Environment Variables

 

Program behavior is affected by many things, among them are the environment variables in existence at the time the program was started. How do you find out what the environment variable settings are that a program sees? Simply checking the environment variables in your shell or in the Windows environment variables wizard won’t solve this puzzle. Those are a snapshot of how the variables look right now, not how the variables looked when the program started. To find out what the program itself sees, we have a few tools at our disposal. We cover those here

Windows

 

Process Explorer

The easiest way to find the environment variables for a running process is to use the tried and true Process Explorer from Microsoft. If you need to find environment variables from a crash dump file, see the native debuggers section below. Process Explorer is a must have for any Windows user who is more than just a casual computer user. Launch Process Explorer and find the application in the main window list. You can change how the list of applications is sorted by clicking the “Process” column header. If you click on the top entry in the process list then press a letter key on your keyboard, the list focus will jump to that section of the alphabet in the list. One you have found your process, double click the entry to launch the properties dialog. You can also get here by simply selecting the process in the list and then navigating to “Process->Properties…” in the Process Explorer menu.

In the properties dialog select the Environment tab and here you are presented with the environment variables as the program sees them.

The only caveat is that very long values are not shown in full (for example a long PATH value).If you need to see the environment variable values without any truncation you will need to use the next tool on our list, windbg.exe .

Native Debuggers

The windows native debuggers allow you to explore processes and crash dump files in deep detail. With great power comes great obscurity, these tools are not for the faint of heart. However, time spent mastering these tools will pay dividends throughout your career if you are a programmer or system administrator. I can’t cover these tools in depth here but what follows is a quick primer on how to get the environment variable information from either a running process or a crash dump file. To learn more I encourage you to spend quality time in the windbg.exe help file. Simply type .hh and hit enter at the debugger command prompt to open the help file. It is well written and comprehensive.

The native debuggers are free and can be downloaded as part of the Windows software developers kit or the Windows driver developer kit. Follow the instructions on the MSDN website to install these tools. Once installed, you can copy them to a USB key or shared network drive. These tools are ment to stand alone, requiring no registry interaction. This facilitates debugging production servers where you don’t want to install tools on the host. You can copy the debugger directory using Windows explorer and launch the debuggers from any location. You will need administrative rights to debug processes not owned by your account on the host.

Finding the environment variables for a running process:
  1. Open windbg.exe . The default location is usually C:\Program Files\Debugging Tools for Windows\windbg.exe . For 32bit processes open the 32bit version of windbg (C:\Program Files (x86)\Debugging Tools for Windows (x86)\windbg.exe), 64bit processes should use the 64bit version of windbg.
  2. Attach to the process by navigating to “File->Attach to a process…” in the windbg menu. Be aware that attaching to the process will cause it to halt while until you detach or go in the debugger. If you can not afford to halt the process, create a dump file with Process Explorer by selecting the process in the main window list and choosing “Create Dump->Create Full Dump…” in the right click menu. You can then attach to the dump file and get the environment variables there. See the “Finding the environment variables from a dump file” below.
  3. In the debugger command line enter (The * and text after it are comments for your edification only, no need to enter those)
    1. .symfix * This links the debug session to the public windows symbol server which is needed for the !peb command below
    2. !peb * This dumps the process environment block which contains, among many other pieces of interesting data, the process’s view of the environment variables. Copy this text to your favorite text editor, once you detach the text will clear out of the debugger console
    3. qd * Be sure to use qd and not just q, qd tells the debugger to quit and detach. If you quit without detaching you will terminate the running process
    4. You may also choose “Debug->Detach Debugee” from the windbg menu to detach and leave the process running
Finding the environment variables from a dump file:
  1.  Open windbg.exe . The default location is usually c:\Program Files\Debugging Tools for Windows\windbg.exe . For 32bit process dump files open the 32bit version of windbg, 64bit process dump files should use the 64bit version of windbg.
  2. Open the dump file using “File->Open Crash Dump…” in the windbg menu
  3. In the debugger command line enter (The * and text after it are comments for your edification only, no need to enter those)
    1. .symfix * This links the session to the public windows symbol server which is needed for the peb command below
    2. !peb * This dumps the process environment block which contains, among many other pieces of interesting data, the process’s view of the environment variables.
Recommended Further Reading

  1. No comments yet.
  1. No trackbacks yet.

Leave a Reply

Your email address will not be published. Required fields are marked *