Jaa

Dynamic Dependencies Unveiled

  • Artikkeli

There are several times when you may be challenged with a broken application, including:

  1. Migrating an application from one version of an OS to another
  2. Integrating with installation or un-installation of other applications
  3. Upgrading from one version of an application to another
  4. Porting an application from Windows Embedded Standard 2009 to Windows Embedded Standard 2011

If the application does not launch at all, mostly the cause would be a missing binary dependency which could be found with Dependency Walker's static analysis. There are times when some of the functionality within an application is broken. This is often due to the missing binary dependencies which can be a dynamic dependency or a delay loaded dependency.

The latest version of Dependency Walker comes with the cool profiling feature to find these dynamic dependencies.

Using the Profiling Feature:

  • Launch Dependency Walker (can be launched in UI as well as Command Line)
  • Enable profiling mode
  • Identify the application to be profiled along with its arguments.
  • Once the application has launched, test the entire functionality, so that all the dynamic dependencies are loaded into the process address space.
  • Exit the application. This is when the output log file is written to the disk.

Syntax: depends.exe /c /pb /oc:"LogFile.csv" /sm:1 "Process to be profiled" "Arguments"

Example: depends.exe /c /pb /oc:"c:\process.csv" /sm:1 c:\windows\system32\cmd.exe

     Where,

/c - enables the console mode, exclude this switch to launch Dependency Walker in UI Mode.

/pb - enables profiling

/oc - enabled CSV Output mode. This switch should be followed by path to the output file.

/sm:1 - Sort the output file based on column 1, which is the dependency type.

Sample Output File:

Status

Module

File Time Stamp

Link Time Stamp
 

ADVAPI32.DLL

1/20/2008 19:49

1/19/2008 0:53
 

CMD.EXE

1/20/2008 19:51

1/18/2008 23:05

D

XMLLITE.DLL

1/20/2008 19:49

1/19/2008 0:59

*

APPHELP.DLL

1/20/2008 19:48

1/19/2008 0:53

The Status column describes the dependency type:

    • D - Delay loaded dependency
    • * - Dynamic Dependency
    • Blank - Implicit dependency

Identify the missing binaries:

To better understand what has caused the application to break, repeat the above mentioned steps for a working application and a broken application. Using well known diff tools compare the output CSV file and find out the binaries which are missing.

Summary of Dependency types:

  • Implicit dependency

This can be found out by examining the PE header of an application

  • Forwarded dependency

These are the ones which are needed by the implicit dependent binaries

  • Delay Loaded Dependency

These are special types of implicit dependencies (available from PE Header) which are loaded into the process address space only on the need basis

  • Dynamic Dependency

These are the run-time dependencies (as a result of the call to LoadLibrary API) and the in-process COM Dependencies

References:

Download -https://www.dependencywalker.com/

More information on using this feature,

https://www.dependencywalker.com/help/html/hidr_command_line_help.htm

https://www.dependencywalker.com/help/html/dependency_types.htm

- Saravanan

Technorati Tags: XPe,Quebec,Standard