Solved

How to analyze Dr. Watson File Dump

Posted on 2003-03-25
6
4,749 Views
Last Modified: 2013-12-28
We have serveral NT Servers (Service Pack 4) that are dedicated to running thousands of PeopleSoft nVision reports.  The reports are generated in Excel.  Occasionally we will get Dr. Watson errors on the servers.  When a Dr. Watson error occurs these reports do not continue to generate which interfers with our batch schedule.  We do not want to disable Dr. Watson and have a very slow change process.  So upgrading to Service pack 6 won't happen for a long time.

My question is: How can I analyze the drwtsn32.log files?  I want to be able to debug the problem.  I have Microsoft Visual Studio 6.0 and VS.NET on my XP desktop.  I did a search for "windbg" and didn't find it on my XP machine.  Can I take the log files off of the NT machines and analyze them with one of the tool provide with Visual Studio?  Installing anything on the NT boxes will be painful due to the slow change process.  A typical drwtsn32.log error example is:

Application exception occurred:
        App: excel.dbg (pid=389)
        When: 3/25/2003 @ 4:42:11.546
        Exception number: c0000005 (access violation)

Please Help!

0
Comment
Question by:jbauer22
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
6 Comments
 
LVL 28

Expert Comment

by:vinnyd79
ID: 8206030
I know you don't want to hear this,but in my opinion it would be worth it to install Service Pack 6a.Have you tried to install it on atleast one server to see if it helped the Dr Watson errors?
0
 
LVL 2

Author Comment

by:jbauer22
ID: 8210512
The point of this question is to do something until we are able to install service pack 6.
0
 
LVL 28

Expert Comment

by:vinnyd79
ID: 8211053
I realize that,but my point is that you might not be able to do anything until you upgrade to SP6a as it did contain alot of improvements and fixes.Hopefully someone will prove me wrong and give you what you are looking for.
0
Don't Cry: How Liquid Web is Ensuring Security

WannaCry is just the start. Read how Liquid Web is protecting itself and its customers against new threats.

 
LVL 3

Expert Comment

by:ManuelGuerra
ID: 8211914
jbauer22,
I don't know a tool for analize the drwatson log. This log usually should be analized for a technical support person. This log usually have 10 parts. The first part of the log file always contains program error information. The error number listed corresponds to the error generated by the system and with this information you can search a solution.
Application exception occurred:
       App: excel.dbg (pid=389)
       When: 3/25/2003 @ 4:42:11.546
       Exception number: c0000005 (access violation)

The next parts of the log file contains system information, list of tasks that were running on the system at the time that the program error occurred, list of modules that the program loaded, etc. etc.
MG
0
 
LVL 2

Accepted Solution

by:
skyDaemon earned 500 total points
ID: 8310532
It depends how badly you need to analyze the log.

Getting it into VC++ won't generally help you.  All you have is a hex dump of memory anyway (you can easily waste two days analyzing the hex dump to find out it doesn't say anything you couldn't guess). Any hex editor could do that for you.  Now if you had C++ installed on the machine when it seg faulted then you'd get a chance to debug the explosion in disassembly.  Slightly better than a drwtsn.log, but not much.  I have only ever gotten a useful answer out of drwtsn.log once, in general it's not worth the effort.

Generally when I look at a drwstn32.log I just want the 15 second "what happened... vaguely" answer.  To get that, just open the log in notepad, start at the bottom and scroll up.  You're looking for something like the FAULT below.  

...

FAULT ->77f7d66e 8908             mov    [eax],ecx              ds:00000000=????????

...

Once you see that just look up the name of the function that blew up and guess.  (the blocks after the FAULT give you a basic function stack list including the function that blew up, see below)  From there you need some windows knowledge to interpret what the function name means.  For example, RtlDestroyHeap is related to deleting memory.  In the below example, I have a tabctl32 object in my project which blew up while deallocating memory.  That gave me an object and a type of error in 15 seconds.  You could try looking up the values of the function parameters in the hex dump, but I'd suggest you're better off looking at code at that point.  As for continuing through the error.  Basically what happened is an uncaught type of error ripped all the way through your code and up to windows, your process is probably dead.  Maybe try adding whacks of temporary error handling in your code.  If you can't find anything else, add a bunch of catch(...) to catch anything and have it spit out an error message to the screen.  At least that'll tell you where it happened in your code rather than in system dlls.  From there, you'll have to iteratively track it back to the source by adding progressively more specific/deeper error trapping checks.

*----> Stack Back Trace <----*

FramePtr ReturnAd Param#1  Param#2  Param#3  Param#4  Function Name
0012f4c0 77f64e17 00130000 001524e8 0012f4ec 00000000 ntdll!RtlDestroyHeap
0012f4f0 212f1448 00130000 00000000 001524f0 212f1f9e ntdll!RtlFreeHeap
77f64d60 83ec8b10 d2850cec 0f575653 00021284 087d8b00 tabctl32!<nosymbols>

...
<hex dump of memory>
...
0
 
LVL 2

Author Comment

by:jbauer22
ID: 8353981
Thanks for the input skyDaemon.
0

Featured Post

Secure Your WordPress Site: 5 Essential Approaches

WordPress is the web's most popular CMS, but its dominance also makes it a target for attackers. Our eBook will show you how to:

Prevent costly exploits of core and plugin vulnerabilities
Repel automated attacks
Lock down your dashboard, secure your code, and protect your users

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Learn how to PXE Boot both BIOS & UEFI machines with DHCP Policies and Custom Vendor Classes
This article shows how to use a free utility called 'Parkdale' to easily test the performance and benchmark any Hard Drive(s) installed in your computer. We also look at RAM Disks and their speed comparisons.
This is used to tweak the memory usage for your computer, it is used for servers more so than workstations but just be careful editing registry settings as it may cause irreversible results. I hold no responsibility for anything you do to the regist…
Finding and deleting duplicate (picture) files can be a time consuming task. My wife and I, our three kids and their families all share one dilemma: Managing our pictures. Between desktops, laptops, phones, tablets, and cameras; over the last decade…

726 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question