Microsoft KB Archive/178547: Difference between revisions
m (Text replacement - "[[../winnt/q" to "[[../") |
m (Text replacement - ">" to ">") |
||
Line 42: | Line 42: | ||
# If needed, resolve process name to process ID. | # If needed, resolve process name to process ID. | ||
# Open the target process with Full Access. | # Open the target process with Full Access. | ||
# Change AeDebug and Dr. Watson configuration to write <process name | # Change AeDebug and Dr. Watson configuration to write <process name>.dmp. | ||
# Create a thread in the target process with starting address 0xDEAD. If you use the option "-b" the Thread function will be "DebugBreak" instead. This requires privileges acquired in steps 1 and 3 above. | # Create a thread in the target process with starting address 0xDEAD. If you use the option "-b" the Thread function will be "DebugBreak" instead. This requires privileges acquired in steps 1 and 3 above. | ||
# Return Debug privilege. | # Return Debug privilege. | ||
Line 52: | Line 52: | ||
# Download the Dotcrash.zip file from the Microsoft Software Library to an empty folder. | # Download the Dotcrash.zip file from the Microsoft Software Library to an empty folder. | ||
# Use a utility to unzip the files. | # Use a utility to unzip the files. | ||
# Copy Psapi.dll to the %SystemRoot%\System32 folder. Psapi.dll is included with Dotcrash.zip in the <DirName | # Copy Psapi.dll to the %SystemRoot%\System32 folder. Psapi.dll is included with Dotcrash.zip in the <DirName>\<Platform>\<Version> folder.<br /> | ||
<br /> | <br /> | ||
NOTE: If you have a newer version of this file on your system, do not perform this step. | NOTE: If you have a newer version of this file on your system, do not perform this step. | ||
Line 72: | Line 72: | ||
There is a known problem with the Windows NT 4.0 version of Dr. Watson running on Alpha platforms. For more information, please see the following article in the Microsoft Knowledge Base: | There is a known problem with the Windows NT 4.0 version of Dr. Watson running on Alpha platforms. For more information, please see the following article in the Microsoft Knowledge Base: | ||
<blockquote>[[../170057|Q170057]] Dr. Watson Dialog Box Stops Responding</blockquote> | <blockquote>[[../170057|Q170057]] Dr. Watson Dialog Box Stops Responding</blockquote> | ||
NOTE: The English version of the hotfix referenced in this article is included with Dotcrash.zip in the <DirName | NOTE: The English version of the hotfix referenced in this article is included with Dotcrash.zip in the <DirName>\Alpha\Dr-Watson.US folder.<br /> | ||
<br /> | <br /> | ||
The following is the command-line help and error-level information for DOTCRASH: | The following is the command-line help and error-level information for DOTCRASH: | ||
<pre class="FIXEDTEXT"> dotcrash [-b] <pid | <pre class="FIXEDTEXT"> dotcrash [-b] <pid> | <process EXE name> [target file name] | ||
-b: Break into process without configuring Dr. Watson | -b: Break into process without configuring Dr. Watson | ||
Line 111: | Line 111: | ||
<br /> | <br /> | ||
<pre class="FIXEDTEXT"> | <pre class="FIXEDTEXT"> > ~ | ||
0 72 Stopped 4 _BaseProcessStart@4 | 0 72 Stopped 4 _BaseProcessStart@4 | ||
Line 122: | Line 122: | ||
* 7 540 Stopped, 2nd chance 4 0x0000dead | * 7 540 Stopped, 2nd chance 4 0x0000dead | ||
> ~7kb | |||
FramePtr RetAddr Param1 Param2 Param3 Function Name | FramePtr RetAddr Param1 Param2 Param3 Function Name | ||
1965ffb8 77f04f2c 00000000 001420d8 0012fac4 0x0000dead | 1965ffb8 77f04f2c 00000000 001420d8 0012fac4 0x0000dead | ||
1965ffec 00000000 00000000 00000000 00000000 | 1965ffec 00000000 00000000 00000000 00000000 | ||
KERNEL32!BaseThreadStart+0x51 | KERNEL32!BaseThreadStart+0x51 | ||
> ~7r | |||
EAX=00000000 EBX=00000000 ECX=00000001 EDX=ffffffff ESI=0012fac4 | EAX=00000000 EBX=00000000 ECX=00000001 EDX=ffffffff ESI=0012fac4 | ||
EDI=001420d8 | EDI=001420d8 |
Revision as of 09:35, 21 July 2020
The information in this article applies to:
SUMMARYDOTCRASH is a utility that lets you debug computers running Windows NT by creating a user-mode memory dump of offending processes. DOTCRASH is especially useful in production environments where time limitations make it difficult for you to take a computer offline for debugging purposes. For example, DOTCRASH can help you debug the following problems:
MORE INFORMATIONDOTCRASH uses a Win32 API to create the memory dump. This is how DOTCRASH works:
InstallationTo install DOTCRASH, follow these steps:
The following file is available for download from the Microsoft Software Library: For more information about downloading files from the Microsoft Software Library, please see the following article in the Microsoft Knowledge Base:
UsageDOTCRASH does not verify that the files required to run Dr. Watson are installed. Before you run DOTCRASH, make sure Dr. Watson is installed:
There is a known problem with the Windows NT 4.0 version of Dr. Watson running on Alpha platforms. For more information, please see the following article in the Microsoft Knowledge Base:
NOTE: The English version of the hotfix referenced in this article is included with Dotcrash.zip in the <DirName>\Alpha\Dr-Watson.US folder. dotcrash [-b] <pid> | <process EXE name> [target file name] -b: Break into process without configuring Dr. Watson This is useful to initiate JIT Debugging or when breaking into a NTSD -D session. pid: process ID in decimal or hex (use 0x) process EXE name: name of EXE file If multiple EXE files with the same name are found, errorlevel will be 1 and a list of process IDs will be printed to STDOUT. target file name: Name of the memory dump file. Make sure the account the process about to be crashed runs under has sufficient privilege to write to this location. Errorlevel values: 0 - Success, dumped a process. 1 - Multiple processes found for %s, use process ID. 2 - Process %s not found. 3 - Invalid or out-of-range process ID. 4 - Could not open process %s. Error: 5 - Could not create thread to crash the process. Error: 6 - Can't get Debug Privilege. Aren't you Administrator? 7 - Could not access registry to configure Dr. Watson. Tried to fix it... 8 - This application only runs on Windows NT 3.51 or later. 9 - Ain't no killing of Process IDs 0 and 2 10 - Could not load PSAPI.DLL. Error: 11 - Target file name not allowed when using option -b. After you run DOTCRASH, Dr. Watson displays a dialog box while it is working on the memory dump. Do not click the Close or Cancel button. After the OK button is enabled, click OK. > ~ 0 72 Stopped 4 _BaseProcessStart@4 1 78 Stopped 4 _InitializeDll@12 2 80 Stopped 4 _WaitForSingleObjectEx@12 3 557 Stopped 4 _EnumPrintersW@28 4 553 Stopped 4 _EnumPrintersW@28 5 463 Stopped 4 ?ReceiveLotsaCalls@OSF_ADDRESS@@QAEXXZ 6 149 Stopped 4 ?ReceiveLotsaCalls@WMSG_ADDRESS@@AAEXXZ * 7 540 Stopped, 2nd chance 4 0x0000dead > ~7kb FramePtr RetAddr Param1 Param2 Param3 Function Name 1965ffb8 77f04f2c 00000000 001420d8 0012fac4 0x0000dead 1965ffec 00000000 00000000 00000000 00000000 KERNEL32!BaseThreadStart+0x51 > ~7r EAX=00000000 EBX=00000000 ECX=00000001 EDX=ffffffff ESI=0012fac4 EDI=001420d8 EIP=0000dead ESP=1965ffbc EBP=1965ffec EFL=00000246 CS=001b DS=0023 ES=0023 SS=0023 FS=0038 GS=0000 Additional query words: debugref dotcrash.exe Keywords : kbfile Version : winnt:3.51,4.0 Platform : winnt Issue type : |
Last Reviewed: October 8, 1999 |