[SOLVED] Application Verifier WOW cannot start in GUI mode

Application Verifier WOW cannot start in GUI mode

I have an application debug environmental problem. About the closest I can find to my question in StackOverflow is

Application Verifier fails to start on 3 separate Windows machines here

This is not a duplicate, because the behaviour is different. (However, I take the existence of that question to mean that this question is also on-topic). Unlike that question, there are no entries about appverif in the event viewer.

I have installed (and re, and re-re-installed) Windows Software Development Kit - 10.0.26100.4188, enabling App Verifier and Debugging Tools for Windows.

When I start Application Verifier (X64) as an administrator, it succeeds and shows the normal GUI. However, I cannot debug my application in 64-bit mode; I need 32-bit mode. When I start Application Verifier (WOW) as an administrator from the start menu, I see a console window very briefly flash and disappear so fast that I can't see what it's complaining about.

When I attempt the same but from PowerShell,

& "C:\Windows\SysWOW64\appverif.exe"
Application Verifier Command Line Usage:

    -enable TEST ... -for TARGET ... [-with [TEST.]PROPERTY=VALUE ...]
    -disable TEST ... -for TARGET ...
    -query TEST ... -for TARGET ...
    -configure STOP ... -for TARGET ... -with PROPERTY=VALUE...
    -verify TARGET [-faults [PROBABILITY [TIMEOUT [DLL ...]]]]
    -export log -for TARGET -with To=XML_FILE [Symbols=SYMBOL_PATH] [StampFrom=LOG_STAMP] [StampTo=LOG_STAMP] [Log=RELATIVE_TO_LAST_INDEX]
    -delete {logs|settings} -for TARGET ...
    -stamp log -for TARGET -with Stamp=LOG_STAMP [Log=RELATIVE_TO_LAST_INDEX]
    -logtoxml LOGFILE XMLFILE
    -installprovider PROVIDERBINARY
    -sppath [PROTECTED_PROCESS_LOG_PATH]
    -cppath
    -logtofile [enable | disable]

Available Tests:

    Heaps
    Handles
    Locks
    Memory
    TLS
    Exceptions
    DirtyStacks
    LowRes
    DangerousAPIs
    TimeRollOver
    Threadpool
    Leak
    SRWLock
    LuaPriv
    PrintAPI
    PrintDriver
    Networking
    NTLMCaller
    NTLMDowngrade
    Webservices
    Cuzz

(For descriptions of tests, run appverif.exe in GUI mode.)

Examples:
    appverif -enable handles locks -for foo.exe bar.exe
        (turn on handles locks for foo.exe & bar.exe)
    appverif -enable heaps handles -for foo.exe -with heaps.full=false
        (turn on handles and normal pageheap for foo.exe)
    appverif -enable heaps -for foo.exe -with full=true dlls=mydll.dll
        (turn on full pageheap for foo.exe excluding the module of mydll.dll)
    appverif -enable * -for foo.exe
        (turn on all tests for foo.exe)
    appverif -disable * -for foo.exe bar.exe
        (turn off all tests for foo.exe & bar.exe)
    appverif -disable * -for *
        (wipe out all the settings in the system)
    appverif -export log -for foo.exe -with to=c:\sample.xml
        (export the most recently log associated with foo.exe to c:\sample.xml)
    appverif /verify notepad.exe /faults 50000 1000 kernel32.dll advapi32.dll
        (enable fault injection for notepad.exe. Faults should happen with
         probability 5%, only 1000 msecs after process got launched and only
         for operations initiated from kernel32.dll and advapi32.dll)
    appverif -sppath c:\ProtectedProcessLogs
        (set protected process log path to c:\ProtectedProcessLogs)
    appverif -cppath
        (clear protected process log path)
    appverif -logtofile disable
        (disable appverifier logging to a file for all applications)

It hints at a GUI mode but does not describe how to start it in the documentation above. The 64-bit version's shortcut (which does succeed in starting in GUI mode) does not pass any arguments. How do I start the WOW version in GUI mode? I could in theory run my WOW configuration from the terminal but this is going to be very painful.

In desperation, I have even tried tailoring a CreateProcess call via the Python API like this:

import subprocess

# https://learn.microsoft.com/en-us/windows/win32/api/winuser/nf-winuser-showwindow#parameters
SW_NORMAL = 1
SW_SHOW = 5

with subprocess.Popen(
    args=(r'C:\Windows\SysWOW64\appverif.exe',),
    stdin=None, stdout=None, stderr=None, close_fds=True,
    shell=False,
    startupinfo=subprocess.STARTUPINFO(
        dwFlags=subprocess.STARTF_USESHOWWINDOW,
        wShowWindow=SW_SHOW,
    ),
    # creationflags=
    #       subprocess.NORMAL_PRIORITY_CLASS
    #     | subprocess.CREATE_DEFAULT_ERROR_MODE,
) as proc:
    proc.wait(timeout=5)

but the behaviour does not change.

Solution

Looks like this particular version of the SDK installer is broken as it puts the 32-bit versions of appverifUI.dll and vfcompat.dll in the root of C:\ isntead of in C:\Windows\SysWOW64. Moving the files there fixes the issue.