How to analyze Dr. Watson File Dump

We have serveral NT Servers (Service Pack 4) that are dedicated to running thousands of PeopleSoft nVision reports.  The reports are generated in Excel.  Occasionally we will get Dr. Watson errors on the servers.  When a Dr. Watson error occurs these reports do not continue to generate which interfers with our batch schedule.  We do not want to disable Dr. Watson and have a very slow change process.  So upgrading to Service pack 6 won't happen for a long time.

My question is: How can I analyze the drwtsn32.log files?  I want to be able to debug the problem.  I have Microsoft Visual Studio 6.0 and VS.NET on my XP desktop.  I did a search for "windbg" and didn't find it on my XP machine.  Can I take the log files off of the NT machines and analyze them with one of the tool provide with Visual Studio?  Installing anything on the NT boxes will be painful due to the slow change process.  A typical drwtsn32.log error example is:

Application exception occurred:
        App: excel.dbg (pid=389)
        When: 3/25/2003 @ 4:42:11.546
        Exception number: c0000005 (access violation)

Please Help!

LVL 2
jbauer22Asked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

vinnyd79Commented:
I know you don't want to hear this,but in my opinion it would be worth it to install Service Pack 6a.Have you tried to install it on atleast one server to see if it helped the Dr Watson errors?
0
jbauer22Author Commented:
The point of this question is to do something until we are able to install service pack 6.
0
vinnyd79Commented:
I realize that,but my point is that you might not be able to do anything until you upgrade to SP6a as it did contain alot of improvements and fixes.Hopefully someone will prove me wrong and give you what you are looking for.
0
Cloud Class® Course: Microsoft Windows 7 Basic

This introductory course to Windows 7 environment will teach you about working with the Windows operating system. You will learn about basic functions including start menu; the desktop; managing files, folders, and libraries.

ManuelGuerraCommented:
jbauer22,
I don't know a tool for analize the drwatson log. This log usually should be analized for a technical support person. This log usually have 10 parts. The first part of the log file always contains program error information. The error number listed corresponds to the error generated by the system and with this information you can search a solution.
Application exception occurred:
       App: excel.dbg (pid=389)
       When: 3/25/2003 @ 4:42:11.546
       Exception number: c0000005 (access violation)

The next parts of the log file contains system information, list of tasks that were running on the system at the time that the program error occurred, list of modules that the program loaded, etc. etc.
MG
0
skyDaemonCommented:
It depends how badly you need to analyze the log.

Getting it into VC++ won't generally help you.  All you have is a hex dump of memory anyway (you can easily waste two days analyzing the hex dump to find out it doesn't say anything you couldn't guess). Any hex editor could do that for you.  Now if you had C++ installed on the machine when it seg faulted then you'd get a chance to debug the explosion in disassembly.  Slightly better than a drwtsn.log, but not much.  I have only ever gotten a useful answer out of drwtsn.log once, in general it's not worth the effort.

Generally when I look at a drwstn32.log I just want the 15 second "what happened... vaguely" answer.  To get that, just open the log in notepad, start at the bottom and scroll up.  You're looking for something like the FAULT below.  

...

FAULT ->77f7d66e 8908             mov    [eax],ecx              ds:00000000=????????

...

Once you see that just look up the name of the function that blew up and guess.  (the blocks after the FAULT give you a basic function stack list including the function that blew up, see below)  From there you need some windows knowledge to interpret what the function name means.  For example, RtlDestroyHeap is related to deleting memory.  In the below example, I have a tabctl32 object in my project which blew up while deallocating memory.  That gave me an object and a type of error in 15 seconds.  You could try looking up the values of the function parameters in the hex dump, but I'd suggest you're better off looking at code at that point.  As for continuing through the error.  Basically what happened is an uncaught type of error ripped all the way through your code and up to windows, your process is probably dead.  Maybe try adding whacks of temporary error handling in your code.  If you can't find anything else, add a bunch of catch(...) to catch anything and have it spit out an error message to the screen.  At least that'll tell you where it happened in your code rather than in system dlls.  From there, you'll have to iteratively track it back to the source by adding progressively more specific/deeper error trapping checks.

*----> Stack Back Trace <----*

FramePtr ReturnAd Param#1  Param#2  Param#3  Param#4  Function Name
0012f4c0 77f64e17 00130000 001524e8 0012f4ec 00000000 ntdll!RtlDestroyHeap
0012f4f0 212f1448 00130000 00000000 001524f0 212f1f9e ntdll!RtlFreeHeap
77f64d60 83ec8b10 d2850cec 0f575653 00021284 087d8b00 tabctl32!<nosymbols>

...
<hex dump of memory>
...
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
jbauer22Author Commented:
Thanks for the input skyDaemon.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows OS

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.