How To Create a Log File of Created Named Objects

ID: Q191011


The information in this article applies to:
  • Microsoft Windows NT Server version 4.0, Terminal Server Edition

IMPORTANT: This article contains information about editing the registry. Before you edit the registry, make sure you understand how to restore it if a problem occurs. For information about how to do this, view the "Restoring Registry Key" Help topic in Regedit.exe or the "Restoring a Registry Key" Help topic in Regedt32.exe.

SUMMARY

When you set an application-compatibility flag of 0x1000 for an application on a Terminal Server, you tell the system to log any named object creations, such as semaphores, mutexes, events, and sections, to a file. This can be useful when you troubleshoot application problems. Normally, named objects have the Session ID appended to them to help distinguish them from objects created by other sessions. This process is referred to as "decorating the object." Some applications will fail if they cannot locate a named object. If the application expects a specific object name, but the name has been modified through decoration, the application may fail. You can register the application executable using the REGISTER utility, which will instruct Multi-User Object Manager to not decorate the created name objects in the application. Making a log file of created named objects (and the DLLs that made the objects) can be help you determine which DLLs to register.


MORE INFORMATION

WARNING: Using Registry Editor incorrectly can cause serious problems that may require you to reinstall your operating system. Microsoft cannot guarantee that problems resulting from the incorrect use of Registry Editor can be solved. Use Registry Editor at your own risk.

For information about how to edit the registry, view the "Changing Keys And Values" Help topic in Registry Editor (Regedit.exe) or the "Add and Delete Information in the Registry" and "Edit Registry Data" Help topics in Regedt32.exe. Note that you should back up the registry before you edit it. If you are running Windows NT, you should also update your Emergency Repair Disk (ERD).

Application compatibility flags are set under:


   HKEY_LOCAL_MACHINE\Software\Microsoft\\Windows NT\ 
   CurrentVersion\Terminal Server\Compatibility\Applications 
NOTE: The above registry key is one path; it has been wrapped for readability.

  1. Create a key for the executable you want to monitor. In this example, NET.EXE will be monitored, so a key called NET is created.


  2. Add a DWORD value called FLAGS to the NET key. The Flags value will be 1000 in hex (and will appear as 0x1000).


  3. Locate or create a directory to store the log file. In this example, the directory D:\OBJECTLOG is used.


  4. In Control Panel/System, locate Environment and add a system variable, CITRIX_COMPAT_LOGPATH. The value for this variable will be the directory for the log. In this example, D:\OBJECTLOG is used.


  5. At a command prompt, type SET to view environment variables. Check the variable name and path for accuracy. In the example, the variable reads, CITRIX_COMPAT_LOGPATH=D:\OBJECTLOG.


  6. Run the application and then view the created log. If no log is created then the application does not create named objects. For the example, run NET USE G: \\Serververname\C$ (or any share). The resulting NET.LOG is created:

    
       Create Event name: ConnectionChangeEvent\USER Return Addr: 777079db
       (D:\WTSRV\system32\MPR.dll)
       Create Event name: SvcctrlStartEvent_A3752DX\SYSTEM Return Addr:
       77db84cd (D:\WTSRV\system32\ADVAPI32.dll)
       Create Event name: ScNetDrvMsg Return Addr: 77703140
       (D:\WTSRV\system32\MPR.dll) 


  7. NOTE: The log provides details about the object name, its memory address, and the DLL that created the object.

  8. When you complete troubleshooting, edit the flags value for the application so logging stops. Remove the 1000 value. Be sure not to delete any other flag values. For example, a flags value of 1008 means that object creation logging should occur, and that the application is a 32-bit application. Subtract the 0x1000, and leave behind the value of 0x8.


Additional query words:

Keywords :
Version : WinNT:4.0
Platform : winnt
Issue type : kbinfo


Last Reviewed: September 10, 1999
© 2000 Microsoft Corporation. All rights reserved. Terms of Use.