Using WinDbg with the Recovery Option

If you do not want to or are unable to do local or remote debugging, you can use the Recovery option located under the System option in Control Panel. Whenever a Windows NT Executive STOP error occurs, Windows NT can save the state of the computer system to a log file on the boot partition. This file contains all the information needed by WinDbg to troubleshoot the STOP error as if you were connected to a live computer experiencing the problem. In addition, all the WinDbg commands that work during a local or remote debugging session also work in this mode.

This enables you to examine the error at any time and immediately restart the computer that failed instead of keeping it down during the debug session. The only drawback to this method is that, to contain all the necessary information for a debug session, you must have sufficient space on your hard disk for the resulting log file, which will be as large as your RAM memory. Therefore, whenever a STOP error occurs, a computer with 32 MB of RAM will produce a 32-MB log file.

To configure Windows NT to save STOP information to a log file

  1. In Control Panel, choose the System option.
  2. In the System dialog box, choose the Recovery button.
  3. In the Recovery dialog box, select the Write Debugging Information To check box, and either accept the default path and filename (/systemroot\MEMORY.DMP) or type your own in the text box.

    To have this log file overwrite any file of the same name, select the Overwrite Any Existing File check box. If you clear this check box, Windows NT will not write a log file if there is already a file by that name.

To debug a log file using WinDbg

  1. Create a subdirectory called \SYMBOLS on the host computer's hard disk under the directory in which you have installed Windows NT.
  2. Copy the debugging symbols, corresponding to the target computer that produced the log file, from the \SUPPORT\DEBUG\<platform>\SYMBOLS directory on the CD-ROM to the \SYMBOLS directory on the host computer.

    Platform refers to the hardware platform of the host computer.

  3. Copy all the files from the \SUPPORT\DEBUG\<platform> directory on the CD-ROM to the \SYSTEM32 directory on the host computer.

    This can be done with the xcopy or copy command.

  4. To start WinDbg in Kernel-debug mode from either the command line or the File Run dialog box in Program Manager, type:

    <path> windbg -z <filename> -y <symbol path>

    Where:

    Path is the path to the WINDBG.EXE file.

    -z invokes the Kernel-debug mode using the MEMORY.DMP file.

    Filename is the path and name of the log file that you want to debug.

    -y indicates that the next parameter is the symbol path.

    Symbol path is the path to the \SYMBOLS directory.

    The following is an example of such a command:

    / windbg -z /windows\memory.dmp -y /windows\symbols

    1. To create a log of the debugging session, from the Options menu, choose Debug.
    2. In the Logfile section of the Debugger Options dialog box, you can:
      • Select the Open Automatically check box to have WinDbg open a log file whenever it starts. If you want to specify a path and name for the log file, type one in the Name text box.
      • Select the Append check box to append new data to an existing log file. Otherwise, the file will be overwritten.

      For more information on WinDbg settings, see the online Help file.