Description of the Dr WATSON

8/14/2019 Description of the Dr WATSON

1/15

Description of the Dr. Watson for Windows (Drwtsn32.exe) Tool

Dr. Watson for Windows is a program error debugger that gathers information about your computer

when an error (or user-mode fault) occurs with a program. Technical support groups can use the

information that Dr. Watson obtains and logs to diagnose a program error. When an error is

detected, Dr. Watson creates a text file (Drwtsn32.log) that can be delivered to support personnel

by the method they prefer. You also have the option of creating a crash dump file, which is a binary

file that a programmer can load into a debugger.

Note Windows XP also provides an Error Reporting service that monitors your computer for both

user-mode and kernel-mode faults ("stop" error messages or error messages that are displayed on

a blue screen, as well as improper shutdown events) that affect both the operating system and any

programs. This service allows you to send error reports to Microsoft when an error occurs. Because

all error reports are confidential and anonymous, Microsoft Support Professionals do not have access

to any error report that you have sent to Microsoft over the Internet using the Error Reporting

service. As a result, you may need to send a Dr. Watson for Windows log file to a support

professional. For additional information about Error Reporting Service in Windows XP, click the

article number below to view the article in the Microsoft Knowledge Base:

310414 HOW TO: Configure and Use Error Reporting in Windows XP

If a program error occurs, Dr. Watson for Windows starts automatically. To configure Dr. Watson,

follow these steps:

1. Click Start, and then click Run.

2. Type drwtsn32, and then click OK.

By default, the log file created by Dr. Watson is named Drwtsn32.log and is saved in the following

location:

drive:\Documents and Settings\All Users.WINNT\Application Data\Microsoft\Dr Watson

Note Drwatson.exe is an older program error debugger that was included with earlier versions of

Windows NT. Microsoft recommends that you use Drwtsn32.exe instead of Drwatson.exe in Windows

XP.
http://support.microsoft.com/kb/310414/EN-US/http://support.microsoft.com/kb/310414/EN-US/http://support.microsoft.com/kb/310414/EN-US/


2/15

How to disable Dr. Watson for Windows

Important This section, method, or task contains steps that tell you how to modify the registry.

However, serious problems might occur if you modify the registry incorrectly. Therefore, make sure

that you follow these steps carefully. For added protection, back up the registry before you modify

it. Then, you can restore the registry if a problem occurs. For more information about how to back

up and restore the registry, click the following article number to view the article in the Microsoft

Knowledge Base:

322756 How to back up and restore the registry in Windows

Note Because there are several versions of Microsoft Windows, the following steps may be different

on your computer. If they are, see your product documentation to complete these steps.

Back to the top

To disable Dr. Watson

1. Click Start, click Run, type regedit.exe in the Open box, and then click OK.

2. Locate and click the following registry key:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows

NT\CurrentVersion\AeDebug

NOTE: Steps three and four are optional, but they necessary if you want to restore the

default use of Dr. Watson.

3. Click the AeDebug key, and then click Export Registry File on the Registry menu.

4. Enter a name and location for the saved registry file, and then click Save.

5. Delete the AeDebug key.

Registry entries for debugger programs are located in the AeDebug key in Windows. The Dr. Watson

program is installed by default in Windows, and is configured to run when an application error

occurs (with a data value of 1 for the Auto value). The default values are:

Value Name = Auto

Type = String (REG_SZ)

Data Value = 1 or 0. (Default is 1)

Value Name = Debugger

Type = String (REG_SZ)

Data Value = drwtsn32 -p %ld -e %ld -g
http://support.microsoft.com/kb/322756/http://support.microsoft.com/kb/322756/http://support.microsoft.com/kb/188296#top#tophttp://support.microsoft.com/kb/322756/http://support.microsoft.com/kb/188296#top#top


3/15

NOTE: This data value (drwtsn32 -p %ld -e %ld -g) is specific to Dr. Watson. Alternative debuggers

will have their own values and parameters.

Back to the top

To enable Dr. Watson

1. At a command prompt, type the following line, and then press ENTER:

drwtsn32 -i

2. Double-click the .reg file you created in steps three and four above.
http://support.microsoft.com/kb/188296#top#tophttp://support.microsoft.com/kb/188296#top#top


4/15

ABOUT DR. WATSON

Dr. Watson is a softwareutility included with MicrosoftWindows that is used tohelp detect, decode and logerrors that are encountered while windows or

windows programs are running.

A user can run Dr. Watson by clicking Start / Run and typing "drwatson" andclicking ok. The Windows NT and 2000 Version of Dr. Watson can be run byclicking Start / Run and typing "drwtsn32". When running Dr. Watson, you shouldsee either a new task on your toolbar or on your systray indicating that Dr.Watson is running in the background. If errors are frequently occurring, run Dr.Watson to help get additional information about the error.

When Dr. Watson encounters an error, the error is logged under the file"drwtsn32.log" or "user.dmp" when running Microsoft Windows NT or Windows

2000. When running Microsoft Windows 95, 98 or ME, the file is logged with a.WLG file extension and stored under the \Windows\Drwatson or \Documents andSettings\All Users\Documents\DrWatson folder. For example, 10.wlg anddrwtsn32.txt are examples of Dr. Watson files.

Tip: If your computer is encountering errors often, load Dr. Watson into thestartup folder to load the program each time the computer boots.

TROUBLESHOOTING

Dr. Watson basic troubleshooting

1. If errors are being encountered with a specific program, ensure that thelatest software updates have been downloaded for that program.

2. Users running Microsoft Windows 95, 98 can double-click the Dr. Watsonicon on the systray to view errors and obtain a system snapshot of thecomputer. Additional detailed information can also be seen by clickingthe View option and selecting the Advanced view.

3. Users running Microsoft Windows NT, Windows 2000, or Windows XP candecode the error by reviewing our below instruction on how to decodeDr. Watson errors.

4. Verify that another program running in the background is not causing the

problem by end tasking all TSRs. Additional information about TSRs canbe found on document CHTSR.

5. If after following the above steps you continue to receive Dr. Watsonerrors, attempt to reinstall the application you are running and/orcontact the manufacturer or developer of the software program orcomputer.

How do I disable Dr. Watson in Windows NT?
http://www.computerhope.com/jargon/s/software.htmhttp://www.computerhope.com/jargon/u/utility.htmhttp://www.computerhope.com/comp/msoft.htmhttp://www.computerhope.com/jargon/w/windows.htmhttp://www.computerhope.com/jargon/d/decode.htmhttp://www.computerhope.com/jargon/l/log.htmhttp://www.computerhope.com/jargon/e/error.htmhttp://www.computerhope.com/jargon/p/program.htmhttp://www.computerhope.com/jargon/u/user.htmhttp://www.computerhope.com/jargon/r/run.htmhttp://www.computerhope.com/jargon/w/winnt.htmhttp://www.computerhope.com/jargon/v/version.htmhttp://www.computerhope.com/jargon/c/click.htmhttp://www.computerhope.com/jargon/t/task.htmhttp://www.computerhope.com/jargon/t/toolbar.htmhttp://www.computerhope.com/jargon/s/systray.htmhttp://www.computerhope.com/jargon/b/backgrou.htmhttp://www.computerhope.com/jargon/f/file.htmhttp://www.computerhope.com/jargon/w/windows.htmhttp://www.computerhope.com/jargon/w/win2000.htmhttp://www.computerhope.com/jargon/w/win2000.htmhttp://www.computerhope.com/jargon/w/win95.htmhttp://www.computerhope.com/jargon/w/winme.htmhttp://www.computerhope.com/jargon/e/extensio.htmhttp://www.computerhope.com/jargon/f/folder.htmhttp://www.computerhope.com/jargon/l/load.htmhttp://www.computerhope.com/jargon/s/startup.htmhttp://www.computerhope.com/jargon/t/time.htmhttp://www.computerhope.com/jargon/b/boot.htmhttp://www.computerhope.com/issues/chsys.htmhttp://www.computerhope.com/issues/chtsr.htmhttp://www.computerhope.com/jargon/s/software.htmhttp://www.computerhope.com/jargon/u/utility.htmhttp://www.computerhope.com/comp/msoft.htmhttp://www.computerhope.com/jargon/w/windows.htmhttp://www.computerhope.com/jargon/d/decode.htmhttp://www.computerhope.com/jargon/l/log.htmhttp://www.computerhope.com/jargon/e/error.htmhttp://www.computerhope.com/jargon/p/program.htmhttp://www.computerhope.com/jargon/u/user.htmhttp://www.computerhope.com/jargon/r/run.htmhttp://www.computerhope.com/jargon/w/winnt.htmhttp://www.computerhope.com/jargon/v/version.htmhttp://www.computerhope.com/jargon/c/click.htmhttp://www.computerhope.com/jargon/t/task.htmhttp://www.computerhope.com/jargon/t/toolbar.htmhttp://www.computerhope.com/jargon/s/systray.htmhttp://www.computerhope.com/jargon/b/backgrou.htmhttp://www.computerhope.com/jargon/f/file.htmhttp://www.computerhope.com/jargon/w/windows.htmhttp://www.computerhope.com/jargon/w/win2000.htmhttp://www.computerhope.com/jargon/w/win2000.htmhttp://www.computerhope.com/jargon/w/win95.htmhttp://www.computerhope.com/jargon/w/winme.htmhttp://www.computerhope.com/jargon/e/extensio.htmhttp://www.computerhope.com/jargon/f/folder.htmhttp://www.computerhope.com/jargon/l/load.htmhttp://www.computerhope.com/jargon/s/startup.htmhttp://www.computerhope.com/jargon/t/time.htmhttp://www.computerhope.com/jargon/b/boot.htmhttp://www.computerhope.com/issues/chsys.htmhttp://www.computerhope.com/issues/chtsr.htm


5/15

Dr. Watson by default is always running on computers running MicrosoftWindows NT. To disable Dr. Watson remove it from the registry. Note: Pleasereview our Registry page for additional information about the registry and itsdangers.

Open the below folders and keys.

HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsNT\CurrentVersion\

Locate and delete the key AeDebug.

HOW TO DECODE DR. WATSON ERRORS

The below information applies to users who are running Microsoft Windows NT,Windows 2000, or Windows XP and viewing the drwtsn32.log file. Each Dr.Watson error is appended to the end of the drwtsn32.log file. Therefore, youmay need to scroll to the end of the file to determine the exact error.

Application exception occurred:App: .\Release\Mcshield.exe (pid=508)When: 11/3/2001 @ 13:54:08.489Exception number: c0000005 (access violation)

The first portion of the drwtsn32.log file, as shown in the above example, givesus information about the program, the time and the exception. As you can seefrom the above example, this error is occurring in mcshield.exe, which is a partof McAfee Virus Scan. We next see the date and time when this error occurredand the exception number.

Unless the proper symbol is loaded on the computer, you will be limited to theabove information to determine what is causing the issue. As you can see fromthe below example, the function has no symbols; therefore, you would beunable to determine what function caused the error to occur. Additionalinformation about symbols can be found on Microsoft's DDK page, Microsoft

Q141465 or through your system administrator.

function: 01500878 89d5 mov ebp,edx0150087a 89de mov esi,ebx0150087c 890c24 mov [esp],ecx

ss:0172eae8=000000af0150087f 85db test ebx,ebx01500881 7c15 jl 01503998
http://www.microsoft.com/ddk/http://support.microsoft.com/http://support.microsoft.com/http://www.microsoft.com/ddk/http://support.microsoft.com/http://support.microsoft.com/


6/15

01500883 31c0 xor eax,eax01500885 8a02 mov al,[edx]

ds:0000001c=??01500887 01d8 add eax,ebx01500889 8d50ff lea edx,[eax+0xff]

ds:00a7d5d2=????????0150088c 8b4704 mov eax,[edi+0x4]

ds:0279a0a8=????????FAULT ->0150088f 8b08 mov ecx,[eax]

ds:00000000=????????01500891 ff511c call dword ptr [ecx+0x1c]

ds:00a7d681=????????01500894 39c2 cmp edx,eax01500896 7604 jbe 0150399c01500898 31c0 xor eax,eax0150089a eb54 jmp 01508bf00150089c 837c241400 cmp dword ptr [esp+0x14],0x0

ss:021ac0bb=????????015008a1 7513 jnz 015093b6015008a3 8b5c2418 mov ebx,[esp+0x18]

ss:021ac0bb=????????015008a7 89f2 mov edx,esi015008a9 31c9 xor ecx,ecx015008ab 89f8 mov eax,edi

*----> Stack Back Trace


7/15

System File Checker

Windows 2000 & XP comes with a very handy tool called the system file checker. The

SFC tool itself will scan your computer for system files that may have been replacedwhen some old or poorly made program was installed. This usually happens because the

programmer who made the software did not create it to check the versions of each systemfile it replaces.

To protect your computer from old system files, Microsoft created a special service that is

built into the operating system. This service monitors your system files, and if one isreplaced or deleted, ICS will automatically restore the system file.

SFC works in conjunction with a utility called Windows File Protection that keeps the

system file cache: (%Systemroot%\System32\Dllcache) uppdated with the newest

Microsoft Approved files as they are installed on your system. I prefer to use thesystem backup for the ability to roll back to a former configuration however.

To manually invoke the system file checker, be sure you have administrative access thengo to the command prompt and type:

sfc /scannow

The system will immediately begin to check all the current system files and restore the

cached approved copies. You may be asked to insert the Windows CD as well during therestore.

Clue: Keep in mind that after you perform a system file restore you should install the newestservice pack so you are running the most current, Microsoft approved system files.

For you XP users, SFC should be used as a last resort. If you have been creating system

restore points, first roll back to your latest restore point and see if that fixes your problem
http://void%280%29/http://void%280%29/http://www.networkclue.com/os/Windows/winxp/index.aspx#RPhttp://www.networkclue.com/os/Windows/winxp/index.aspx#RPhttp://void%280%29/http://void%280%29/http://www.networkclue.com/os/Windows/winxp/index.aspx#RPhttp://www.networkclue.com/os/Windows/winxp/index.aspx#RP


8/15

Disable Windows File Protection(Windows 2000/XP) Popular

Windows 2000 and XP include a feature called Windows File Protection (WFP), part of

the System File Checker, which is intended to avoid some of the common DLL

consistency issues. This feature may also block valid attempts to change system files andit can therefore be disabled using this tweak.

Open your registry and find the key below.

Change the value of "SFCDisable" to equal "ffffff9d" to disable WFS or "0" to enable it.

The other valid hexadecimal values are:

1 - disabled, prompt at boot to re-enable2 - disabled at next boot only, no prompt to re-enable

4 - enabled, with popups disabled

ffffff9d - for completely disabled

Restart Windows for the change to take effect.

Additional Steps for Windows 2000 Service Pack 2 and Windows XP

This setting is disabled in Windows 2000 SP2 and Windows XP, and needs to re-enabled

using a hex editor and changing SFC.DLL (or SFC_OS.DLL for Windows XP) following

these instructions:

Windows 2000 SP2

1. Make a backup the SFC.DLL in the C:\WINNT\SYSTEM32 directory.2. Make an additional copy of SFC.DLL called SFC1.DLL and open it in a hex

editor.3. At offset 00006211 (6211h) you should find the values "8B" and "C6". Do not

continue if you are unable to find these values.

4. Change the values "8B C6" to read "90 90" and save the changes.5. Run these commands to update the system files:6. copy c:\winnt\system32\sfc1.dll c:\winnt\system32\sfc.dll /y7. copy c:\winnt\system32\sfc1.dll

c:\winnt\system32\dllcache\sfc.dll /y

8. If you are prompted to insert the Windows CD, click Cancel.

9. Restart Windows for the change to take effect.

Windows XP

1. Make a backup the SFC_OS.DLL in the C:\WINDOWS\SYSTEM32 directory.

2. Make an additional copy of SFC_OS.DLL called SFC_OS1.DLL and open it in ahex editor.

3. Windows XP (no Service Pack)

At offset 0000E2B8 (0E2B8h) you should find the values "8B" and "C6".


9/15

Windows XP (Service Pack 1)

At offset 0000E3BB (0E3BBh) you should find the values "8B" and "C6".

4. Do not continue if you are unable to find these values.5. Change the values "8B C6" to read "90 90" and save the changes.

6. Run these commands to update the system files:7. copy c:\windows\system32\sfc_os1.dll

c:\windows\system32\sfc_os.dll /y8. copy c:\windows\system32\sfc_os1.dll

c:\windows\system32\dllcache\sfc_os.dll /y

9. If you are prompted to insert the Windows CD, click Cancel.

10. Restart Windows for the change to take effect.

Once these files have been updated apply the registry setting above.

Note: You must manually modify the operating system files using a hex editor to allow

this tweak to disable SFC on Windows 2000 (SP1+) or Windows XP.

(Default) REG_SZ (value not set)

SFCDisable REG_DWORD 0xffffff9d (4294967197)

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVers...

Registry SettingsSystem Key:[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows

NT\CurrentVersion\Winlogon]Value Name: SFCDisable

Data Type: REG_DWORD (DWORD Value)

Value Data: 0 = enabled (default), ffffff9d = disabled
http://www.pctools.com/guides/help/registry-settings.php#system_keyhttp://www.pctools.com/guides/help/registry-settings.php#system_keyhttp://www.pctools.com/guides/help/registry-settings.php#value_namehttp://www.pctools.com/guides/help/registry-settings.php#data_typehttp://www.pctools.com/guides/help/registry-settings.php#value_datahttp://www.pctools.com/guides/help/registry-settings.php#system_keyhttp://www.pctools.com/guides/help/registry-settings.php#value_namehttp://www.pctools.com/guides/help/registry-settings.php#data_typehttp://www.pctools.com/guides/help/registry-settings.php#value_data


10/15

File sharing in Windows XP Next

Advantages

File sharing involves making the content of one or more directories available through the network. All

Windows systems have standard devices making it easy to share the content of a directory. However, file

sharing may lead to security problems since, by definition, it gives other users access to the content of a partof the hard drive.

As a result, it is essential that you share only directories for which it would not be extremely important if their

content were revealed (or destroyed), Furthermore, you are strongly advised against sharing a whole

partition of your hard drive. This operation is strongly discouraged if you do not trust the other network

users!

Machine names

Firstly, you need to give a specific machine name. To do so, simply to go Control panel/System, then to the

"Computer name" tab and then "Change...".

You need to have administrator privileges to perform thisoperation.

Simple file sharing

Simple file sharing is the sharing mode that is activated by default (and the only mode available in Windows

XP Home, or Windows XP family edition). It makes it possible to globally share, for the whole workgroup, a

directory's files, with no restrictions or passwords.

It is simple to use. In Windows XP however, you need to enable simple file sharing by opening My computerthen Tools/Folder options... /View.. At the bottom of the scrollable list, make sure the Use simple file sharing

(recommended) option is checked.
http://en.kioskea.net/contents/configuration-reseau/zonealarm.php3http://en.kioskea.net/contents/pc/disque.php3http://en.kioskea.net/contents/configuration-reseau/zonealarm.php3http://en.kioskea.net/contents/pc/disque.php3


11/15

To share a folder, simply right-click the directory you want to share, then select the Share tab:


12/15

Administrative shares and hidden shares

When the name of a shared resource ends with the character "$", that means it is hidden, or that it doesn'tappear in the list of resources.

By default, Microsoft Windows systems have hidden administrative shares to let the administrator of a

machine access the machine's resources through the network.

The default administrative shares, which can be accessed only by the administrator, are as follows:

C$: Access to the root partition or volume. The other partitions are also accessible by their letter followed by

the "$" character;

ADMIN$: Access to the %systemroot% directory, making it possible to manage a machine on the network.

IPC$: Enables communication between network processes.

PRINT$: Remote access to printers.

To view and manage the computer's administrative shares, simply go to Control panel/Administrative

tools/Computer management/Shared folders/Shares. An alternative is to right-click My computer and select

Manage.

Advanced file sharing


13/15

Advanced file sharing, available only in Windows XP and higher, involves defining access permissions to

shared resources by user or group of users. Unlike simple file sharing, users have to be identified before

shared resources can be accessed.

To set up advanced file sharing, you firstly need to disable simple file sharing by opening My computer, then

Tools/Folder options... /View.. At the bottom of the scrollable list, make sure the Use simple file sharing

(recommended) option is unchecked.

Secondly, you need to create as many user accounts as necessary. To create user accounts, simply click

User accounts in the control panel, thenAdd. If an identical account (with the same password) exists on the

remote machine, used by the user, he will not need to enter his password to access the share.

When sharing a resource (right-click, then Sharing and security), simply click the button Permissions:


14/15

To restrict access to the shared resource, you need to remove access to "Everyone" and then give access

only to authorized users. Anonymous access may potentially be created thanks to the "Guest" account.

Using a shared resource

There are two methods for using a shared folder:

Direct use of the resource via its address. The address of a shared resource has the following form:

\\computer\share_name

computerrepresents the computer's name or IP address and share_name corresponds to the name given to

the shared resource.

The connection of a network drive, making it possible to link the shared resource to a virtual drive letter. To

connect a network drive, simply open the file browser (Start/Run/"browse"), then in the Tools menu, select

Connect a network drive... Choose an available drive letter and enter the folder name.

Diagnostics

If access to shared resources doesn't work, it may be due to one of the following reasons:

The network connection between the machines is incorrect. In this casediagnose the network;

The users do not belong to the same domain.

The computers on the local area network must have the same subnet mask. You can easily check this using

the ipconfig command.

A firewall (or antivirus) on the computer sharing the resource, on the computer accessing the resource or on

the network is blocking access. Check the firewall's settings, and if necessary temporarily disable the firewall

to find out whether the problem is related;
http://en.kioskea.net/contents/configuration-reseau/tests-diagnostics-reseau.php3http://en.kioskea.net/contents/configuration-reseau/tests-diagnostics-reseau.php3http://en.kioskea.net/contents/configuration-reseau/tests-diagnostics-reseau.php3http://en.kioskea.net/contents/configuration-reseau/tests-diagnostics-reseau.php3http://en.kioskea.net/contents/configuration-reseau/tests-diagnostics-reseau.php3


15/15

The maximum number of users is 5 in Windows XP family and 10 in Windows XP professional. For more

information:

o Limite du nombre de connexions d'entre dans Windows XP - Article F314882 de la base de connaissance

Microsoft

A special character (such as a space) in the name of a shared resource can block access for older operatingsystems.

The rights of theNTFS file system can interfere with sharing rights since restrictions have priority over

permissions.
http://support.microsoft.com/default.aspx?kbid=314882http://support.microsoft.com/default.aspx?kbid=314882http://support.microsoft.com/default.aspx?kbid=314882http://en.kioskea.net/contents/repar/ntfs.php3http://en.kioskea.net/contents/repar/ntfs.php3http://support.microsoft.com/default.aspx?kbid=314882http://support.microsoft.com/default.aspx?kbid=314882http://en.kioskea.net/contents/repar/ntfs.php3

Date post:	30-May-2018
Category:	Documents
Upload:	jeetendrakumar2008
View:	213 times
Download:	0 times