Professional Documents
Culture Documents
exe) Tool
Dr. Watson for Windows is a program error debugger that gathers information about your computer
when an error (or user-mode fault) occurs with a program. Technical support groups can use the
information that Dr. Watson obtains and logs to diagnose a program error. When an error is
detected, Dr. Watson creates a text file (Drwtsn32.log) that can be delivered to support personnel
by the method they prefer. You also have the option of creating a crash dump file, which is a binary
Note Windows XP also provides an Error Reporting service that monitors your computer for both
user-mode and kernel-mode faults ("stop" error messages or error messages that are displayed on
a blue screen, as well as improper shutdown events) that affect both the operating system and any
programs. This service allows you to send error reports to Microsoft when an error occurs. Because
all error reports are confidential and anonymous, Microsoft Support Professionals do not have access
to any error report that you have sent to Microsoft over the Internet using the Error Reporting
service. As a result, you may need to send a Dr. Watson for Windows log file to a support
professional. For additional information about Error Reporting Service in Windows XP, click the
article number below to view the article in the Microsoft Knowledge Base:
If a program error occurs, Dr. Watson for Windows starts automatically. To configure Dr. Watson,
By default, the log file created by Dr. Watson is named Drwtsn32.log and is saved in the following
location:
Note Drwatson.exe is an older program error debugger that was included with earlier versions of
Windows NT. Microsoft recommends that you use Drwtsn32.exe instead of Drwatson.exe in Windows
XP.
How to disable Dr. Watson for Windows
Important This section, method, or task contains steps that tell you how to modify the registry.
However, serious problems might occur if you modify the registry incorrectly. Therefore, make sure
that you follow these steps carefully. For added protection, back up the registry before you modify
it. Then, you can restore the registry if a problem occurs. For more information about how to back
up and restore the registry, click the following article number to view the article in the Microsoft
Knowledge Base:
Note Because there are several versions of Microsoft Windows, the following steps may be different
on your computer. If they are, see your product documentation to complete these steps.
1. Click Start, click Run, type regedit.exe in the Open box, and then click OK.
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows
NT\CurrentVersion\AeDebug
NOTE: Steps three and four are optional, but they necessary if you want to restore the
3. Click the AeDebug key, and then click Export Registry File on the Registry menu.
4. Enter a name and location for the saved registry file, and then click Save.
Registry entries for debugger programs are located in the AeDebug key in Windows. The Dr. Watson
program is installed by default in Windows, and is configured to run when an application error
occurs (with a data value of 1 for the Auto value). The default values are:
1. At a command prompt, type the following line, and then press ENTER:
drwtsn32 -i
2. Double-click the .reg file you created in steps three and four above.
ABOUT DR. WATSON
Dr. Watson is a software utility included with Microsoft Windows that is used to
help detect, decode and log errors that are encountered while windows or
windows programs are running.
A user can run Dr. Watson by clicking Start / Run and typing "drwatson" and
clicking ok. The Windows NT and 2000 Version of Dr. Watson can be run by
clicking Start / Run and typing "drwtsn32". When running Dr. Watson, you should
see either a new task on your toolbar or on your systray indicating that Dr.
Watson is running in the background. If errors are frequently occurring, run Dr.
Watson to help get additional information about the error.
When Dr. Watson encounters an error, the error is logged under the file
"drwtsn32.log" or "user.dmp" when running Microsoft Windows NT or Windows
2000. When running Microsoft Windows 95, 98 or ME, the file is logged with a
.WLG file extension and stored under the \Windows\Drwatson or \Documents and
Settings\All Users\Documents\DrWatson folder. For example, 10.wlg and
drwtsn32.txt are examples of Dr. Watson files.
Tip: If your computer is encountering errors often, load Dr. Watson into the
startup folder to load the program each time the computer boots.
TROUBLESHOOTING
1. If errors are being encountered with a specific program, ensure that the
latest software updates have been downloaded for that program.
2. Users running Microsoft Windows 95, 98 can double-click the Dr. Watson
icon on the systray to view errors and obtain a system snapshot of the
computer. Additional detailed information can also be seen by clicking
the View option and selecting the Advanced view.
3. Users running Microsoft Windows NT, Windows 2000, or Windows XP can
decode the error by reviewing our below instruction on how to decode
Dr. Watson errors.
4. Verify that another program running in the background is not causing the
problem by end tasking all TSRs. Additional information about TSRs can
be found on document CHTSR.
5. If after following the above steps you continue to receive Dr. Watson
errors, attempt to reinstall the application you are running and/or
contact the manufacturer or developer of the software program or
computer.
HKEY_LOCAL_MACHINE\
Software\
Microsoft\
WindowsNT\
CurrentVersion\
The below information applies to users who are running Microsoft Windows NT,
Windows 2000, or Windows XP and viewing the drwtsn32.log file. Each Dr.
Watson error is appended to the end of the drwtsn32.log file. Therefore, you
may need to scroll to the end of the file to determine the exact error.
The first portion of the drwtsn32.log file, as shown in the above example, gives
us information about the program, the time and the exception. As you can see
from the above example, this error is occurring in mcshield.exe, which is a part
of McAfee Virus Scan. We next see the date and time when this error occurred
and the exception number.
Unless the proper symbol is loaded on the computer, you will be limited to the
above information to determine what is causing the issue. As you can see from
the below example, the function has no symbols; therefore, you would be
unable to determine what function caused the error to occur. Additional
information about symbols can be found on Microsoft's DDK page, Microsoft
Q141465 or through your system administrator.
function: <nosymbols>
01500878 89d5 mov ebp,edx
0150087a 89de mov esi,ebx
0150087c 890c24 mov [esp],ecx
ss:0172eae8=000000af
0150087f 85db test ebx,ebx
01500881 7c15 jl 01503998
01500883 31c0 xor eax,eax
01500885 8a02 mov al,[edx]
ds:0000001c=??
01500887 01d8 add eax,ebx
01500889 8d50ff lea edx,[eax+0xff]
ds:00a7d5d2=????????
0150088c 8b4704 mov eax,[edi+0x4]
ds:0279a0a8=????????
FAULT ->0150088f 8b08 mov ecx,[eax]
ds:00000000=????????
01500891 ff511c call dword ptr [ecx+0x1c]
ds:00a7d681=????????
01500894 39c2 cmp edx,eax
01500896 7604 jbe 0150399c
01500898 31c0 xor eax,eax
0150089a eb54 jmp 01508bf0
0150089c 837c241400 cmp dword ptr [esp+0x14],0x0
ss:021ac0bb=????????
015008a1 7513 jnz 015093b6
015008a3 8b5c2418 mov ebx,[esp+0x18]
ss:021ac0bb=????????
015008a7 89f2 mov edx,esi
015008a9 31c9 xor ecx,ecx
015008ab 89f8 mov eax,edi
*----> Stack Back Trace <----*
Users running other versions of Windows can view the Dr. Watson information
by opening the Dr. Watson program (c:\winnt\system32\drwtsn32.exe NOT
drwatson.exe) and viewing the diagnostics information and suggestions. A
snapshot of the system configuration can also be seen by clicking the View
option and selecting "Advanced View".
System File Checker
Windows 2000 & XP comes with a very handy tool called the system file checker. The
SFC tool itself will scan your computer for system files that may have been replaced
when some old or poorly made program was installed. This usually happens because the
programmer who made the software did not create it to check the versions of each system
file it replaces.
To protect your computer from old system files, Microsoft created a special service that is
built into the operating system. This service monitors your system files, and if one is
replaced or deleted, ICS will automatically restore the system file.
SFC works in conjunction with a utility called Windows File Protection that keeps the
system file cache: (%Systemroot%\System32\Dllcache) uppdated with the newest
Microsoft Approved files as they are installed on your system. I prefer to use the
system backup for the ability to roll back to a former configuration however.
To manually invoke the system file checker, be sure you have administrative access then
go to the command prompt and type:
sfc /scannow
The system will immediately begin to check all the current system files and restore the
cached approved copies. You may be asked to insert the Windows CD as well during the
restore.
Clue: Keep in mind that after you perform a system file restore you should install the newest
service pack so you are running the most current, Microsoft approved system files.
For you XP users, SFC should be used as a last resort. If you have been creating system
restore points, first roll back to your latest restore point and see if that fixes your problem
Disable Windows File Protection (Windows 2000/XP) Popular
Windows 2000 and XP include a feature called Windows File Protection (WFP), part of
the System File Checker, which is intended to avoid some of the common DLL
consistency issues. This feature may also block valid attempts to change system files and
it can therefore be disabled using this tweak.
Change the value of "SFCDisable" to equal "ffffff9d" to disable WFS or "0" to enable it.
The other valid hexadecimal values are:
Windows XP
Once these files have been updated apply the registry setting above.
Note: You must manually modify the operating system files using a hex editor to allow
this tweak to disable SFC on Windows 2000 (SP1+) or Windows XP.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVers...
Registry Settings
System Key: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows
NT\CurrentVersion\Winlogon]
Value Name: SFCDisable
Data Type: REG_DWORD (DWORD Value)
Value Data: 0 = enabled (default), ffffff9d = disabled
File sharing in Windows XP Next
Advantages
File sharing involves making the content of one or more directories available through the network. All
Windows systems have standard devices making it easy to share the content of a directory. However, file
sharing may lead to security problems since, by definition, it gives other users access to the content of a part
of the hard drive.
As a result, it is essential that you share only directories for which it would not be extremely important if their
content were revealed (or destroyed), Furthermore, you are strongly advised against sharing a whole
partition of your hard drive. This operation is strongly discouraged if you do not trust the other network
users!
Machine names
Firstly, you need to give a specific machine name. To do so, simply to go Control panel/System, then to the
"Computer name" tab and then "Change...".
• C$: Access to the root partition or volume. The other partitions are also accessible by their letter followed by
the "$" character;
• ADMIN$: Access to the %systemroot% directory, making it possible to manage a machine on the network.
• IPC$: Enables communication between network processes.
• PRINT$: Remote access to printers.
To view and manage the computer's administrative shares, simply go to Control panel/Administrative
tools/Computer management/Shared folders/Shares. An alternative is to right-click My computer and select
Manage.
Advanced file sharing
Advanced file sharing, available only in Windows XP and higher, involves defining access permissions to
shared resources by user or group of users. Unlike simple file sharing, users have to be identified before
shared resources can be accessed.
To set up advanced file sharing, you firstly need to disable simple file sharing by opening My computer, then
Tools/Folder options... /View.. At the bottom of the scrollable list, make sure the Use simple file sharing
(recommended) option is unchecked.
Secondly, you need to create as many user accounts as necessary. To create user accounts, simply click
User accounts in the control panel, then Add. If an identical account (with the same password) exists on the
remote machine, used by the user, he will not need to enter his password to access the share.
When sharing a resource (right-click, then Sharing and security), simply click the button Permissions:
To restrict access to the shared resource, you need to remove access to "Everyone" and then give access
only to authorized users. Anonymous access may potentially be created thanks to the "Guest" account.
Using a shared resource
There are two methods for using a shared folder:
• Direct use of the resource via its address. The address of a shared resource has the following form:
\\computer\share_name
computer represents the computer's name or IP address and share_name corresponds to the name given to
the shared resource.
• The connection of a network drive, making it possible to link the shared resource to a virtual drive letter. To
connect a network drive, simply open the file browser (Start/Run/"browse"), then in the Tools menu, select
Connect a network drive... Choose an available drive letter and enter the folder name.
Diagnostics
If access to shared resources doesn't work, it may be due to one of the following reasons:
• The network connection between the machines is incorrect. In this case diagnose the network;
• The users do not belong to the same domain.
• The computers on the local area network must have the same subnet mask. You can easily check this using
the ipconfig command.
• A firewall (or antivirus) on the computer sharing the resource, on the computer accessing the resource or on
the network is blocking access. Check the firewall's settings, and if necessary temporarily disable the firewall
to find out whether the problem is related;
• The maximum number of users is 5 in Windows XP family and 10 in Windows XP professional. For more
information:
o Limite du nombre de connexions d'entrée dans Windows XP - Article F314882 de la base de connaissance
Microsoft
• A special character (such as a space) in the name of a shared resource can block access for older operating
systems.
• The rights of the NTFS file system can interfere with sharing rights since restrictions have priority over
permissions.