Copyright (c) 1997 by the University of Washington. All rights reserved. This is a proprietary and confidential document. Under no circumstances may this document be used, modified, copied, distributed, or sold without the express written permission of the copyright holder.

Known Problems

This page describes a list of known Etch problems with specific programs and DLLs.
  1. Programs that work, but you have to remember a thing or two.
  2. Programs that are known not to work
  3. DLLs that are known not to work
  4. Known problems with the Etch tool API
  5. Known problems with Etch tools

Programs that work, but with some attention

Beat the House
With instrumentation coverage tool generates "failed to initialize hardware counters" message. Explanation: Beat the House is a 3.1 subsystem executable so GetSystemInfo fails for InitHardwareCounters. See below for details.

Bomb
Microsoft Monster Truck Madness
These are DirectDraw programs (see the FAQ entry on how to run DirectDraw applications.)

java 1.0.2
The %CLASSPATH% environment needs to be set before starting vetch or "Use script to drive application" to set it.

Apple Quicktime Player
Tries to load any module in the entire search path that has a "qtc" extension, regardles of what the primary name is. User has to click on dialog box a large number of times.

Corel Photo Paint
Fails to load PLGT3260.dll so etching for this DLL should be disabled.

Microsoft Power Point
Most of the program etches and runs correctly except for the Auto Content Wizard which causes an X touched memory location Y error.

Adobe PhotoShop 4.1
  • The following precise sequence of operations causes the etched program to fail on NT:
    1. open fruite.jpg
    2. apply the filters: Artistic->Colored Pencil, Artistic->Fresco, Distort->Twirl

    Applying just Distort->Twirl directly does not cause the program to fail. The same sequence of operations does not fail on Win95.

  • photos01.dll and photos02.dll fail in code discovery if it is set to level 2 (very aggressive). These DLLs etches fine if code discovery level is set to level 1 (aggressive).

    • Programs that we know not to work

    Excel
    This doesn't work at all with aggressive code discovery. With non-aggressive code discovery, it etches but dies with a "can't write to this memory location" error during startup.
    MSAccess
    In the main .exe, there is data embedded within the text section that looks too much like code. Even with non-aggressive etching we get confused.
    Netscape 3.0 (NOT 3.01)
    Netscape 3.0 comes with its own copies of some systems DLLs (for example, ole32.dll). It appears to explicitly link these in as well as have the system DLLs in its import tables. This results in the ETCH GUI thinking that Netscape 3.0 is using the same DLL multiple times (same name, different DLL). Since we're not sure which DLL Netscape 3.0 really expects to run with, it's not so clear how to fix this. Solution is to run with 3.01.
    Internet Explorer 3.0, 3.01
    Etch fails on shdocvw.dll, which causes the etched program to load a native shdocvw.dll and to load in all of the unetched DLLs. Internet Explorer version 3.02 works, so use that version instead.

    DLLs that we know not to work

    kernel32.dll
    The current version of etchwrap.dll is linked with the original kernel32.dll instead of kernel32-etch.dll, and it seems like a bad idea to have two copies of kernel32.dll active at the same time. Note that for some applications, it is possible to run with kernel32.dll etched and patched without any bad behavior.
    mshtml.dll
    Used by Internet Explorer 3.02. Don't etch, but patch is OK.
    ntdll.dll
    The current version of Windows NT implicitly links in the original ntdll.dll instead of ntdll-etch.dll as soon as an application is loaded, and it seems like a bad idea to have two copies of ntdll.dll active at the same time.
    ole32.dll
    Etches just fine, except causes bad behavior for some applications. Specifically, when etched, WORD, Powerpoint, or Corel can not open existing or write new files. These operations result in failure. This is because ole32.dll is expected to live at a known place. The way to deal with this is to make sure that you check "use original image base" AND use a relatively "lightweight" tool (otherwise the DLL gets too big, which again confuses ole32). An unrelated problem is that ole32.dll uses code as data in a call to IsValidInterface. This causes no harm, but does cause the "check data references" utility to complain about a badly behaving program.
    smackw32.dll
    Etches OK, but causes Monster Truck Madness to fail. Turning off aggressive code discovery seems to fix the problem.
    user32.dll
    The ntoskrnl.exe knows the addresses of entry points into user32.dll.

    Etch Instrumentation Tool API Problems

    InsertCallLoadRefs, InsertCallStoreRefs
    When instrumenting PUSHA, POPA, FSAVE, FNSAVE, FRESTORE, and FNRESTORE opcodes, currently the correct set of memory reference callbacks will not be generated at runtime.

    InstrumentModule(After)
    InstrumentModule(After) is only called for DLLs, not executables. Futhermore, it may be called after InstrumentProgram(After) in some cases.

    InstrumentInstruction(After)
    If the instruction is a control flow instruction (except for call instructions), then any code inserted during InstrumentInstruction(After) will be inserted before the instruction. The inserted code will be executed in the expected order with respect to other inserted code (e.g., after code inserted during InstrumentInstruction(Before), BasicBlock(Before), Procedure(Before), etc.), but will also be executed before the control flow instruction.

    InstrumentProcedure(After)
    InstrumentProcedure(After) will be invoked once for every exit point in the procedure. Also, any code inserted during Procedure(After) will be inserted directly before the control flow instruction (typically ret) corresponding to the exit point.

    InstrumentBasicBlock(After)
    If the last instruction of a basic block is a control flow instruction, then any code inserted during BasicBlock(After) will be inserted directly before the instruction.

    Visual Etch: "Create Husk" option
    The "Create Husk" option in the Visual Etch Modules window is experimental, and should not be used.

    Debug Symbol Information

    Etch currently supports debugging information in Codeview version "NB09" format. This particular debug format can be generated by recent versions of Microsoft compilers. for example, MS Visual C/C++ versions 2.0, 4.0, and 4.2 all generate the Codeview NB09 debugging format when the executable or DLL was linked with the "/debug /pdb:none" flags.

    While Etch will work properly on executables and DLLs that have no symbol information, Etch can take advantage of symbol information when it is available (for example, to permit user-specified selective etching on a per-procedure basis). There are also calls in the Etch tool API that have improved functionality when symbol information is available (see the Etch Tool Writer's API for details).

    Known problems with Etch tools

    Code Layout Optimization Tools

    Instrumentation Coverage (Exact - etched)

    Instrumentation Coverage (Exact)

    This tool has been disabled (from Visual Etch) and removed from the list of tools due to bugs.

    Dll Call Tracer

    Only detects calls into implicit modules (the ones that are loaded automatically by NT, not the ones loaded with LoadLibrary).

    Hardware Performance Counters

    Some programs using the Hardware Performance counters will fail to properly initialize the hardware counters within the Etch runtime. For example, mpegply.exe fails with the instrcheck tool. The reason is that mpegply has a field in the executable header that tells the operating system to emulate NT V3.1 behavior. The etch runtime code that initializes the counters requires the behavior of NT V3.51 or greater. This conflict causes the tool to fail.

    Details: there is some code in the GetSystemInfo() routine that checks the NT version number using the GetProcessVersion() routine, compares it with 3.51, and clears the flags we're interested in if our version number is less than 3.51.

    Call Graph Profiler

    The emacs browsing mode is currently disabled because the call graph profiler output format has changed.