drwtsn32 and Windows Server 2008
KM
Does anybody know why?
Is it legal to copy (and install) drwtsn32.exe via an own setup?
Thx, KM.
Jeffrey Tan[MSFT]
Yes, the drwtsn32.exe is removed in Vista and Windows Server2008 since we
introduced a more reliable unhandled exception solution after Vista. Below
is the backgroup story:
Pre-Vista, when an unhandled exception is thrown, the user-mode exception
dispatcher will unwind the stack and find default unhandled exception
handler in the Kernel32 which calls CreateProcess to launch
drwtsn32.exe.(The real process may be more complicated. For example,
drwtsn32.exe is looked up from the Aedebug key in the registry). These are
all done in user-mode. However, if the user-mode stack is exhausted or
corrupted, the exception stack unwind may fail and we may be unable to call
CreateProcess to launch drwtsn32.exe. This will result the process silent
termination which is a bad experience to the end user.
After Vsita, we introduced more reliable achitecture to address the above
problem. Windows Vista moves error handling(CreateProcess code) out of the
context of the crashing process into to a new service, Windows Error
Reporting (WER). The exception handling and dispatching is purely done in
kernel-mode now. When the unhandled exception occurs, it is the kernel that
notifies the WER service(using LPC maybe) and WER is looking for a JIT
debugger in Aedebug registry key. Please refer to the "Enhanced Crash
Support" section in Mark's article below for details:
"Inside the Windows Vista Kernel: Part 3"
http://technet.microsoft.com/en-us/magazine/cc162458.aspx
Since the exception does not rely on the user-mode stack now, the process
termination will always be caught.
Ok, enough backgroud story now. Can you tell me why you need drwtsn32 in
Windows Server2008? Do you want to get crash dump for faulty application in
Windows Server2008? Actually, Windows Error Report tool of Vista SP1 and
Windows Server2008 also have the feature of crash dump collecting, see the
link below for details:
"Collecting User-Mode Dumps"
http://msdn2.microsoft.com/en-us/library/bb787181(VS.85).aspx
The other options for Vista and Windows Server2008 are Adplus.vbs and
DebugDiag etc..:
"How to create a user-mode process dump file in Windows Vista"
http://support.microsoft.com/default.aspx/kb/931673
"Capturing Application Crash Dumps"
http://blogs.technet.com/askperf/archive/2007/06/15/capturing-application-cr
ash-dumps.aspx
Finally, if you really want to use drwtsn32, you may manually set it up.
Please use this approach at your own risk since Microsoft officially does
not support this approach:
"Resurrecting Dr. Watson on Vista"
http://www.dumpanalysis.org/blog/index.php/2007/05/19/resurrecting-dr-watson
-on-vista/
Hope this helps.
Best regards,
Jeffrey Tan
Microsoft Online Community Support
Delighting our customers is our #1 priority. We welcome your comments and
suggestions about how we can improve the support we provide to you. Please
feel free to let my manager know what you think of the level of service
provided. You can send feedback directly to my manager at:
msd...@microsoft.com.
==================================================
Get notification to my posts through email? Please refer to
http://msdn.microsoft.com/subscriptions/managednewsgroups/default.aspx#notif
ications.
Note: The MSDN Managed Newsgroup support offering is for non-urgent issues
where an initial response from the community or a Microsoft Support
Engineer within 1 business day is acceptable. Please note that each follow
up response may take approximately 2 business days as the support
professional working with you may need further investigation to reach the
most efficient resolution. The offering is not appropriate for situations
that require urgent, real-time or phone-based interactions or complex
project analysis and dump analysis issues. Issues of this nature are best
handled working with a dedicated Microsoft Support Engineer by contacting
Microsoft Customer Support Services (CSS) at
http://msdn.microsoft.com/subscriptions/support/default.aspx.
==================================================
This posting is provided "AS IS" with no warranties, and confers no rights.
KM
Your description was very helpful.
We will check the WER and crash dump functionality in more detail.
We use a server application which is started by a service.
It starts applications, which may crash.
dr. watson was our favourite, as a crash can occur without popup.
The log and crash dump was then analyzed by us.
kind regards, KM.
Jeffrey Tan[MSFT]
Thanks for your confirmation.
Actually, if this problem only happens to one machine which you can install
software, the best option should be the adplus.vbs which is a wrapper over
the cdb debugger(using the same core as windbg).
adplus has the most detailed granularity control over the crash dump
generation without poping up the dialog. For example, you can specify what
excpetion you want to take crash dump; you want to take dump for first
chance for second chance exception. The KB below provides more details:
"How to use ADPlus to troubleshoot "hangs" and "crashes""
http://support.microsoft.com/kb/q286350/
If you need any further help, please feel free to feedback. Thanks.
Best regards,
Jeffrey Tan
Microsoft Online Community Support
=========================================
Delighting our customers is our #1 priority. We welcome your comments and
suggestions about how we can improve the support we provide to you. Please
feel free to let my manager know what you think of the level of service
provided. You can send feedback directly to my manager at:
msd...@microsoft.com.
This posting is provided "AS IS" with no warranties, and confers no rights.
KM
Thank you for your explanation.
Our software runs on many computers.
Processes are started and stopped on demand.
I read the documentation.
adplus is not an option for us because:
1) It must be extra downloaded
2) it is not started automatically after a reboot (without login)
3) the processes must already run if I start adplus
Windows Error Reporting fits our needs.
But there arise some questions:
- can Windows Error Handling be defined via a system-wide policy?
- are the following registry values still functional in Windows 2008:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\CrashControl\
AutoReboot
CrashDumpEnabled
LogEvent
Overwrite
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Windows\ErrorMode
kind regards, KM.
Jeffrey Tan[MSFT]
Thanks for your feedback.
Yes, you are right. Since adplus is a wrapper over the cdb debugger, it has
the nature/limitation of debuggers. It is best suitable for single
development machine. In your scenario, WER should be the best solution for
you.
Regarding the further questions, I have confirmed them with the WER team:
1. I assume by "Windows Error Handling" you mean Windows Error Reporting,
then yes it can be configured per machine. Using Group Policy you can set
the WER policy for the local machine or even multiple domain joined
computers (for a list of available settings, see administrative
templates/windows components/Windows Error Reporting in group policy
editor). All these settings are also documented here
http://msdn2.microsoft.com/en-us/library/bb513638.aspx
2. As far as we know, those settings are still functional. However they are
for configuring blue-screen behavior and default application error mode
respectively.
Hope this helps.
Best regards,
Jeffrey Tan
Microsoft Online Community Support
=========================================
Delighting our customers is our #1 priority. We welcome your comments and
suggestions about how we can improve the support we provide to you. Please
feel free to let my manager know what you think of the level of service
provided. You can send feedback directly to my manager at:
msd...@microsoft.com.
This posting is provided "AS IS" with no warranties, and confers no rights.
Jeffrey Tan[MSFT]
Have you reviewed my last reply to you? Does it make sense to you? If you
still need any help or have any concern, please feel free to tell me,
thanks.
Best regards,
Jeffrey Tan
Microsoft Online Community Support
=========================================
Delighting our customers is our #1 priority. We welcome your comments and
suggestions about how we can improve the support we provide to you. Please
feel free to let my manager know what you think of the level of service
provided. You can send feedback directly to my manager at:
msd...@microsoft.com.
This posting is provided "AS IS" with no warranties, and confers no rights.
KM
Thank you for your clear and very detailed answers.
It was very useful and saved us time.
We have currently no further questions.
lg, KM.
Jeffrey Tan[MSFT]
Glad to see my reply can help you.
Ok, if you need further help, please feel free to post, I am glad to be any
help. Thanks.
Best regards,
Jeffrey Tan
Microsoft Online Community Support
=========================================
Delighting our customers is our #1 priority. We welcome your comments and
suggestions about how we can improve the support we provide to you. Please
feel free to let my manager know what you think of the level of service
provided. You can send feedback directly to my manager at:
msd...@microsoft.com.
This posting is provided "AS IS" with no warranties, and confers no rights.
JeffB
Server 2008? I have not found confirmation of this yet. We use DebugDiag on
our Server 2003 instances and I am trying to determine if we need to look for
a new tool for doing hang and memory leak analysis, or if it can still be
used.
Thanks!