When an application runs on Windows NT you might experience problems, like a memory leak, or hanging at 0% (dead lock) or 100% (busy loop) CPU utilization.
If the computer is used in a production environment you usually do not have the time for debugging the process. In this situation, you can use DOTCRASH to create a user mode memory dump of the offending process and continue production much faster.
MORE INFORMATION
================
DOTCRASH uses Win32 API to create the memory dump. Here is how it works:
1. Get Debug privilege (if it doesnt work, were not an Admin-like user)
2. Resolve process name to process ID, if needed
3. Open the target process with Full Access
4. Change AeDebug and Dr. Watson configuration to write <process name>.dmp
5. Create thread in target process with starting address 0xDEAD. This requires privileges acquired in 1) and 3)
6. Return Debug privilege
7. Restore original AeDebug and Dr. Watson configuration
DOTCRASH will not check if the files required to run Dr. Watson are installed in the system. You can check this if you run DRWTSN32 from the Start/Run dialog. While Dr. Watson is working on the memory dump it will put up a dialog. Do not click the Close or Cancel button. Wait until the OK button is enabled and then press OK.
There is a known problem with Dr. Watson on the Alpha platform on Windows NT 4.0:
Q170057: Dr. Watson Dialog Box Stops Responding on DEC Alpha Platform
A fix for this problem is scheduled for Service Pack 4. The fixed file for the English version of Windows NT and Q170057 are included in the SOFTLIB file.
DOTCRASH requires PSAPI.DLL. The SOFTLIB file contains versions of this file for Windows NT 3.51 and 4.0, for the Intel and Alpha platform. If you happen to have a newer version on your system, skip this step.
The memory dump created by Dr. Watson can be loaded in WinDBG. In addition to the threads currently active in the process, there will be an additional one in 2nd chance exception. Heres an excerpt of a WinDBG session of a dump made with SPOOLSS.EXE:
