The information in this article applies to:
SUMMARYDOTCRASH is a utility that lets you debug computers running Windows NT by creating a user-mode memory dump of offending processes. DOTCRASH is especially useful in production environments where time limitations make it difficult for you to take a computer offline for debugging purposes. For example, DOTCRASH can help you debug the following problems:
MORE INFORMATIONDOTCRASH uses a Win32 API to create the memory dump. This is how DOTCRASH works:
InstallationTo install DOTCRASH, follow these steps:
The following file is available for download from the Microsoft Software Library: For more information about downloading files from the Microsoft Software Library, please see the following article in the Microsoft Knowledge Base:
UsageDOTCRASH does not verify that the files required to run Dr. Watson are installed. Before you run DOTCRASH, make sure Dr. Watson is installed:
There is a known problem with the Windows NT 4.0 version of Dr. Watson running on Alpha platforms. For more information, please see the following article in the Microsoft Knowledge Base:
NOTE: The English version of the hotfix referenced in this article is included with Dotcrash.zip in the <DirName>\Alpha\Dr-Watson.US folder. dotcrash [-b] <pid> | <process EXE name> [target file name] -b: Break into process without configuring Dr. Watson This is useful to initiate JIT Debugging or when breaking into a NTSD -D session. pid: process ID in decimal or hex (use 0x) process EXE name: name of EXE file If multiple EXE files with the same name are found, errorlevel will be 1 and a list of process IDs will be printed to STDOUT. target file name: Name of the memory dump file. Make sure the account the process about to be crashed runs under has sufficient privilege to write to this location. Errorlevel values: 0 - Success, dumped a process. 1 - Multiple processes found for %s, use process ID. 2 - Process %s not found. 3 - Invalid or out-of-range process ID. 4 - Could not open process %s. Error: 5 - Could not create thread to crash the process. Error: 6 - Can't get Debug Privilege. Aren't you Administrator? 7 - Could not access registry to configure Dr. Watson. Tried to fix it... 8 - This application only runs on Windows NT 3.51 or later. 9 - Ain't no killing of Process IDs 0 and 2 10 - Could not load PSAPI.DLL. Error: 11 - Target file name not allowed when using option -b. After you run DOTCRASH, Dr. Watson displays a dialog box while it is working on the memory dump. Do not click the Close or Cancel button. After the OK button is enabled, click OK. > ~ 0 72 Stopped 4 _BaseProcessStart@4 1 78 Stopped 4 _InitializeDll@12 2 80 Stopped 4 _WaitForSingleObjectEx@12 3 557 Stopped 4 _EnumPrintersW@28 4 553 Stopped 4 _EnumPrintersW@28 5 463 Stopped 4 ?ReceiveLotsaCalls@OSF_ADDRESS@@QAEXXZ 6 149 Stopped 4 ?ReceiveLotsaCalls@WMSG_ADDRESS@@AAEXXZ * 7 540 Stopped, 2nd chance 4 0x0000dead > ~7kb FramePtr RetAddr Param1 Param2 Param3 Function Name 1965ffb8 77f04f2c 00000000 001420d8 0012fac4 0x0000dead 1965ffec 00000000 00000000 00000000 00000000 KERNEL32!BaseThreadStart+0x51 > ~7r EAX=00000000 EBX=00000000 ECX=00000001 EDX=ffffffff ESI=0012fac4 EDI=001420d8 EIP=0000dead ESP=1965ffbc EBP=1965ffec EFL=00000246 CS=001b DS=0023 ES=0023 SS=0023 FS=0038 GS=0000 Additional query words: debugref dotcrash.exe Keywords : kbfile Version : winnt:3.51,4.0 Platform : winnt Issue type : |
Last Reviewed: October 8, 1999 |