This section defines some common terms and procedures you need when you debug kernel STOP errors.
When Windows NT encounters hardware problems, inconsistencies within data necessary for its operation, or other similar errors, the operating system processes the error based upon the information entered in the Recovery dialog box. For information about the Recovery dialog box, see "Creating a Memory Dump File," later in this chapter.
If the user did not select Automatically reboot in the Recovery dialog box, Windows NT displays a blue screen containing error information, then stops.
Knowledge Base articles and other Windows NT documentation sometimes refer to this type of error as blue screen, kernel error, or even trap. This chapter uses the term kernel STOP error. However, if the context specifically refers to Windows NT stopping with the blue screen displayed, the term blue screen is used instead. The term trap is used in this chapter to mean that the kernel has detected an error and might write a memory dump file as part of its processing of the error.
Usually, when code is compiled, one of two versions of the executable file can be created: a debug (also known as checked) version, or a nondebug (also known as free) version. The checked version contains extra code that enables a developer to debug problems, but this means a larger and possibly slower executable file. The free version of the executable file is smaller and runs at a normal speed, but cannot be debugged.
Windows NT combines the speed and smaller size of free versions with the debugging capabilities of the checked versions. All executable files, drivers, dynamic-link libraries, and other program files in Windows NT are the free versions. However, each program file has a corresponding symbol file, which contains the debug code that is normally part of the checked file. These symbol files are on the Windows NT Server product CD, in the Support\Debug\Platform\Symbols directories, where Platform is I386, Alpha, MIPS, or PowerPC. Within each Symbols directory, there is one directory for each type of file (such as .exe, .dll, and .sys). This structure is referred to as a symbol tree. Table 39.1 describes directories that exist in a standard symbol tree.
Table 39.1 Standard Symbol Tree Directories
Directory | Contains symbols for | |
ACM | Microsoft Audio Compression Manager files | |
COM | Executable files (.com) | |
CPL | Control Panel programs | |
DLL | Dynamic-link library files (.dll) | |
DRV | Driver files (.drv) | |
EXE | Executable files (.exe) | |
SCR | Screen-saver files | |
SYS | Driver files (.sys) | |
All of the utilities used to debug Windows NT or interpret memory dump files require a symbol tree containing the symbol files for the version of Windows NT you were running at the time of the kernel STOP error. With some utilities, you need the \Symbols directory to be on your hard drive, in the \Systemroot directory. With other utilities, you can specify the path to the \Symbols directory as a command-line option or in a dialog box.
The term target computer refers to the computer on which the kernel STOP error occurs. This computer is the one that needs to be debugged. It can be a computer located within a few feet of the computer on which you run the debugger, or it can be a computer that you dial in to by using a modem.
The term host computer refers to the computer on which you run the debugger. This computer should run a version of Windows NT that is at least as recent as the one on the target computer.