Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Application Verifier (AppVerifier) is a runtime verification tool for unmanaged code. The tool is helpful for finding issues that can be difficult to identify with standard application testing or driver testing techniques. AppVerifier can assist with locating subtle programming errors, security issues, and limited user account privilege problems.
Overview of AppVerifier
One of the most significant challenges for programmers, software architects, testers, and security consultants, is understanding the variable execution paths of applications when they're deployed into production. Even with access to source code, it can be difficult to grasp everything that can occur during execution. Various dependencies like multiple groups contributing to code or exercising external components can increase the complexity for troubleshooting.
AppVerifier (AppVerif.exe) is a dynamic verification tool for user-mode applications. It can detect errors in any user-mode application that isn't based on managed code, including user-mode drivers. The tool monitors application actions while the application runs. It subjects the application to various stresses and tests, and generates a report about potential errors in application execution or design.
When used throughout the software development lifecycle, AppVerifier can bring cost benefits to development efforts. It facilitates identifying problems early on when they're easier and cheaper to fix. The tool also helps to detect errors that were previously unnoticed. It ensures the final application can be executed in restricted (for example, nonadmin) environments.
AppVerifier installation and requirements
AppVerifier is included in the Windows Software Development Kit (SDK). To install Application Verifier, select the checkbox for the tool during installation of the SDK.
To use AppVerifier, review the following conditions and requirements:
You can use AppVerifier alone or with a user-mode debugger.
The current user must be a member of the Administrators group on the computer.
AppVerifier doesn't support ARM64EC.
Data you can check with AppVerifier
AppVerifier is a tool designed to detect and help debug memory corruptions, critical security vulnerabilities, and limited user account privilege issues. AppVerifier aids in the creation of reliable and secure applications by monitoring an application's interaction with the Microsoft Windows operating system. It profiles the operating system's use of objects, the registry, the file system, and Win32 APIs (including heaps, handles, and locks). AppVerifier also includes checks to predict how well the application can perform in nonadmin environments.
Problems you can investigate with AppVerifier
AppVerifier helps determine when an application is using APIs correctly. The tool can check for the following issues in your application:
- Unsafe TerminateThread APIs
- Incorrect use of Thread Local Storage (TLS) APIs
- Incorrect use of virtual space manipulations (for example, VirtualAlloc, MapViewOfFile)
- Application hides access violations by using structured exception handling
- Application attempts to use invalid handles
- Memory corruptions or issues in the heap
- Application runs out of memory under low resources
- Incorrect use of critical sections
- Application running in an administrative environment can't run in an environment with reduced privileges
- Application running as a limited user might cause potential problems
- Uninitialized variables in future function calls in a thread's context
Tests you can run with AppVerifier
AppVerifier consists of sets of tests called "verification layers." The layers can be turned on or off for each application you check.
To view the specific tests, expand the verification layer within the set.
To turn on a test for the application, select the checkbox for the test.
To turn on all the tests in a verification layer, such as Basics, select the checkbox at the top level.
The following table lists the 13 test types AppVerifier can perform and provides links to articles for more information.
| Test type | Description | More information |
|---|---|---|
| Basics | At a minimum, you should run Application Verifier with the Basics setting selected. Each basic test checks an area that can cause crashes or other negative scenarios that have a direct and significant effect on the customer experience. | Application Verifier - Tests within Application Verifier (Basics) |
| Compatibility | Compatibility Verification Layer tests help to identify an application that might have problems with the Microsoft Windows operating system. Many of these checks can also be used to test for the logo requirements. | Application Verifier - Tests within Application Verifier (Compatibility) |
| Cuzz | The Concurrency Fuzzing (Cuzz) verification layer detects concurrency bugs and data race conditions. Cuzz adjusts thread scheduling by injecting random delays at key points in the application code. | Application Verifier - Tests within Application Verifier (Cuzz) |
| Low Resource Simulation | Low resource simulation tries to simulate an environment under low resources, such as out of memory. This simulation identifies bugs that occur in low memory conditions. This test is also referred to as Fault Injection. | Application Verifier - Tests within Application Verifier (Low Resource Simulation) |
| LuaPriv | Limited User Account Privilege Predictor (LuaPriv) tests are both predictive and diagnostic, and work to surface issues related to running an application with administrative privilege. The tests also reveal whether the application can work if you run the app with reduced privilege (generally, as a general user). | Application Verifier - Tests within Application Verifier (LuaPriv) |
| Miscellaneous | Miscellaneous tests check for an assortment of conditions, such as detecting dangerous APIs that execute unsafe actions. | Application Verifier - Tests within Application Verifier (Miscellaneous) |
| Networking | The networking tests look for improper use of WinSock APIs. For example, if a Networking API calls before a successful call to the WSAStartup() method, or after a balancing successful call to the WSACleanup() method. |
Application Verifier - Tests within Application Verifier (Networking) |
| NTLM | Monitors the use of the authentication APIs AcquireCredentialsHandle and InitializeSecurityContext to detect uses of the NT LAN Manager (NTLM) protocol. The NTLM is an outdated authentication protocol with flaws that potentially compromise the security of applications and the operating system. |
Application Verifier - Tests within Application Verifier (NTLM) |
| Printing | The Print Verifier helps find and troubleshoot issues that can result when an application calls the print subsystem. Print Verifier targets the two layers of the print subsystem, the PrintAPI layer and the PrintDriver layer. | Application Verifier - Tests within Application Verifier (Printing) |
| Webservices | The Windows Webservices API (WWSAPI) Verification Layer checks for proper use of WWSAPI, such as a WWSAPI call that references an invalid intrinsic WWSAPI object, or a WWSAPI call with references to a single-threaded object already in use. |