Microsoft publishes way too many tools to check all of them out. One pretty cool debugging tool is Application Verifier which you can download here. The official docs mention that it is only meant for unmanaged code. But it does work in mixed mode applications as well so you can try to hunt down your managed heap corruption, double closed handles, … with this tool.
When you start it the first time you select the executable you want to check and then enable from the right menu the checks you want to enable:
For most checks you need to start (or attach) the application under a debugger. When a fishy condition is found by Application Verifier it will either cause a debugger break or an exception. Then you can find out with the !avrf (ups did I mention that there is only one true debugger: Windbg out there) debugger extension command what check was triggered.
The only thing that bugged me for quite some time that I could enable checks but when a check did assert I could not use the debugger command !avrf. The documentation (Help – Help) does mention problems very briefly without being helpful:
If symbols for ntdll.dll and verifier.dll are missing, the !avrf extension will generate an error message.
When I tried to use it
windbg FastRegex.exe
I was greeted with the message
0:000> !avrf
Verifier package version >= 3.00
*** ERROR: Module load completed but symbols could not be loaded for C:\Windows\SYSTEM32\vfbasics.dll
*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: vfbasics!_AVRF_EXCEPTION_LOG_ENTRY ***
*** ***
*************************************************************************
No type information found for `_AVRF_EXCEPTION_LOG_ENTRY'.
Please fix the symbols for `vfbasics.dll'.
How nice. Ok no problem I thought I only have to check my symbol path (correct) and reload the pdbs with .reload –f for all loaded modules and try again. But the result was that the message did not go away although I did have the pdbs loaded. What the heck was going on? Google did lead no results (yes I am not working for MS so I can still use Google ;-)). But luckily I know people who work for MS and know what was wrong.
The solution was to prepend the symbol path with C:\Windows\system32 and then the rest. Why? Application Verifier does install private symbols into the system32 directory. When I did reload the pdbs for the missing symbols due to my malformed symbol path I did get from the MS symbol server the stripped pdbs with only public symbols which are useless for the !avrf extension since it does use internal structures.
I could not believe it but this was the issue. It would be nice to update the docs to mention this pitfall. On my machine with AppVerfier 4.1.1078 I do get the following pdbs installed into the %WINDIR%\system32 directory.
08.02.2010 07:32 3.296.256 appverif.pdb
08.02.2010 07:32 2.419.712 vfbasics.pdb
08.02.2010 07:32 5.172.224 vfcompat.pdb
08.02.2010 07:32 4.344.832 vfLuaPriv.pdb
08.02.2010 07:32 240.640 vfntlmless.pdb
08.02.2010 07:32 3.927.040 vfprint.pdb
08.02.2010 07:32 4.697.088 vfprintpthelper.pdb
08.02.2010 07:32 1.690.624 vrfcore.pdb
After that I could use Application Verifier as the docs state.