Permission issues related to accessing files, folders and the registry can cause applications to crash, hang or work incorrectly. There are several tools which are helpful for diagnosing these issues.
Process Monitor (procmon) can be used to log access to files, folders, registry and network. Each log entry shows the access in each of these areas and if they fail or succeed. By searching the log, you can see what the access issues for an application are and address them by setting or changing permissions.
A trace will also provide the stack where the error occurred. This allows for quicker debugging as it will provide a point where debugging can begin.
AccessEnum can be used to tell you which accounts and groups have read/write/deny access to the registry key or file.
AccessChk is a command line application which provides access permission to the file and registry entries also:
A very useful feature of this application is in determining which process has a file opened. When a file is opened a way which will not allow data to be written, other processes (or other code in the same process) will not be able to update the file and access will thus be denied.
“net info” and PsFile
The “net file” command shows you a list of the files that other computers have opened on the system upon which you execute the command. “net.exe” is located under the system’s system32 folder.
There are limitations with using “net info” as it truncates long path names and doesn’t let you see that information for remote systems. PsFile is a command-line utility that shows a list of files on a system that are opened remotely, and it also allows you to close opened files either by name or by a file identifier
Application and System Logs:
These event logs should be checked for entries since they can point the cause and sometimes the solution of an issue.
If the application is crashing due to an access issue, a dump may help to where the crash occurred in code. However, it’s also important to check for permissions using the above utilities and chances are that you know to check for permissions due to the review of a crash dump.