?
Solved

How to analyze Dr. Watson File Dump

Posted on 2003-03-25
6
Medium Priority
?
4,809 Views
Last Modified: 2013-12-28
We have serveral NT Servers (Service Pack 4) that are dedicated to running thousands of PeopleSoft nVision reports.  The reports are generated in Excel.  Occasionally we will get Dr. Watson errors on the servers.  When a Dr. Watson error occurs these reports do not continue to generate which interfers with our batch schedule.  We do not want to disable Dr. Watson and have a very slow change process.  So upgrading to Service pack 6 won't happen for a long time.

My question is: How can I analyze the drwtsn32.log files?  I want to be able to debug the problem.  I have Microsoft Visual Studio 6.0 and VS.NET on my XP desktop.  I did a search for "windbg" and didn't find it on my XP machine.  Can I take the log files off of the NT machines and analyze them with one of the tool provide with Visual Studio?  Installing anything on the NT boxes will be painful due to the slow change process.  A typical drwtsn32.log error example is:

Application exception occurred:
        App: excel.dbg (pid=389)
        When: 3/25/2003 @ 4:42:11.546
        Exception number: c0000005 (access violation)

Please Help!

0
Comment
Question by:jbauer22
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
6 Comments
 
LVL 28

Expert Comment

by:vinnyd79
ID: 8206030
I know you don't want to hear this,but in my opinion it would be worth it to install Service Pack 6a.Have you tried to install it on atleast one server to see if it helped the Dr Watson errors?
0
 
LVL 2

Author Comment

by:jbauer22
ID: 8210512
The point of this question is to do something until we are able to install service pack 6.
0
 
LVL 28

Expert Comment

by:vinnyd79
ID: 8211053
I realize that,but my point is that you might not be able to do anything until you upgrade to SP6a as it did contain alot of improvements and fixes.Hopefully someone will prove me wrong and give you what you are looking for.
0
Manage your data center from practically anywhere

The KN8164V features HD resolution of 1920 x 1200, FIPS 140-2 with level 1 security standards and virtual media transmissions at twice the speed. Built for reliability, the KN series provides local console and remote over IP access, ensuring 24/7 availability to all servers.

 
LVL 3

Expert Comment

by:ManuelGuerra
ID: 8211914
jbauer22,
I don't know a tool for analize the drwatson log. This log usually should be analized for a technical support person. This log usually have 10 parts. The first part of the log file always contains program error information. The error number listed corresponds to the error generated by the system and with this information you can search a solution.
Application exception occurred:
       App: excel.dbg (pid=389)
       When: 3/25/2003 @ 4:42:11.546
       Exception number: c0000005 (access violation)

The next parts of the log file contains system information, list of tasks that were running on the system at the time that the program error occurred, list of modules that the program loaded, etc. etc.
MG
0
 
LVL 2

Accepted Solution

by:
skyDaemon earned 2000 total points
ID: 8310532
It depends how badly you need to analyze the log.

Getting it into VC++ won't generally help you.  All you have is a hex dump of memory anyway (you can easily waste two days analyzing the hex dump to find out it doesn't say anything you couldn't guess). Any hex editor could do that for you.  Now if you had C++ installed on the machine when it seg faulted then you'd get a chance to debug the explosion in disassembly.  Slightly better than a drwtsn.log, but not much.  I have only ever gotten a useful answer out of drwtsn.log once, in general it's not worth the effort.

Generally when I look at a drwstn32.log I just want the 15 second "what happened... vaguely" answer.  To get that, just open the log in notepad, start at the bottom and scroll up.  You're looking for something like the FAULT below.  

...

FAULT ->77f7d66e 8908             mov    [eax],ecx              ds:00000000=????????

...

Once you see that just look up the name of the function that blew up and guess.  (the blocks after the FAULT give you a basic function stack list including the function that blew up, see below)  From there you need some windows knowledge to interpret what the function name means.  For example, RtlDestroyHeap is related to deleting memory.  In the below example, I have a tabctl32 object in my project which blew up while deallocating memory.  That gave me an object and a type of error in 15 seconds.  You could try looking up the values of the function parameters in the hex dump, but I'd suggest you're better off looking at code at that point.  As for continuing through the error.  Basically what happened is an uncaught type of error ripped all the way through your code and up to windows, your process is probably dead.  Maybe try adding whacks of temporary error handling in your code.  If you can't find anything else, add a bunch of catch(...) to catch anything and have it spit out an error message to the screen.  At least that'll tell you where it happened in your code rather than in system dlls.  From there, you'll have to iteratively track it back to the source by adding progressively more specific/deeper error trapping checks.

*----> Stack Back Trace <----*

FramePtr ReturnAd Param#1  Param#2  Param#3  Param#4  Function Name
0012f4c0 77f64e17 00130000 001524e8 0012f4ec 00000000 ntdll!RtlDestroyHeap
0012f4f0 212f1448 00130000 00000000 001524f0 212f1f9e ntdll!RtlFreeHeap
77f64d60 83ec8b10 d2850cec 0f575653 00021284 087d8b00 tabctl32!<nosymbols>

...
<hex dump of memory>
...
0
 
LVL 2

Author Comment

by:jbauer22
ID: 8353981
Thanks for the input skyDaemon.
0

Featured Post

VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Ever visit a website where you spotted a really cool looking Font, yet couldn't figure out which font family it belonged to, or how to get a copy of it for your own use? This article explains the process of doing exactly that, as well as showing how…
Compliance and data security require steps be taken to prevent unauthorized users from copying data.  Here's one method to prevent data theft via USB drives (and writable optical media).
Windows 8 came with a dramatically different user interface known as Metro. Notably missing from that interface was a Start button and Start Menu. Microsoft responded to negative user feedback of the Metro interface, bringing back the Start button a…
The Task Scheduler is a powerful tool that is built into Windows. It allows you to schedule tasks (actions) on a recurring basis, such as hourly, daily, weekly, monthly, at log on, at startup, on idle, etc. This video Micro Tutorial is a brief intro…
Suggested Courses

764 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question