Edit

Share via

Application Verifier - Stop Codes - LuaPriv

  • Article

The following stop codes are contained in this set of tests.

The Verifier could not get an object's name.

Probable cause

The Verifier attempted to canonicalize the name of an object opened by the application, but was unable to do so. This indicates that some diagnostic information may be missing from reports of security issues.

Information displayed by Application Verifier
  • Format: - Object: Unable to query the object's name 0x%x
  • Parameter 1 - Handle to the Object
  • Parameter 2 - NTSTATUS
  • Parameter 3 - Key Type
  • Parameter 4 - Key Data

Additional Information
  • Test Layer: LuaPriv
  • Stop ID: CANNOTQUERYOBJECT
  • Stop code: 3300NAN
  • Severity: Warning
  • One-time error: 
  • Error report: None
  • Log to file: yes
  • Create backtrace: yes

The Verifier could not get an object's path name.

Probable cause

The Verifier could not find the canonical path to the object. As a result, the object's name will probably be incomplete. This may make it difficult to locate the source of any problems the Predictor does find.

Information displayed by Application Verifier
  • Format: - Object: Could not get '%hs' from pathname (%ws) due to error 0x%x
  • Parameter 1 - Type of name (LPSTR)
  • Parameter 2 - Pathname (LPWSTR)
  • Parameter 3 - LastError
  • Parameter 4 - N/A

Additional Information
  • Test Layer: LuaPriv
  • Stop ID: CANTCANONICALIZEPATH
  • Stop code: 3300NAN
  • Severity: Warning
  • One-time error: 
  • Error report: None
  • Log to file: yes
  • Create backtrace: yes

The Verifier could not open an object.

Probable cause

The Verifier tried unsuccessfully to open an object to obtain information from it. The object was not analyzed.

Information displayed by Application Verifier
  • Format: - Object: Cannot open '%hs' (%ws) for '%hs' due to error 0x%x
  • Parameter 1 - Description of the object (LPSTR)
  • Parameter 2 - Object Pathname (LPWSTR)
  • Parameter 3 - Win32 Error
  • Parameter 4 - Parent handle (Registry only)

Additional Information
  • Test Layer: LuaPriv
  • Stop ID: CANTOPEN_NONCRITICAL
  • Stop code: 3300NAN
  • Severity: Warning
  • One-time error: 
  • Error report: None
  • Log to file: yes
  • Create backtrace: yes

Could not interpret HKEY_CURRENT_USER.

Probable cause

The Verifier was unable to interpret HKEY_CURRENT_USER in the way it was listed. Without knowing the canonical path to HKCU, registry keys there may be inappropriately flagged as restrictive by the Verifier.

Information displayed by Application Verifier
  • Format: - Registry: Could not '%hs' HKEY_CURRENT_USER due to error 0x%x
  • Parameter 1 - Win32 ErrorKey Handle (if open)
  • Parameter 2 - Key Handle (if open)
  • Parameter 3 - N/A
  • Parameter 4 - N/A

Additional Information
  • Test Layer: LuaPriv
  • Stop ID: BADHKCU
  • Stop code: 3300NAN
  • Severity: Warning
  • One-time error: 
  • Error report: None
  • Log to file: yes
  • Create backtrace: yes

Initialization failed.

Probable cause

The USERPROFILE environment variable could not be found. Because of this, the current user's profile could not be identified and opened; therefore, the Verifier might falsely identify some files and/or directories as being excessively restrictive.

Information displayed by Application Verifier
  • Format: - Profile: The USERPROFILE environment variable could not be found
  • Parameter 1 - N/A
  • Parameter 2 - N/A
  • Parameter 3 - N/A
  • Parameter 4 - N/A

Additional Information
  • Test Layer: LuaPriv
  • Stop ID: NO_USERPROFILE
  • Stop code: 3300NAN
  • Severity: Warning
  • One-time error: 
  • Error report: None
  • Log to file: yes
  • Create backtrace: yes

Okay Object.

Probable cause

The Verifier assumed that this object was inherently 'safe' due to its location.

Information displayed by Application Verifier
  • Format: - %hs: %hs '%ws' looks okay because it exists in (%ws)
  • Parameter 1 - Object Name
  • Parameter 2 - Object Type
  • Parameter 3 - Object Prefix
  • Parameter 4 - Object Handle (if available)

Additional Information
  • Test Layer: LuaPriv
  • Stop ID: OK_OBJECT_PREFIX
  • Stop code: 3300NAN
  • Severity: Info
  • One-time error: 
  • Error report: None
  • Log to file: no
  • Create backtrace: yes

Object opened/created in a restricted namespace.

Probable cause

This object was found in the listed namespace, which is not writable by standard users. Use the Local\ prefix for standard user account compliance.

Information displayed by Application Verifier
  • Format: - %hs: %hs '%ws' is in restricted namespace (%ws)
  • Parameter 1 - Object Type
  • Parameter 2 - Object Name
  • Parameter 3 - Namespace
  • Parameter 4 - Object Handle (if available)

Additional Information
  • Test Layer: LuaPriv
  • Stop ID: RESTRICTED_NAMESPACE
  • Stop code: 3300NAN
  • Severity: Error
  • One-time error: 
  • Error report: None
  • Log to file: yes
  • Create backtrace: yes

Object opened/created without a namespace.

Probable cause

This object was created without a namespace, which can cause it to be created in Session\ or Global\, depending on whether Terminal Server is used. Use the Local\ prefix for standard user account compliance. Note: In Windows Vista, the object will be created in the Local\ namespace.

Information displayed by Application Verifier
  • Format: - %hs: %hs '%ws' has no namespace
  • Parameter 1 - Object Type
  • Parameter 2 - Object Name
  • Parameter 3 - N/A
  • Parameter 4 - Object Handle (if available)

Additional Information
  • Test Layer: LuaPriv
  • Stop ID: NO_NAMESPACE
  • Stop code: 3300NAN
  • Severity: Warning
  • One-time error: 
  • Error report: None
  • Log to file: yes
  • Create backtrace: yes

The Verifier could not find the parent directory.

Probable cause

The Verifier attempted to determine where a file or directory resided, but an error prevented this.

Information displayed by Application Verifier
  • Format: - %hs: Could not canonicalize (%ws) due to error 0x%x
  • Parameter 1 - API Name
  • Parameter 2 - Child Name
  • Parameter 3 - Win32 Error
  • Parameter 4 - N/A

Additional Information
  • Test Layer: LuaPriv
  • Stop ID: CANTGETPARENT
  • Stop code: 3300NAN
  • Severity: Warning
  • One-time error: 
  • Error report: None
  • Log to file: yes
  • Create backtrace: yes

The Verifier could not open an object's parent.

Probable cause

The Verifier was unable to open the parent of the given object (to determine whether standard users would be able to create child objects). As a result, the parent has not been analyzed.

Information displayed by Application Verifier
  • Format: - File: Could not open '%hs' (%ws) to validate call to %hs '%ws' due to error 0x%x
  • Parameter 1 - Parent Object Name
  • Parameter 2 - Child Object Name
  • Parameter 3 - Win32 Error
  • Parameter 4 - Child Object Handle (if available)

Additional Information
  • Test Layer: LuaPriv
  • Stop ID: CANT_OPEN_PARENT
  • Stop code: 3300NAN
  • Severity: Warning
  • One-time error: 
  • Error report: None
  • Log to file: yes
  • Create backtrace: yes

The application is running with privilege.

Probable cause

The verifier discovered that the application was being run by an administrative user. This may be already known, but when intentionally running as a standard user, the user account should not be a member of the listed group.

Information displayed by Application Verifier
  • Format: - Running as a user in privileged group '%ws'
  • Parameter 1 - Privileged Group
  • Parameter 2 - N/A
  • Parameter 3 - N/A
  • Parameter 4 - N/A

Additional Information
  • Test Layer: LuaPriv
  • Stop ID: NON_LUA_USER
  • Stop code: 3300NAN
  • Severity: Info
  • One-time error: 
  • Error report: None
  • Log to file: no
  • Create backtrace: yes

Sid conversion failed.

Probable cause

The Verifier failed to convert a static (configuration) Security Identifier (SID) from the human-readable form to the form usable by Windows.

Information displayed by Application Verifier
  • Format: - Failed to convert '%hs' to sid due to error 0x%x
  • Parameter 1 - String Sid
  • Parameter 2 - Win32 Error
  • Parameter 3 - N/A
  • Parameter 4 - N/A

Additional Information
  • Test Layer: LuaPriv
  • Stop ID: STRING2SID_FAILED
  • Stop code: 3300NAN
  • Severity: Warning
  • One-time error: 
  • Error report: None
  • Log to file: yes
  • Create backtrace: yes

The application called the GetTokenInformation function.

Probable cause

The application called the GetTokenInformation function and requested the listed class of information. This will work as a standard user, but it generally indicates that the application expects to be run by an administrator and is examining the access token to determine this.

Information displayed by Application Verifier
  • Format: - Privs: Called GetTokenInformation, requesting '%hs'
  • Parameter 1 - Type Name
  • Parameter 2 - Type
  • Parameter 3 - N/A
  • Parameter 4 - N/A

Additional Information
  • Test Layer: LuaPriv
  • Stop ID: GETTOKENINFO
  • Stop code: 3300NAN
  • Severity: Warning
  • One-time error: 
  • Error report: None
  • Log to file: yes
  • Create backtrace: yes

Cannot find the canonical name for a privilege.

Probable cause

This privilege probably does not exist on your version of Windows. This break message is no cause for concern and is purely diagnostic information.

Information displayed by Application Verifier
  • Format: - Could not determine displayname of '%ws' due to error 0x%x
  • Parameter 1 - Privilege Name
  • Parameter 2 - Win32 Error
  • Parameter 3 - N/A
  • Parameter 4 - N/A

Additional Information
  • Test Layer: LuaPriv
  • Stop ID: UNKNOWN_PRIVILEGE
  • Stop code: 3300NAN
  • Severity: Info
  • One-time error: 
  • Error report: None
  • Log to file: yes
  • Create backtrace: yes

The Verifier could not look up the privilege.

Probable cause

The Verifier was prevented from looking up the name of the privilege with the listed LUID. This will prevent the Verifier from producing certain diagnostics.

Information displayed by Application Verifier
  • Format: - Could not determine name of privilege for '%hs' due to error 0x%x
  • Parameter 1 - Privilege LUID *
  • Parameter 2 - Requesting API
  • Parameter 3 - Win32 Error
  • Parameter 4 - N/A

Additional Information
  • Test Layer: LuaPriv
  • Stop ID: PRIV_LOOKUP_FAILED
  • Stop code: 3300NAN
  • Severity: Warning
  • One-time error: 
  • Error report: None
  • Log to file: yes
  • Create backtrace: yes

Requested a security-relevant privilege.

Probable cause

The application requested (and received) the listed privilege, which is not granted to standard users. This API call will fail as a standard user account, which may have performance and audit implications in addition to having an impact on the functionality of the application.

Information displayed by Application Verifier
  • Format: - Privs: Requested %ws%hs%ws%hs with %hs successfully
  • Parameter 1 - Privilege LUID *
  • Parameter 2 - Privilege's display name (if available)
  • Parameter 3 - Requesting API
  • Parameter 4 - N/A

Additional Information
  • Test Layer: LuaPriv
  • Stop ID: USED_PRIVILEGE_LUID
  • Stop code: 3300NAN
  • Severity: Error
  • One-time error: 
  • Error report: None
  • Log to file: yes
  • Create backtrace: yes

The application requested a security-relevant privilege.

Probable cause

The application unsuccessfully requested the listed privilege, which is not granted to standard users. The API call will fail as a standard user, which may have performance and audit implications, in addition to having an impact on the application's functionality.

Information displayed by Application Verifier
  • Format: - Privs: Requested %ws%hs%ws%hs with %hs, but was denied
  • Parameter 1 - Privilege LUID *
  • Parameter 2 - Privilege's display name (if available)
  • Parameter 3 - Requesting API
  • Parameter 4 - N/A

Additional Information
  • Test Layer: LuaPriv
  • Stop ID: FAILED_PRIVILEGE_LUID
  • Stop code: 3300NAN
  • Severity: Error
  • One-time error: 
  • Error report: None
  • Log to file: yes
  • Create backtrace: yes

The application is running with privilege.

Probable cause

The application was launched by a user with access to the listed privilege. This indicates that the user is not a standard user. This may already be known, but to run as a standard user, the user should NOT be granted the given listed privilege.

Information displayed by Application Verifier
  • Format: - Running as user with access to %ws%hs%ws%hs
  • Parameter 1 - Privilege LUID *
  • Parameter 2 - Privilege's display name (if available)
  • Parameter 3 - N/A
  • Parameter 4 - N/A

Additional Information
  • Test Layer: LuaPriv
  • Stop ID: PRIVILEGED_USER
  • Stop code: 3300NAN
  • Severity: Info
  • One-time error: 
  • Error report: None
  • Log to file: no
  • Create backtrace: yes

Failed to enable a non-security-relevant privilege.

Probable cause

The application requested the listed privilege unsuccessfully. Although this privilege is not security-relevant (E.G. a standard user might have the privilege), this could be indicative of nonstandard privilege requirements in the application. In this case, the application may generate excessive audit traffic or its functionality may be impaired.

Information displayed by Application Verifier
  • Format: - Privs: Could not enable '%ws' (the '%ws' privilege) with %hs
  • Parameter 1 - Privilege LUID *
  • Parameter 2 - Privilege's name
  • Parameter 3 - Requesting API
  • Parameter 4 - Privilege's displayname (if available)

Additional Information
  • Test Layer: LuaPriv
  • Stop ID: IRRELEVANT_PRIVILEGE_DENIED
  • Stop code: 3300NAN
  • Severity: Warning
  • One-time error: 
  • Error report: None
  • Log to file: yes
  • Create backtrace: yes

The application failed to enable a non-security relevant privilege.

Probable cause

The application requested the listed privilege unsuccessfully. Although this privilege is not security-relevant (E.G. a standard user might potentially have the privilege), this could be indicative of nonstandard privilege requirements in the application. In this case, the application may generate excessive audit traffic or its functionality may be impaired.

Information displayed by Application Verifier
  • Format: - Privs: Could not enable unknown privilege '%ws' with %hs
  • Parameter 1 - Privilege LUID *
  • Parameter 2 - Privilege's name
  • Parameter 3 - Requesting API
  • Parameter 4 - Privilege's displayname (if available)

Additional Information
  • Test Layer: LuaPriv
  • Stop ID: IRRELEVANT_UNKNOWN_PRIVILEGE_DENIED
  • Stop code: 3300NAN
  • Severity: Warning
  • One-time error: 
  • Error report: None
  • Log to file: yes
  • Create backtrace: yes

The Verifier could not query a registry value.

Probable cause

The Verifier tried unsuccessfully to query a registry value.

Information displayed by Application Verifier
  • Format: - Registry: Could not query value '%ws' due to error 0x%x
  • Parameter 1 - Key Handle
  • Parameter 2 - Value Name
  • Parameter 3 - Win32 Error
  • Parameter 4 - N/A

Additional Information
  • Test Layer: LuaPriv
  • Stop ID: CANT_QUERY_VALUE
  • Stop code: 3300NAN
  • Severity: Warning
  • One-time error: 
  • Error report: None
  • Log to file: yes
  • Create backtrace: yes

The Verifier could not parse an INI file mapping.

Probable cause

The application used an INI file that was mapped to a registry key by the system. While parsing the structure of that INI file mapping, the Verifier encountered unknown syntax. The API call has not been checked.

Information displayed by Application Verifier
  • Format: - Ini: Did not understand the '%ws' in '%ws' -- unknown INI file mapping prefix
  • Parameter 1 - Value Mapping
  • Parameter 2 - INI Mapping
  • Parameter 3 - N/A
  • Parameter 4 - N/A

Additional Information
  • Test Layer: LuaPriv
  • Stop ID: UNKNOWN_MAPPING
  • Stop code: 3300NAN
  • Severity: Warning
  • One-time error: 
  • Error report: None
  • Log to file: yes
  • Create backtrace: yes

The application was denied access to an object.

Probable cause

The application was denied access to the given profile section due to insufficient privilege. If the application's functionality is imparied, this access problem may be the cause.

Information displayed by Application Verifier
  • Format: - Ini: %hs Denied access to profile '%ws' due to error 0x%x
  • Parameter 1 - INI File (profile)
  • Parameter 2 - Section
  • Parameter 3 - Value
  • Parameter 4 - Win32 Error

Additional Information
  • Test Layer: LuaPriv
  • Stop ID: INI_PROFILE_ACCESS_DENIED
  • Stop code: 3300NAN
  • Severity: Warning
  • One-time error: 
  • Error report: None
  • Log to file: yes
  • Create backtrace: yes

The application was able to access the object's security descriptor.

Probable cause

The application was granted the requested access to this object. A standard user should also be able to access this object.

Information displayed by Application Verifier
  • Format: - %hs: (%ws) access 0x%x is okay '%hs'
  • Parameter 1 - Object Name
  • Parameter 2 - Access Requested
  • Parameter 3 - Security Descriptor
  • Parameter 4 - String Security Descriptor

Additional Information
  • Test Layer: LuaPriv
  • Stop ID: OK_OBJECT_DUMP
  • Stop code: 3300NAN
  • Severity: Info
  • One-time error: 
  • Error report: None
  • Log to file: no
  • Create backtrace: yes

The object's security descriptor is inaccessible.

Probable cause

The application was granted the requested access to this object. A standard user, however, may have trouble accessing this object.

Information displayed by Application Verifier
  • Format: - %hs: (%ws) access 0x%x granted to '%hs'
  • Parameter 1 - Object Name
  • Parameter 2 - Access Requested
  • Parameter 3 - Security Descriptor
  • Parameter 4 - String Security Descriptor

Additional Information
  • Test Layer: LuaPriv
  • Stop ID: BAD_OBJECT_DUMP
  • Stop code: 3300NAN
  • Severity: Warning
  • One-time error: 
  • Error report: None
  • Log to file: yes
  • Create backtrace: yes

Unable to display a security descriptor.

Probable cause

The Verifier attempted to display a security descriptor, but could not render it into human-readable form. This is probably due to low memory, but could be the result of a non-standard security descriptor.

Information displayed by Application Verifier
  • Format: - Could not convert %hs security descriptor '%ws' to text due to error 0x%x
  • Parameter 1 - Object Name
  • Parameter 2 - Object Type
  • Parameter 3 - Security Descriptor
  • Parameter 4 - Win32 Error

Additional Information
  • Test Layer: LuaPriv
  • Stop ID: SD2TEXT
  • Stop code: 3300NAN
  • Severity: Warning
  • One-time error: 
  • Error report: None
  • Log to file: yes
  • Create backtrace: yes

Deny Access Control Entry (ACE) encountered.

Probable cause

The application opened an object (such as a file or registry key) and requested access that was explicitly denied to one or more entities. Depending on who is denied access, this might prevent access by less-privileged users.

Information displayed by Application Verifier
  • Format: - %hs: (%ws) denies '%hs' to '%ws'
  • Parameter 1 - Object Type
  • Parameter 2 - Object Name
  • Parameter 3 - Access Control Entry
  • Parameter 4 - Access Mask

Additional Information
  • Test Layer: LuaPriv
  • Stop ID: DENY_ACE
  • Stop code: 3300NAN
  • Severity: Warning
  • One-time error: 
  • Error report: None
  • Log to file: yes
  • Create backtrace: yes

Access was restricted to trusted users only.

Probable cause

The application opened an object (such as a file or registry key) and requested access permissions that were granted solely to trusted users. This indicates that untrusted users will have difficulty running the application correctly.

Information displayed by Application Verifier
  • Format: - %hs: %hs (%ws) only grants requested '%hs' to '%ws'
  • Parameter 1 - Object Type
  • Parameter 2 - Object Name
  • Parameter 3 - Access Mask
  • Parameter 4 - String SID

Additional Information
  • Test Layer: LuaPriv
  • Stop ID: RESTRICTED_RIGHT
  • Stop code: 3300NAN
  • Severity: Error
  • One-time error: 
  • Error report: None
  • Log to file: yes
  • Create backtrace: yes

Access was restricted to trusted users only.

Probable cause

The application opened an object (such as a file or registry key) and requested access permissions that were granted solely to trusted users. This indicates that untrusted users will have difficulty running the application correctly. This message will always be followed by other messages.

Information displayed by Application Verifier
  • Format: - %hs: %hs (%ws) only grants requested '%hs' to '%ws' (and others-- see subsequent stops)
  • Parameter 1 - Object Type
  • Parameter 2 - Object Name
  • Parameter 3 - Access Mask
  • Parameter 4 - String SID

Additional Information
  • Test Layer: LuaPriv
  • Stop ID: RESTRICTED_RIGHT_MORE
  • Stop code: 3300NAN
  • Severity: Error
  • One-time error: 
  • Error report: None
  • Log to file: yes
  • Create backtrace: yes

Access is restricted solely to the owner.

Probable cause

The application opened an object (such as a file or registry key) and requested access that is granted to privileged entities AND TO THE OWNER. The owner is also currently privileged, suggesting that this object will not be accessible by unprivileged entities.

Information displayed by Application Verifier
  • Format: - %hs: %hs (%ws) grants '%hs' to 'Creator/Owner'. The current owner is '%ws'
  • Parameter 1 - Object Type
  • Parameter 2 - Object Name
  • Parameter 3 - Access Mask
  • Parameter 4 - SID of the current owner

Additional Information
  • Test Layer: LuaPriv
  • Stop ID: CREATOR_OWNER
  • Stop code: 3300NAN
  • Severity: Error
  • One-time error: 
  • Error report: None
  • Log to file: yes
  • Create backtrace: yes

Safe Object.

Probable cause

The application opened an object (such as a file or registry key) and requested access that is granted to at least one non-privileged entity (listed). This suggests that the same operation will work when attempted by non-privileged/standard users.

Information displayed by Application Verifier
  • Format: - %hs: (%ws) looks okay because it grants to '%ws'
  • Parameter 1 - Object Type
  • Parameter 2 - Object Name
  • Parameter 3 - Access Control Entry
  • Parameter 4 - N/A

Additional Information
  • Test Layer: LuaPriv
  • Stop ID: OK_OBJECT_GRANT
  • Stop code: 3300NAN
  • Severity: Info
  • One-time error: 
  • Error report: None
  • Log to file: no
  • Create backtrace: yes

Inaccessible object.

Probable cause

The application opened an object (such as a file or registry key) that grants no explicit access to anyone. Barring administrative intervention (such as SE_TAKEOWNERSHIP_PRIVILEGE or SE_BACKUP_PRIVILEGE), the operation being performed by the application should never succeed. Therefore, what the application is doing will not work for standard users.

Information displayed by Application Verifier
  • Format: - %hs: (%ws) DACL allows no access by 'anyone'
  • Parameter 1 - Object Type
  • Parameter 2 - Object Name
  • Parameter 3 - Object's DACL
  • Parameter 4 - N/A

Additional Information
  • Test Layer: LuaPriv
  • Stop ID: EMPTY_DACL
  • Stop code: 3300NAN
  • Severity: Error
  • One-time error: 
  • Error report: None
  • Log to file: yes
  • Create backtrace: yes

Part of a security descriptor is missing.

Probable cause

The Verifier attempted to analyze the object's security descriptor, but received an unexpected error when attempting to break it into pieces for scrutiny. This may suggest that the object's security descriptor could be invalid.

Information displayed by Application Verifier
  • Format: - Object: Could not query %hs (%ws) %hs due to error 0x%x
  • Parameter 1 - Object Name
  • Parameter 2 - What's Missing (string)
  • Parameter 3 - Security Descriptor
  • Parameter 4 - Win32 error

Additional Information
  • Test Layer: LuaPriv
  • Stop ID: MISSING_PIECE
  • Stop code: 3300NAN
  • Severity: Warning
  • One-time error: 
  • Error report: None
  • Log to file: yes
  • Create backtrace: yes

Part of a security descriptor is missing.

Probable cause

The Verifier attempted to analyze the object's security descriptor, but received an unexpected error when attempting to break it into pieces for scrutiny. This may suggest that the object's security descriptor could be invalid.

Information displayed by Application Verifier
  • Format: - Object: Could not retrieve ACE number %ld from %hs (%ws) DACL due to error 0x%x
  • Parameter 1 - Object Name
  • Parameter 2 - Missing ACE index
  • Parameter 3 - Security Descriptor
  • Parameter 4 - Win32 error

Additional Information
  • Test Layer: LuaPriv
  • Stop ID: MISSING_ACE
  • Stop code: 3300NAN
  • Severity: Warning
  • One-time error: 
  • Error report: None
  • Log to file: yes
  • Create backtrace: yes

The application requested MAXIMUM_ALLOWED access.

Probable cause

The application requested MAXIMUM_ALLOWED access to an object (such as a file or registry key). Because of this, the open function will always succeed, even if no permission is actually granted to the user. This is unacceptable programming practice. In addition, the Verifier cannot authoritatively determine what rights the application actually needs in order to operate. The Verifier has attempted to analyze the application as if all access privileges granted were actually required, which may cause false-positives.

Information displayed by Application Verifier
  • Format: - %hs: Opened (%ws) with '%hs' for 0x%x (%hsMAXIMUM_ALLOWED), was granted 0x%x access
  • Parameter 1 - Object Type
  • Parameter 2 - Object Name
  • Parameter 3 - Requested Access
  • Parameter 4 - Granted Access

Additional Information
  • Test Layer: LuaPriv
  • Stop ID: MAXIMUM_ALLOWED
  • Stop code: 3300NAN
  • Severity: Warning
  • One-time error: 
  • Error report: None
  • Log to file: yes
  • Create backtrace: yes

The application requested MAXIMUM_ALLOWED access.

Probable cause

The application requested MAXIMUM_ALLOWED access to an object (such as a file or registry key). Because of this, the open function will always succeed, even if no permission is actually granted to the user. This is unacceptable programming practice. In addition, the Verifier cannot authoritatively determine what rights the application actually needs in order to operate. The Verifier has attempted to determine what rights might have been granted to the application by the object, but failed to do so.

Information displayed by Application Verifier
  • Format: - %hs: Opened (%ws) with '%hs' for 0x%x (%hsMAXIMUM_ALLOWED), but granted access could not be determined due to error 0x%x. The object should be checked manually
  • Parameter 1 - Object Type
  • Parameter 2 - Object Name
  • Parameter 3 - Requested Access
  • Parameter 4 - Error Value

Additional Information
  • Test Layer: LuaPriv
  • Stop ID: UNKNOWN_MAXIMUM_ALLOWED
  • Stop code: 3300NAN
  • Severity: Warning
  • One-time error: 
  • Error report: None
  • Log to file: yes
  • Create backtrace: yes

Skipped unknown permissions.

Probable cause

The application requested permissions that are unknown to the Verifier. Lacking context, the Predictor cannot currently diagnose problems relating to these access bits.

Information displayed by Application Verifier
  • Format: - Did not check unknown permissions 0x%x on '%hs' (%ws)
  • Parameter 1 - Object Type
  • Parameter 2 - Object Name
  • Parameter 3 - Unknown access mask bits
  • Parameter 4 - Security Descriptor

Additional Information
  • Test Layer: LuaPriv
  • Stop ID: UNKNOWN_PERMS
  • Stop code: 3300NAN
  • Severity: Warning
  • One-time error: 
  • Error report: None
  • Log to file: yes
  • Create backtrace: yes

The application was granted access to an object.

Probable cause

The application was granted access to the given profile section. The profile section has not yet been analyzed for security relevance. This message is for debugging purposes only.

Information displayed by Application Verifier
  • Format: - Ini: %hs Granted access to profile '%ws'
  • Parameter 1 - INI File (profile)
  • Parameter 2 - Section
  • Parameter 3 - Value
  • Parameter 4 - Win32 Error

Additional Information
  • Test Layer: LuaPriv
  • Stop ID: INI_PROFILE_ACCESS_GRANTED
  • Stop code: 3300NAN
  • Severity: Info
  • One-time error: 
  • Error report: None
  • Log to file: no
  • Create backtrace: yes

The application performed a hard administrator check.

Probable cause

The application asked the operating system whether the listed SID was present in the user's access token. The SID corresponds to a privileged entity; this means that the application performs somewhat differently if the user is a member of the listed group (usually, administrators).

Information displayed by Application Verifier
  • Format: - Called CheckTokenMembership against trusted entity '%ws' (%hs)
  • Parameter 1 - Token Handle (optional)
  • Parameter 2 - Binary SID
  • Parameter 3 - Present?
  • Parameter 4 - n/a

Additional Information
  • Test Layer: LuaPriv
  • Stop ID: CHECKTOKENMEMBERSHIP_TRUSTED
  • Stop code: 3300NAN
  • Severity: Error
  • One-time error: 
  • Error report: None
  • Log to file: yes
  • Create backtrace: yes

The application called CheckTokenMembership.

Probable cause

The application asked the operating system whether the listed SID was present in the user's access token. The SID was not identifiable as a trusted entity, so this message is informational only.

Information displayed by Application Verifier
  • Format: - Called CheckTokenMembership against entity '%ws' (%hs)
  • Parameter 1 - Token Handle (optional)
  • Parameter 2 - Binary SID
  • Parameter 3 - Present?
  • Parameter 4 - n/a

Additional Information
  • Test Layer: LuaPriv
  • Stop ID: CHECKTOKENMEMBERSHIP_UNTRUSTED
  • Stop code: 3300NAN
  • Severity: Info
  • One-time error: 
  • Error report: None
  • Log to file: no
  • Create backtrace: yes

The application called a WriteProfile API with LUA issue.

Probable cause

The application called a WriteProfile API with parameters that might fail under standard user account.

Information displayed by Application Verifier
  • Format: - Ini: %hs called with Ini file '%ws', Section '%ws', Key '%ws'
  • Parameter 1 - INI File (profile)
  • Parameter 2 - Section
  • Parameter 3 - Key
  • Parameter 4 - n/a

Additional Information
  • Test Layer: LuaPriv
  • Stop ID: INI_PROFILE_CONCERN
  • Stop code: 3300NAN
  • Severity: Error
  • One-time error: 
  • Error report: None
  • Log to file: yes
  • Create backtrace: yes

The application performed an operation that required privilege.

Probable cause

The application used MAXIMUM_ALLOWED to get access required to call this function. This function would fail if called by a Standard User.

Information displayed by Application Verifier
  • Format: - %hs: %hs (%ws) requires '%hs' access. This access was restricted to trusted users when the application called %hs with 'MAXIMUM_ALLOWED'. If the application were running as a standard user, the call to %hs would succeed, but this call to %hs would fail.
  • Parameter 1 - Handle to the object being manipulated
  • Parameter 2 - Name of the operation that would fail (string)
  • Parameter 3 - Access(es) required by the operation
  • Parameter 4 - Access(es) obtained for this handle that were restricted by this object's DACL

Additional Information
  • Test Layer: LuaPriv
  • Stop ID: OP_REQUIRES_ACCESS
  • Stop code: 3300NAN
  • Severity: Error
  • One-time error: 
  • Error report: None
  • Log to file: yes
  • Create backtrace: yes

The predictor was unable to query required information from a handle

Probable cause

The predictor was unable to query the access granted on a handle on which the application had requested MAXIMUM_ALLOWED.

Information displayed by Application Verifier
  • Format: - The operating system returned unexpected error 0x%x when querying handle 0x%p
  • Parameter 1 - Handle to the object being manipulated
  • Parameter 2 - Error returned by the Operating System
  • Parameter 3 - n/a
  • Parameter 4 - n/a

Additional Information
  • Test Layer: LuaPriv
  • Stop ID: CANNOT_QUERY_ACCESS
  • Stop code: 3300NAN
  • Severity: Warning
  • One-time error: 
  • Error report: None
  • Log to file: yes
  • Create backtrace: yes

The application tried to launch a process that needs to run elevated on Windows Vista.

Probable cause

The application tried to use CreateProcess family API to launch a process that needs to run elevated on Windows Vista. It should use ShellExecute family API instead.

Information displayed by Application Verifier
  • Format: - %hs ('%ws', '%ws') tried to launch a process that needs to run elevated on Windows Vista.
  • Parameter 1 - API name
  • Parameter 2 - Application name
  • Parameter 3 - Command line
  • Parameter 4 - Last error code set by the API

Additional Information
  • Test Layer: LuaPriv
  • Stop ID: ELEVATION_REQUIRED
  • Stop code: 3300NAN
  • Severity: Error
  • One-time error: 
  • Error report: None
  • Log to file: yes
  • Create backtrace: yes

The application tried to launch a process that might need to run elevated on Windows Vista.

Probable cause

The application tried to use CreateProcess family API to launch a process that might need to run elevated on Windows Vista. It should use ShellExecute family API instead.

Information displayed by Application Verifier
  • Format: - %hs ('%ws', '%ws') tried to launch a process that might need to run elevated on Windows Vista.
  • Parameter 1 - API name
  • Parameter 2 - Application name
  • Parameter 3 - Command line
  • Parameter 4 - n/a

Additional Information
  • Test Layer: LuaPriv
  • Stop ID: ELEVATION_DETECTED
  • Stop code: 3300NAN
  • Severity: Error
  • One-time error: 
  • Error report: None
  • Log to file: yes
  • Create backtrace: yes

The application was denied access to an object.

Probable cause

The application called the listed API, which failed with an access error suggesting a potential LUA issue.

Information displayed by Application Verifier
  • Format: - %hs: %hs (%ws) is denied '%hs' access with error 0x%x.
  • Parameter 1 - Error returned
  • Parameter 2 - Access Requested (if applicable)
  • Parameter 3 - Access Requested (for compatibility)
  • Parameter 4 - n/a

Additional Information
  • Test Layer: LuaPriv
  • Stop ID: OBJECT_INACCESSIBLE
  • Stop code: 3300NAN
  • Severity: Error
  • One-time error: 
  • Error report: None
  • Log to file: yes
  • Create backtrace: yes

The application called an API that failed unexpectedly, possibly due to bad parameters.

Probable cause

The application called the listed API, which failed with an access error suggesting a potential LUA issue.

Information displayed by Application Verifier
  • Format: - %hs: %hs (%ws) is denied '%hs' access with error 0x%x.
  • Parameter 1 - Error returned
  • Parameter 2 - Access Requested (if applicable)
  • Parameter 3 - Access Requested (for compatibility)
  • Parameter 4 - n/a

Additional Information
  • Test Layer: LuaPriv
  • Stop ID: FAILED_API_CALL
  • Stop code: 3300NAN
  • Severity: Warning
  • One-time error: 
  • Error report: None
  • Log to file: yes
  • Create backtrace: yes

The application opened the Security eventlog

Probable cause

The application opened the Security log, which requires SE_SECURITY_PRIVILEGE to read or write. The SECURITY privilege is, by default, only granted to Administrators.

Information displayed by Application Verifier
  • Format: - %hs was invoked on the (Security) Eventlog. The Security log always requires SE_SECURITY_PRIVILEGE to access.
  • Parameter 1 - Eventlog Handle
  • Parameter 2 - n/a
  • Parameter 3 - n/a
  • Parameter 4 - n/a

Additional Information
  • Test Layer: LuaPriv
  • Stop ID: SECURITY_LOG_OPENED
  • Stop code: 3300NAN
  • Severity: Error
  • One-time error: 
  • Error report: None
  • Log to file: yes
  • Create backtrace: yes

The application was denied access to an object.

Probable cause

The application was denied access to the given profile section due to insufficient privilege. If the application's functionality is imparied, this access problem may be the cause.

Information displayed by Application Verifier
  • Format: - Ini: %hs called with Ini file '%ws', Section '%ws', Key '%ws', failed with error 0x%x.
  • Parameter 1 - INI File (profile)
  • Parameter 2 - Section
  • Parameter 3 - Key
  • Parameter 4 - Error returned

Additional Information
  • Test Layer: LuaPriv
  • Stop ID: INI_PROFILE_FAILED
  • Stop code: 3300NAN
  • Severity: Error
  • One-time error: 
  • Error report: None
  • Log to file: yes
  • Create backtrace: yes

The application deleted a virtualized object.

Probable cause

The application deleted an object (file, registry key, etc...) that the system had already designated Virtualized. This means that the next time the application attempts to open the object, it will still exist.

Information displayed by Application Verifier
  • Format: - %hs called against %hs '%ws'.
  • Parameter 1 - n/a
  • Parameter 2 - n/a
  • Parameter 3 - n/a
  • Parameter 4 - n/a

Additional Information
  • Test Layer: LuaPriv
  • Stop ID: VIRTUALIZED_DELETION
  • Stop code: 3300NAN
  • Severity: Error
  • One-time error: 
  • Error report: None
  • Log to file: yes
  • Create backtrace: yes

The application provided unknown flags to an API.

Probable cause

The application called an API with flag values that were unknown to the Verifier. The verifier analyzed the call anyway but the output may be suspect because the API may be newer than the Verifier.

Information displayed by Application Verifier
  • Format: - %hs called with flags 0x%x (unknown 0x%x).
  • Parameter 1 - Passed Flag Mask
  • Parameter 2 - Unknown flag(s)
  • Parameter 3 - Understood flag(s)
  • Parameter 4 - n/a

Additional Information
  • Test Layer: LuaPriv
  • Stop ID: UNKNOWN_API_OPTIONS
  • Stop code: 3300NAN
  • Severity: Warning
  • One-time error: 
  • Error report: None
  • Log to file: yes
  • Create backtrace: yes

The application tried to set a global Windows hook.

Probable cause

The application tried to set a global Windows hook, which does not work for a standard user.

Information displayed by Application Verifier
  • Format: - %hs %d (%hs) called to set a global Windows hook.
  • Parameter 1 - API Name
  • Parameter 2 - Hook Id
  • Parameter 3 - Thread Id
  • Parameter 4 - n/a

Additional Information
  • Test Layer: LuaPriv
  • Stop ID: SET_GLOBAL_HOOK
  • Stop code: 3300NAN
  • Severity: Error
  • One-time error: 
  • Error report: None
  • Log to file: yes
  • Create backtrace: yes

The application failed to set a Windows hook.

Probable cause

The application failed to set a global Windows hook, which might be caused by inadequate privileges.

Information displayed by Application Verifier
  • Format: - %hs %d (%hs) failed to set a Windows hook with error 0x%x.
  • Parameter 1 - API Name
  • Parameter 2 - Hook Id
  • Parameter 3 - Thread Id
  • Parameter 4 - Error code

Additional Information
  • Test Layer: LuaPriv
  • Stop ID: SET_HOOK_FAILED
  • Stop code: 3300NAN
  • Severity: Error
  • One-time error: 
  • Error report: None
  • Log to file: yes
  • Create backtrace: yes

The application called NetUserGetInfo.

Probable cause

The application called NetUserGetInfo and requested the user privilege information. This will work as a standard user, but it generally indicates that the application expects to be run by an administrator and is examining the access token to determine this.

Information displayed by Application Verifier
  • Format: - NetUserGetInfo (level: %d) called.
  • Parameter 1 - User Name
  • Parameter 2 - Level
  • Parameter 3 - n/a
  • Parameter 4 - n/a

Additional Information
  • Test Layer: LuaPriv
  • Stop ID: NETUSERGETINFO
  • Stop code: 3300NAN
  • Severity: Warning
  • One-time error: 
  • Error report: None
  • Log to file: yes
  • Create backtrace: yes

The application called SetActivePwrScheme.

Probable cause

The application called SetActivePwrScheme that might fail under standard user account.

Information displayed by Application Verifier
  • Format: - SetActivePwrScheme (ID: %d) called to set the active power scheme.
  • Parameter 1 - Power scheme Id
  • Parameter 2 - Global power policy
  • Parameter 3 - Power policy
  • Parameter 4 - n/a

Additional Information
  • Test Layer: LuaPriv
  • Stop ID: SETACTIVEPWRSCHEME
  • Stop code: 3300NAN
  • Severity: Error
  • One-time error: 
  • Error report: None
  • Log to file: yes
  • Create backtrace: yes

The application called SetActivePwrScheme.

Probable cause

The application called SetActivePwrScheme that might fail under standard user account.

Information displayed by Application Verifier
  • Format: - SetActivePwrScheme (ID: %d) called to set the active power scheme and failed with error 0x%x.
  • Parameter 1 - Power scheme Id
  • Parameter 2 - Global power policy
  • Parameter 3 - Power policy
  • Parameter 4 - Error code

Additional Information
  • Test Layer: LuaPriv
  • Stop ID: SETACTIVEPWRSCHEME_FAILED
  • Stop code: 3300NAN
  • Severity: Error
  • One-time error: 
  • Error report: None
  • Log to file: yes
  • Create backtrace: yes

The application called AccessCheck.

Probable cause

The application called AccessCheck against Builtin Administrators. It generally indicates that the application expects to be run by an administrator and is examining the access token to determine this.

Information displayed by Application Verifier
  • Format: - AccessCheck (%ws) called and returned AccessStatus of %d.
  • Parameter 1 - Sid
  • Parameter 2 - AccessStatus
  • Parameter 3 - n/a
  • Parameter 4 - n/a

Additional Information
  • Test Layer: LuaPriv
  • Stop ID: ACCESSCHECK
  • Stop code: 3300NAN
  • Severity: Error
  • One-time error: 
  • Error report: None
  • Log to file: yes
  • Create backtrace: yes

The application performed a hard admin check

Probable cause

The application called the API listed above to determine if it should do something administrative. This constitutes a hard admin check.

Information displayed by Application Verifier
  • Format: - The application called %hs to check for administrative power.
  • Parameter 1 - Successful?
  • Parameter 2 - n/a
  • Parameter 3 - n/a
  • Parameter 4 - n/a

Additional Information
  • Test Layer: LuaPriv
  • Stop ID: HARDADMINCHECK
  • Stop code: 3300NAN
  • Severity: Error
  • One-time error: 
  • Error report: None
  • Log to file: yes
  • Create backtrace: yes

Information: Application file name.

Probable cause

Information: Application file name.

Information displayed by Application Verifier
  • Format: - %ws
  • Parameter 1 - File Name
  • Parameter 2 - n/a
  • Parameter 3 - n/a
  • Parameter 4 - n/a

Additional Information
  • Test Layer: LuaPriv
  • Stop ID: FILE_NAME
  • Stop code: 3300NAN
  • Severity: Info
  • One-time error: 
  • Error report: None
  • Log to file: yes
  • Create backtrace: no

Information: Application file version.

Probable cause

Information: Application file version.

Information displayed by Application Verifier
  • Format: - %d.%d.%d.%d
  • Parameter 1 - dwFileVersionMS
  • Parameter 2 - dwFileVersionLS
  • Parameter 3 - n/a
  • Parameter 4 - n/a

Additional Information
  • Test Layer: LuaPriv
  • Stop ID: FILE_VERSION
  • Stop code: 3300NAN
  • Severity: Info
  • One-time error: 
  • Error report: None
  • Log to file: yes
  • Create backtrace: no

Information: Application file product version.

Probable cause

Information: Application file product version.

Information displayed by Application Verifier
  • Format: - %d.%d.%d.%d
  • Parameter 1 - dwProductVersionMS
  • Parameter 2 - dwProductVersionLS
  • Parameter 3 - n/a
  • Parameter 4 - n/a

Additional Information
  • Test Layer: LuaPriv
  • Stop ID: FILE_PRODUCT_VERSION
  • Stop code: 3300NAN
  • Severity: Info
  • One-time error: 
  • Error report: None
  • Log to file: yes
  • Create backtrace: no

Information: Application file description.

Probable cause

Information: Application file description.

Information displayed by Application Verifier
  • Format: - %ws
  • Parameter 1 - File description
  • Parameter 2 - Language
  • Parameter 3 - Code page
  • Parameter 4 - n/a

Additional Information
  • Test Layer: LuaPriv
  • Stop ID: FILE_DESCRIPTION
  • Stop code: 3300NAN
  • Severity: Info
  • One-time error: 
  • Error report: None
  • Log to file: yes
  • Create backtrace: no

Information: Application file product name.

Probable cause

Information: Application file product name.

Information displayed by Application Verifier
  • Format: - %ws
  • Parameter 1 - File product name
  • Parameter 2 - Language
  • Parameter 3 - Code page
  • Parameter 4 - n/a

Additional Information
  • Test Layer: LuaPriv
  • Stop ID: FILE_PRODUCT_NAME
  • Stop code: 3300NAN
  • Severity: Info
  • One-time error: 
  • Error report: None
  • Log to file: yes
  • Create backtrace: no

Information: Application file company name.

Probable cause

Information: Application file company name.

Information displayed by Application Verifier
  • Format: - %ws
  • Parameter 1 - File company name
  • Parameter 2 - Language
  • Parameter 3 - Code page
  • Parameter 4 - n/a

Additional Information
  • Test Layer: LuaPriv
  • Stop ID: FILE_COMPANY_NAME
  • Stop code: 3300NAN
  • Severity: Info
  • One-time error: 
  • Error report: None
  • Log to file: yes
  • Create backtrace: no

Information: Application file original filename.

Probable cause

Information: Application file original filename.

Information displayed by Application Verifier
  • Format: - %ws
  • Parameter 1 - File original filename
  • Parameter 2 - Language
  • Parameter 3 - Code page
  • Parameter 4 - n/a

Additional Information
  • Test Layer: LuaPriv
  • Stop ID: FILE_ORIGINAL_FILENAME
  • Stop code: 3300NAN
  • Severity: Info
  • One-time error: 
  • Error report: None
  • Log to file: yes
  • Create backtrace: no

Access was restricted to elevated processes.

Probable cause

The application opened an object (such as a file or registry key) and requested access permissions that were granted solely to elevated processes with high mandatory integrity label.

Information displayed by Application Verifier
  • Format: - %hs: %hs (%ws) only allows '%hs' access by elevated processes with high mandatory integrity label
  • Parameter 1 - Object Type
  • Parameter 2 - Object Name
  • Parameter 3 - Denied Access Bit
  • Parameter 4 - String of Denied Access Bit

Additional Information
  • Test Layer: LuaPriv
  • Stop ID: RESTRICTED_BY_MIC
  • Stop code: 3300NAN
  • Severity: Error
  • One-time error: 
  • Error report: None
  • Log to file: yes
  • Create backtrace: yes

Information: LUAPriv version.

Probable cause

Information: LUAPriv version.

Information displayed by Application Verifier
  • Format: - LUAPriv version: %d.%d
  • Parameter 1 - Version major
  • Parameter 2 - Version minor
  • Parameter 3 - n/a
  • Parameter 4 - n/a

Additional Information
  • Test Layer: LuaPriv
  • Stop ID: LUAPRIV_VERSION
  • Stop code: 3300NAN
  • Severity: Info
  • One-time error: 
  • Error report: None
  • Log to file: yes
  • Create backtrace: no

See Also

Application Verifier - Stop Codes and Definitions

Application Verifier - Overview

Application Verifier - Features

Application Verifier - Testing Applications

Application Verifier - Tests within Application Verifier

Application Verifier - Debugging Application Verifier Stops

Application Verifier - Frequently Asked Questions