APP: Application failures other than a Hang / Crash

App Header



APP: Application failures other than a Hang / Crash



Description: Sometimes an application, either from Microsoft or a third-party vendor, may manifest undesired behavior. This behavior may include error message dialogs during program initialization or startup, errors after the application has been running, or the loss of specific functionally that had previously been working.


Scoping the Issue: It is important to make note of the specific details of the problem, as well as when the problem occurs. For instance:

1. Is the application throwing an error when you try to launch it?

2. Does the application begin to have problems only when it has been running for a period of time?

3. What are the specific steps taken to reproduce the problem? For absolute clarity, these steps can be recorded with Community Clips , Problem Steps Recorder or the taking of screen shots.

4. When did the problem start occurring? i.e. did the problem start after another software installation or update?

5. Does the error affect a brand new user account on the system, or the local Administrator account? Some problems are specific to a single user profile, or restricted users only.

6. How many systems are experiencing the issue?

7. Is this isolated to a small number of machines, or a single machine?

8. Is the problem affecting all machines running the application?

9. Does the application display the problem if the system is booted in Safe Mode, or if you follow the Clean Boot procedure?


Data Gathering:  In all instances, collect either an MPS Reports with the General, Internet and Networking, Business Networks and Server Components diagnostics, or a Performance-oriented MSDT manifest. 

These reports will be most helpful if they are run while the application having the issue is still running on the machine. Additional data required may include the following:

Process Monitor Log For application startup problems, Process Monitor should be run right before starting the application, logging information up until the application failure occurs.

Memory Dump of the application while the error is still visible on the screen. In the example below, we have installed the Debugging Tools for Windows to the C:\Debuggers folder. The following command would create a memory dump of MyApp.exe and save it to the folder: C:\dumpfolder

cscript.exe C:\Debuggers\adplus.vbs –hang –pn MyApp.exe –o C:\dumpfolder

Dependency Walker Profile log


Troubleshooting / Resolution: After you have gathered the data, there are some things to check:

MPS Reports: Review the Event Logs for relevant events – specifically look for Event ID 26 (Application Popup), Event ID 1000 (Application Error) and Event ID 7034 (Service Control Manager) messages that correspond to the times that you are seeing unexpected application failures.

You should also check the Event Logs and Windows Update logs to see if there were any application updates or patches that preceded the unexpected behavior – there may be a correlation.

Memory Dump: If a memory dump is captured while the error is on the screen, a debugger can be used to examine the function calls that lead up to the error.

Process Monitor: Review the Process Monitor Log for problems, like “ACCESS DENIED” or “FILE_NOT_FOUND”. Missing or inaccessible files are a common cause of application problems. Copying files from a known good system, or installation media can sometimes resolve these types of issues. In some cases you will find that these messages are logged multiple times, then followed by a “SUCCESS” for the same action. This may be normal, and is quite common for Anti-Virus and systems management applications, since they tend to interact with open files all over the drive. You may want to create a filter that only shows activity for the problem application to make the log easier to view.

Dependency Walker: Dependency walker can be used to identify missing DLLs that are required by the application

Clean Boot / Safe Mode / Autoruns: Some application problems only happen with certain combinations of software running on the system. If you find that disabling Startup items or services allows the application to function properly, then you can utilize a divide and conquer approach, re-enabling half of the items during each test, to determine the piece or pieces of software that are causing the issue.


Additional Resources:

AskPerf Blog: Capturing Application Crash Dumps

Technet – Windows Sysinternals: Process Monitor

Autoruns for Windows

Dependency Walker Home Page

Debugging tools for Windows