dll by API set
14ad0:7084 @ 540581859 - LdrpPreprocessDllName - INFO: DLL api-ms-win-crt-convert-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\ucrtbase.dll by API set
14ad0:7084 @ 540581859 - LdrpPreprocessDllName - INFO: DLL api-ms-win-crt-stdio-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\ucrtbase.dll by API set
14ad0:7084 @ 540581859 - LdrpPreprocessDllName - INFO: DLL api-ms-win-crt-filesystem-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\ucrtbase.dll by API set
14ad0:7084 @ 540581859 - LdrpPreprocessDllName - INFO: DLL api-ms-win-crt-locale-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\ucrtbase.dll by API set
14ad0:7084 @ 540581859 - LdrpPreprocessDllName - INFO: DLL api-ms-win-crt-math-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\ucrtbase.dll by API set
14ad0:7084 @ 540581859 - LdrpPreprocessDllName - INFO: DLL api-ms-win-crt-environment-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\ucrtbase.dll by API set
14ad0:7084 @ 540581859 - LdrpPreprocessDllName - INFO: DLL api-ms-win-crt-time-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\ucrtbase.dll by API set
14ad0:7084 @ 540581859 - LdrpPreprocessDllName - INFO: DLL api-ms-win-crt-string-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\ucrtbase.dll by API set
14ad0:1f750 @ 540581859 - LdrpComputeLazyDllPath - INFO: DLL search path computed: D:\workdir\;C:\WINDOWS\SYSTEM32;C:\WINDOWS\system;C:\WINDOWS;.;D:\workdir\wntx64\lib;C:\apps\Java\jre8x64\bin;C:\windbg
14ad0:1f750 @ 540581859 - LdrpResolveDllName - ENTER: DLL name: D:\workdir\Tk100.dll
14ad0:1f750 @ 540581859 - LdrpResolveDllName - RETURN: Status: 0xc0000135
14ad0:1f750 @ 540581859 - LdrpResolveDllName - ENTER: DLL name: C:\WINDOWS\SYSTEM32\Tk100.dll
14ad0:1f750 @ 540581859 - LdrpResolveDllName - RETURN: Status: 0xc0000135
14ad0:1f750 @ 540581859 - LdrpResolveDllName - ENTER: DLL name: C:\WINDOWS\system\Tk100.dll
14ad0:1f750 @ 540581859 - LdrpResolveDllName - RETURN: Status: 0xc0000135
14ad0:1f750 @ 540581859 - LdrpResolveDllName - ENTER: DLL name: C:\WINDOWS\Tk100.dll
14ad0:1f750 @ 540581859 - LdrpResolveDllName - RETURN: Status: 0xc0000135
14ad0:1f750 @ 540581859 - LdrpResolveDllName - ENTER: DLL name: .\Tk100.dll
14ad0:1f750 @ 540581859 - LdrpResolveDllName - RETURN: Status: 0xc0000135
14ad0:1f750 @ 540581859 - LdrpResolveDllName - ENTER: DLL name: D:\workdir\wntx64\lib\Tk100.dll
14ad0:1f750 @ 540581859 - LdrpResolveDllName - RETURN: Status: 0x00000000
14ad0:1f750 @ 540581859 - LdrpSearchPath - RETURN: Status: 0x00000000
14ad0:1f750 @ 540581859 - LdrpMapViewOfSection - ENTER: DLL name: D:\workdir\wntx64\lib\Tk100.dll
ModLoad: 00000000`77840000 00000000`77ffd000   D:\workdir\wntx64\lib\Tk100.dll
14ad0:1f750 @ 540581859 - LdrpMapViewOfSection - RETURN: Status: 0x00000000
14ad0:de9c @ 540581859 - LdrpNameToOrdinal - WARNING: Procedure "?eAnnLineSymbol@xml60@@3VeAnnLineSymbol@1@A" could not be located in DLL at base 0x00007FFA065A0000.
14ad0:de9c @ 540581859 - LdrpReportError - ERROR: Locating export "?eAnnLineSymbol@plmxml60@@3VeAnnLineSymbol@1@A" for DLL "D:\workdir\wntx64\lib\xmlAdapter.dll" failed with status: 0xc0000139.
(14ad0.de9c): Unknown exception - code c0000139 (first chance)
14ad0:de9c @ 540581859 - LdrpGenericExceptionFilter - ERROR: Function LdrpSnapModule raised exception 0xc0000139
Exception record: .exr 0000000000D9EE70
Context record: .cxr 0000000000D9E980
 
windows  debug  windbg