Description Of The Dr Watson
This document was uploaded by user and they confirmed that they have the permission to share it. If you are author or own the copyright of this book, please report to us by using this DMCA report form. Report DMCA
Overview
Download & View Description Of The Dr Watson as PDF for free.
More details
- Words: 3,166
- Pages: 15
Description of the Dr. Watson for Windows (Drwtsn32.exe) Tool Dr. Watson for Windows is a program error debugger that gathers information about your computer when an error (or user-mode fault) occurs with a program. Technical support groups can use the information that Dr. Watson obtains and logs to diagnose a program error. When an error is detected, Dr. Watson creates a text file (Drwtsn32.log) that can be delivered to support personnel by the method they prefer. You also have the option of creating a crash dump file, which is a binary file
that
a
programmer
can
load
into
a
debugger.
Note Windows XP also provides an Error Reporting service that monitors your computer for both user-mode and kernel-mode faults ("stop" error messages or error messages that are displayed on a blue screen, as well as improper shutdown events) that affect both the operating system and any programs. This service allows you to send error reports to Microsoft when an error occurs. Because all error reports are confidential and anonymous, Microsoft Support Professionals do not have access to any error report that you have sent to Microsoft over the Internet using the Error Reporting service. As a result, you may need to send a Dr. Watson for Windows log file to a support professional. For additional information about Error Reporting Service in Windows XP, click the article number below to view the article in the Microsoft Knowledge Base: 310414 HOW TO: Configure and Use Error Reporting in Windows XP If a program error occurs, Dr. Watson for Windows starts automatically. To configure Dr. Watson, follow these steps:
1. 2.
Click Start, and then click Run. Type drwtsn32, and then click OK.
By default, the log file created by Dr. Watson is named Drwtsn32.log and is saved in the following location: drive:\Documents and Settings\All Users.WINNT\Application Data\Microsoft\Dr Watson Note Drwatson.exe is an older program error debugger that was included with earlier versions of Windows NT. Microsoft recommends that you use Drwtsn32.exe instead of Drwatson.exe in Windows XP.
How to disable Dr. Watson for Windows Important This section, method, or task contains steps that tell you how to modify the registry. However, serious problems might occur if you modify the registry incorrectly. Therefore, make sure that you follow these steps carefully. For added protection, back up the registry before you modify it. Then, you can restore the registry if a problem occurs. For more information about how to back up and restore the registry, click the following article number to view the article in the Microsoft Knowledge Base: 322756 How to back up and restore the registry in Windows Note Because there are several versions of Microsoft Windows, the following steps may be different on your computer. If they are, see your product documentation to complete these steps. Back to the top
To disable Dr. Watson
1. 2.
Click Start, click Run, type regedit.exe in the Open box, and then click OK. Locate and click the following registry key:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\AeDebug
NOTE: Steps three and four are optional, but they necessary if you want to restore the default use of Dr. Watson.
3. 4.
Click the AeDebug key, and then click Export Registry File on the Registry menu.
5.
Delete the AeDebug key.
Enter a name and location for the saved registry file, and then click Save.
Registry entries for debugger programs are located in the AeDebug key in Windows. The Dr. Watson program is installed by default in Windows, and is configured to run when an application error occurs (with a data value of 1 for the Auto value). The default values are: Value Name = Auto Type = String (REG_SZ) Data Value = 1 or 0. (Default is 1)
Value Name = Debugger Type = String (REG_SZ) Data Value = drwtsn32 -p %ld -e %ld -g
NOTE: This data value (drwtsn32 -p %ld -e %ld -g) is specific to Dr. Watson. Alternative debuggers will have their own values and parameters. Back to the top
To enable Dr. Watson
1.
At a command prompt, type the following line, and then press ENTER:
drwtsn32 -i 2.
Double-click the .reg file you created in steps three and four above.
ABOUT DR. WATSON Dr. Watson is a software utility included with Microsoft Windows that is used to help detect, decode and log errors that are encountered while windows or windows programs are running. A user can run Dr. Watson by clicking Start / Run and typing "drwatson" and clicking ok. The Windows NT and 2000 Version of Dr. Watson can be run by clicking Start / Run and typing "drwtsn32". When running Dr. Watson, you should see either a new task on your toolbar or on your systray indicating that Dr. Watson is running in the background. If errors are frequently occurring, run Dr. Watson to help get additional information about the error. When Dr. Watson encounters an error, the error is logged under the file "drwtsn32.log" or "user.dmp" when running Microsoft Windows NT or Windows 2000. When running Microsoft Windows 95, 98 or ME, the file is logged with a .WLG file extension and stored under the \Windows\Drwatson or \Documents and Settings\All Users\Documents\DrWatson folder. For example, 10.wlg and drwtsn32.txt are examples of Dr. Watson files. Tip: If your computer is encountering errors often, load Dr. Watson into the startup folder to load the program each time the computer boots. TROUBLESHOOTING Dr. Watson basic troubleshooting 1. If errors are being encountered with a specific program, ensure that the latest software updates have been downloaded for that program. 2. Users running Microsoft Windows 95, 98 can double-click the Dr. Watson icon on the systray to view errors and obtain a system snapshot of the computer. Additional detailed information can also be seen by clicking the View option and selecting the Advanced view. 3. Users running Microsoft Windows NT, Windows 2000, or Windows XP can decode the error by reviewing our below instruction on how to decode Dr. Watson errors. 4. Verify that another program running in the background is not causing the problem by end tasking all TSRs. Additional information about TSRs can be found on document CHTSR. 5. If after following the above steps you continue to receive Dr. Watson errors, attempt to reinstall the application you are running and/or contact the manufacturer or developer of the software program or computer. How do I disable Dr. Watson in Windows NT?
Dr. Watson by default is always running on computers running Microsoft Windows NT. To disable Dr. Watson remove it from the registry. Note: Please review our Registry page for additional information about the registry and its dangers. Open the below folders and keys. HKEY_LOCAL_MACHINE\ Software\ Microsoft\ WindowsNT\ CurrentVersion\ Locate and delete the key AeDebug. HOW TO DECODE DR. WATSON ERRORS The below information applies to users who are running Microsoft Windows NT, Windows 2000, or Windows XP and viewing the drwtsn32.log file. Each Dr. Watson error is appended to the end of the drwtsn32.log file. Therefore, you may need to scroll to the end of the file to determine the exact error. Application exception occurred: App: .\Release\Mcshield.exe (pid=508) When: 11/3/2001 @ 13:54:08.489 Exception number: c0000005 (access violation) The first portion of the drwtsn32.log file, as shown in the above example, gives us information about the program, the time and the exception. As you can see from the above example, this error is occurring in mcshield.exe, which is a part of McAfee Virus Scan. We next see the date and time when this error occurred and the exception number. Unless the proper symbol is loaded on the computer, you will be limited to the above information to determine what is causing the issue. As you can see from the below example, the function has no symbols; therefore, you would be unable to determine what function caused the error to occur. Additional information about symbols can be found on Microsoft's DDK page, Microsoft Q141465 or through your system administrator. function: <nosymbols> 01500878 89d5 0150087a 89de 0150087c 890c24 ss:0172eae8=000000af 0150087f 85db 01500881 7c15
mov mov mov
ebp,edx esi,ebx [esp],ecx
test jl
ebx,ebx 01503998
01500883 31c0 01500885 8a02 ds:0000001c=?? 01500887 01d8 01500889 8d50ff ds:00a7d5d2=???????? 0150088c 8b4704 ds:0279a0a8=???????? FAULT ->0150088f 8b08 ds:00000000=???????? 01500891 ff511c ds:00a7d681=???????? 01500894 39c2 01500896 7604 01500898 31c0 0150089a eb54 0150089c 837c241400 ss:021ac0bb=???????? 015008a1 7513 015008a3 8b5c2418 ss:021ac0bb=???????? 015008a7 89f2 015008a9 31c9 015008ab 89f8 *----> Stack Back Trace <----*
xor mov
eax,eax al,[edx]
add lea
eax,ebx edx,[eax+0xff]
mov
eax,[edi+0x4]
mov
ecx,[eax]
call
dword ptr [ecx+0x1c]
cmp jbe xor jmp cmp
edx,eax 0150399c eax,eax 01508bf0 dword ptr [esp+0x14],0x0
jnz mov
015093b6 ebx,[esp+0x18]
mov xor mov
edx,esi ecx,ecx eax,edi
FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4 Function Name 0172F0B8 C9CAE3C0 8DD7C0C1 F99FC687 CBCCD2F9 D6D2CAC1 !<nosymbols> D1C0C91D 00000000 00000000 00000000 00000000 00000000 <nosymbols>
If a function is found, attempt to search for the function through Microsoft's support database or contact the software developer to obtain additional information about why the error is occurring. Users running other versions of Windows can view the Dr. Watson information by opening the Dr. Watson program (c:\winnt\system32\drwtsn32.exe NOT drwatson.exe) and viewing the diagnostics information and suggestions. A snapshot of the system configuration can also be seen by clicking the View option and selecting "Advanced View".
System File Checker Windows 2000 & XP comes with a very handy tool called the system file checker. The SFC tool itself will scan your computer for system files that may have been replaced when some old or poorly made program was installed. This usually happens because the programmer who made the software did not create it to check the versions of each system file it replaces. To protect your computer from old system files, Microsoft created a special service that is built into the operating system. This service monitors your system files, and if one is replaced or deleted, ICS will automatically restore the system file. SFC works in conjunction with a utility called Windows File Protection that keeps the system file cache: (%Systemroot%\System32\Dllcache) uppdated with the newest Microsoft Approved files as they are installed on your system. I prefer to use the system backup for the ability to roll back to a former configuration however. To manually invoke the system file checker, be sure you have administrative access then go to the command prompt and type: sfc /scannow
The system will immediately begin to check all the current system files and restore the cached approved copies. You may be asked to insert the Windows CD as well during the restore. Clue: Keep in mind that after you perform a system file restore you should install the newest service pack so you are running the most current, Microsoft approved system files.
For you XP users, SFC should be used as a last resort. If you have been creating system restore points, first roll back to your latest restore point and see if that fixes your problem
Disable Windows File Protection (Windows 2000/XP) Popular Windows 2000 and XP include a feature called Windows File Protection (WFP), part of the System File Checker, which is intended to avoid some of the common DLL consistency issues. This feature may also block valid attempts to change system files and it can therefore be disabled using this tweak. Open your registry and find the key below. Change the value of "SFCDisable" to equal "ffffff9d" to disable WFS or "0" to enable it. The other valid hexadecimal values are: 1 - disabled, prompt at boot to re-enable 2 - disabled at next boot only, no prompt to re-enable 4 - enabled, with popups disabled ffffff9d - for completely disabled Restart Windows for the change to take effect. Additional Steps for Windows 2000 Service Pack 2 and Windows XP This setting is disabled in Windows 2000 SP2 and Windows XP, and needs to re-enabled using a hex editor and changing SFC.DLL (or SFC_OS.DLL for Windows XP) following these instructions: Windows 2000 SP2 1. Make a backup the SFC.DLL in the C:\WINNT\SYSTEM32 directory. 2. Make an additional copy of SFC.DLL called SFC1.DLL and open it in a hex editor. 3. At offset 00006211 (6211h) you should find the values "8B" and "C6". Do not continue if you are unable to find these values. 4. Change the values "8B C6" to read "90 90" and save the changes. 5. Run these commands to update the system files: 6. copy c:\winnt\system32\sfc1.dll c:\winnt\system32\sfc.dll /y 7. copy c:\winnt\system32\sfc1.dll c:\winnt\system32\dllcache\sfc.dll /y
8. If you are prompted to insert the Windows CD, click Cancel. 9. Restart Windows for the change to take effect. Windows XP 1. Make a backup the SFC_OS.DLL in the C:\WINDOWS\SYSTEM32 directory. 2. Make an additional copy of SFC_OS.DLL called SFC_OS1.DLL and open it in a hex editor. 3. Windows XP (no Service Pack) At offset 0000E2B8 (0E2B8h) you should find the values "8B" and "C6".
Windows XP (Service Pack 1) At offset 0000E3BB (0E3BBh) you should find the values "8B" and "C6". 4. Do not continue if you are unable to find these values. 5. Change the values "8B C6" to read "90 90" and save the changes. 6. Run these commands to update the system files: 7. copy c:\windows\system32\sfc_os1.dll c:\windows\system32\sfc_os.dll /y 8. copy c:\windows\system32\sfc_os1.dll c:\windows\system32\dllcache\sfc_os.dll /y
9. If you are prompted to insert the Windows CD, click Cancel. 10. Restart Windows for the change to take effect. Once these files have been updated apply the registry setting above. Note: You must manually modify the operating system files using a hex editor to allow this tweak to disable SFC on Windows 2000 (SP1+) or Windows XP.
(Default)
REG_SZ
(value not set)
SFCDisable
REG_DWORD
0xffffff9d (4294967197)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVers...
Registry Settings System Key: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] Value Name: SFCDisable Data Type: REG_DWORD (DWORD Value) Value Data: 0 = enabled (default), ffffff9d = disabled
File sharing in Windows XP
Next
Advantages File sharing involves making the content of one or more directories available through the network. All Windows systems have standard devices making it easy to share the content of a directory. However, file sharing may lead to security problems since, by definition, it gives other users access to the content of a part of the hard drive. As a result, it is essential that you share only directories for which it would not be extremely important if their content were revealed (or destroyed), Furthermore, you are strongly advised against sharing a whole partition of your hard drive. This operation is strongly discouraged if you do not trust the other network users!
Machine names Firstly, you need to give a specific machine name. To do so, simply to go Control panel/System, then to the "Computer name" tab and then "Change...".
You need to have administrator privileges to perform this operation.
Simple file sharing Simple file sharing is the sharing mode that is activated by default (and the only mode available in Windows XP Home, or Windows XP family edition). It makes it possible to globally share, for the whole workgroup, a directory's files, with no restrictions or passwords. It is simple to use. In Windows XP however, you need to enable simple file sharing by opening My computer then Tools/Folder options... /View.. At the bottom of the scrollable list, make sure the Use simple file sharing (recommended) option is checked.
To share a folder, simply right-click the directory you want to share, then select the Share tab:
Administrative shares and hidden shares When the name of a shared resource ends with the character "$", that means it is hidden, or that it doesn't appear in the list of resources. By default, Microsoft Windows systems have hidden administrative shares to let the administrator of a machine access the machine's resources through the network. The default administrative shares, which can be accessed only by the administrator, are as follows:
•
C$: Access to the root partition or volume. The other partitions are also accessible by their letter followed by the "$" character;
•
ADMIN$: Access to the %systemroot% directory, making it possible to manage a machine on the network.
•
IPC$: Enables communication between network processes.
•
PRINT$: Remote access to printers. To view and manage the computer's administrative shares, simply go to Control panel/Administrative tools/Computer management/Shared folders/Shares. An alternative is to right-click My computer and select Manage.
Advanced file sharing
Advanced file sharing, available only in Windows XP and higher, involves defining access permissions to shared resources by user or group of users. Unlike simple file sharing, users have to be identified before shared resources can be accessed. To set up advanced file sharing, you firstly need to disable simple file sharing by opening My computer, then Tools/Folder options... /View.. At the bottom of the scrollable list, make sure the Use simple file sharing (recommended) option is unchecked.
Secondly, you need to create as many user accounts as necessary. To create user accounts, simply click User accounts in the control panel, then Add. If an identical account (with the same password) exists on the remote machine, used by the user, he will not need to enter his password to access the share. When sharing a resource (right-click, then Sharing and security), simply click the button Permissions:
To restrict access to the shared resource, you need to remove access to "Everyone" and then give access only to authorized users. Anonymous access may potentially be created thanks to the "Guest" account.
Using a shared resource There are two methods for using a shared folder:
•
Direct use of the resource via its address. The address of a shared resource has the following form:
\\computer\share_name computer represents the computer's name or IP address and share_name corresponds to the name given to the shared resource.
•
The connection of a network drive, making it possible to link the shared resource to a virtual drive letter. To connect a network drive, simply open the file browser (Start/Run/"browse"), then in the Tools menu, select Connect a network drive... Choose an available drive letter and enter the folder name.
Diagnostics If access to shared resources doesn't work, it may be due to one of the following reasons:
•
The network connection between the machines is incorrect. In this case diagnose the network;
•
The users do not belong to the same domain.
•
The computers on the local area network must have the same subnet mask. You can easily check this using the ipconfig command.
•
A firewall (or antivirus) on the computer sharing the resource, on the computer accessing the resource or on the network is blocking access. Check the firewall's settings, and if necessary temporarily disable the firewall to find out whether the problem is related;
•
The maximum number of users is 5 in Windows XP family and 10 in Windows XP professional. For more information:
o
Limite du nombre de connexions d'entrée dans Windows XP - Article F314882 de la base de connaissance Microsoft
•
A special character (such as a space) in the name of a shared resource can block access for older operating systems.
•
The rights of the NTFS file system can interfere with sharing rights since restrictions have priority over permissions.
that
a
programmer
can
load
into
a
debugger.
Note Windows XP also provides an Error Reporting service that monitors your computer for both user-mode and kernel-mode faults ("stop" error messages or error messages that are displayed on a blue screen, as well as improper shutdown events) that affect both the operating system and any programs. This service allows you to send error reports to Microsoft when an error occurs. Because all error reports are confidential and anonymous, Microsoft Support Professionals do not have access to any error report that you have sent to Microsoft over the Internet using the Error Reporting service. As a result, you may need to send a Dr. Watson for Windows log file to a support professional. For additional information about Error Reporting Service in Windows XP, click the article number below to view the article in the Microsoft Knowledge Base: 310414 HOW TO: Configure and Use Error Reporting in Windows XP If a program error occurs, Dr. Watson for Windows starts automatically. To configure Dr. Watson, follow these steps:
1. 2.
Click Start, and then click Run. Type drwtsn32, and then click OK.
By default, the log file created by Dr. Watson is named Drwtsn32.log and is saved in the following location: drive:\Documents and Settings\All Users.WINNT\Application Data\Microsoft\Dr Watson Note Drwatson.exe is an older program error debugger that was included with earlier versions of Windows NT. Microsoft recommends that you use Drwtsn32.exe instead of Drwatson.exe in Windows XP.
How to disable Dr. Watson for Windows Important This section, method, or task contains steps that tell you how to modify the registry. However, serious problems might occur if you modify the registry incorrectly. Therefore, make sure that you follow these steps carefully. For added protection, back up the registry before you modify it. Then, you can restore the registry if a problem occurs. For more information about how to back up and restore the registry, click the following article number to view the article in the Microsoft Knowledge Base: 322756 How to back up and restore the registry in Windows Note Because there are several versions of Microsoft Windows, the following steps may be different on your computer. If they are, see your product documentation to complete these steps. Back to the top
To disable Dr. Watson
1. 2.
Click Start, click Run, type regedit.exe in the Open box, and then click OK. Locate and click the following registry key:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\AeDebug
NOTE: Steps three and four are optional, but they necessary if you want to restore the default use of Dr. Watson.
3. 4.
Click the AeDebug key, and then click Export Registry File on the Registry menu.
5.
Delete the AeDebug key.
Enter a name and location for the saved registry file, and then click Save.
Registry entries for debugger programs are located in the AeDebug key in Windows. The Dr. Watson program is installed by default in Windows, and is configured to run when an application error occurs (with a data value of 1 for the Auto value). The default values are: Value Name = Auto Type = String (REG_SZ) Data Value = 1 or 0. (Default is 1)
Value Name = Debugger Type = String (REG_SZ) Data Value = drwtsn32 -p %ld -e %ld -g
NOTE: This data value (drwtsn32 -p %ld -e %ld -g) is specific to Dr. Watson. Alternative debuggers will have their own values and parameters. Back to the top
To enable Dr. Watson
1.
At a command prompt, type the following line, and then press ENTER:
drwtsn32 -i 2.
Double-click the .reg file you created in steps three and four above.
ABOUT DR. WATSON Dr. Watson is a software utility included with Microsoft Windows that is used to help detect, decode and log errors that are encountered while windows or windows programs are running. A user can run Dr. Watson by clicking Start / Run and typing "drwatson" and clicking ok. The Windows NT and 2000 Version of Dr. Watson can be run by clicking Start / Run and typing "drwtsn32". When running Dr. Watson, you should see either a new task on your toolbar or on your systray indicating that Dr. Watson is running in the background. If errors are frequently occurring, run Dr. Watson to help get additional information about the error. When Dr. Watson encounters an error, the error is logged under the file "drwtsn32.log" or "user.dmp" when running Microsoft Windows NT or Windows 2000. When running Microsoft Windows 95, 98 or ME, the file is logged with a .WLG file extension and stored under the \Windows\Drwatson or \Documents and Settings\All Users\Documents\DrWatson folder. For example, 10.wlg and drwtsn32.txt are examples of Dr. Watson files. Tip: If your computer is encountering errors often, load Dr. Watson into the startup folder to load the program each time the computer boots. TROUBLESHOOTING Dr. Watson basic troubleshooting 1. If errors are being encountered with a specific program, ensure that the latest software updates have been downloaded for that program. 2. Users running Microsoft Windows 95, 98 can double-click the Dr. Watson icon on the systray to view errors and obtain a system snapshot of the computer. Additional detailed information can also be seen by clicking the View option and selecting the Advanced view. 3. Users running Microsoft Windows NT, Windows 2000, or Windows XP can decode the error by reviewing our below instruction on how to decode Dr. Watson errors. 4. Verify that another program running in the background is not causing the problem by end tasking all TSRs. Additional information about TSRs can be found on document CHTSR. 5. If after following the above steps you continue to receive Dr. Watson errors, attempt to reinstall the application you are running and/or contact the manufacturer or developer of the software program or computer. How do I disable Dr. Watson in Windows NT?
Dr. Watson by default is always running on computers running Microsoft Windows NT. To disable Dr. Watson remove it from the registry. Note: Please review our Registry page for additional information about the registry and its dangers. Open the below folders and keys. HKEY_LOCAL_MACHINE\ Software\ Microsoft\ WindowsNT\ CurrentVersion\ Locate and delete the key AeDebug. HOW TO DECODE DR. WATSON ERRORS The below information applies to users who are running Microsoft Windows NT, Windows 2000, or Windows XP and viewing the drwtsn32.log file. Each Dr. Watson error is appended to the end of the drwtsn32.log file. Therefore, you may need to scroll to the end of the file to determine the exact error. Application exception occurred: App: .\Release\Mcshield.exe (pid=508) When: 11/3/2001 @ 13:54:08.489 Exception number: c0000005 (access violation) The first portion of the drwtsn32.log file, as shown in the above example, gives us information about the program, the time and the exception. As you can see from the above example, this error is occurring in mcshield.exe, which is a part of McAfee Virus Scan. We next see the date and time when this error occurred and the exception number. Unless the proper symbol is loaded on the computer, you will be limited to the above information to determine what is causing the issue. As you can see from the below example, the function has no symbols; therefore, you would be unable to determine what function caused the error to occur. Additional information about symbols can be found on Microsoft's DDK page, Microsoft Q141465 or through your system administrator. function: <nosymbols> 01500878 89d5 0150087a 89de 0150087c 890c24 ss:0172eae8=000000af 0150087f 85db 01500881 7c15
mov mov mov
ebp,edx esi,ebx [esp],ecx
test jl
ebx,ebx 01503998
01500883 31c0 01500885 8a02 ds:0000001c=?? 01500887 01d8 01500889 8d50ff ds:00a7d5d2=???????? 0150088c 8b4704 ds:0279a0a8=???????? FAULT ->0150088f 8b08 ds:00000000=???????? 01500891 ff511c ds:00a7d681=???????? 01500894 39c2 01500896 7604 01500898 31c0 0150089a eb54 0150089c 837c241400 ss:021ac0bb=???????? 015008a1 7513 015008a3 8b5c2418 ss:021ac0bb=???????? 015008a7 89f2 015008a9 31c9 015008ab 89f8 *----> Stack Back Trace <----*
xor mov
eax,eax al,[edx]
add lea
eax,ebx edx,[eax+0xff]
mov
eax,[edi+0x4]
mov
ecx,[eax]
call
dword ptr [ecx+0x1c]
cmp jbe xor jmp cmp
edx,eax 0150399c eax,eax 01508bf0 dword ptr [esp+0x14],0x0
jnz mov
015093b6 ebx,[esp+0x18]
mov xor mov
edx,esi ecx,ecx eax,edi
FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4 Function Name 0172F0B8 C9CAE3C0 8DD7C0C1 F99FC687 CBCCD2F9 D6D2CAC1 !<nosymbols> D1C0C91D 00000000 00000000 00000000 00000000 00000000 <nosymbols>
If a function is found, attempt to search for the function through Microsoft's support database or contact the software developer to obtain additional information about why the error is occurring. Users running other versions of Windows can view the Dr. Watson information by opening the Dr. Watson program (c:\winnt\system32\drwtsn32.exe NOT drwatson.exe) and viewing the diagnostics information and suggestions. A snapshot of the system configuration can also be seen by clicking the View option and selecting "Advanced View".
System File Checker Windows 2000 & XP comes with a very handy tool called the system file checker. The SFC tool itself will scan your computer for system files that may have been replaced when some old or poorly made program was installed. This usually happens because the programmer who made the software did not create it to check the versions of each system file it replaces. To protect your computer from old system files, Microsoft created a special service that is built into the operating system. This service monitors your system files, and if one is replaced or deleted, ICS will automatically restore the system file. SFC works in conjunction with a utility called Windows File Protection that keeps the system file cache: (%Systemroot%\System32\Dllcache) uppdated with the newest Microsoft Approved files as they are installed on your system. I prefer to use the system backup for the ability to roll back to a former configuration however. To manually invoke the system file checker, be sure you have administrative access then go to the command prompt and type: sfc /scannow
The system will immediately begin to check all the current system files and restore the cached approved copies. You may be asked to insert the Windows CD as well during the restore. Clue: Keep in mind that after you perform a system file restore you should install the newest service pack so you are running the most current, Microsoft approved system files.
For you XP users, SFC should be used as a last resort. If you have been creating system restore points, first roll back to your latest restore point and see if that fixes your problem
Disable Windows File Protection (Windows 2000/XP) Popular Windows 2000 and XP include a feature called Windows File Protection (WFP), part of the System File Checker, which is intended to avoid some of the common DLL consistency issues. This feature may also block valid attempts to change system files and it can therefore be disabled using this tweak. Open your registry and find the key below. Change the value of "SFCDisable" to equal "ffffff9d" to disable WFS or "0" to enable it. The other valid hexadecimal values are: 1 - disabled, prompt at boot to re-enable 2 - disabled at next boot only, no prompt to re-enable 4 - enabled, with popups disabled ffffff9d - for completely disabled Restart Windows for the change to take effect. Additional Steps for Windows 2000 Service Pack 2 and Windows XP This setting is disabled in Windows 2000 SP2 and Windows XP, and needs to re-enabled using a hex editor and changing SFC.DLL (or SFC_OS.DLL for Windows XP) following these instructions: Windows 2000 SP2 1. Make a backup the SFC.DLL in the C:\WINNT\SYSTEM32 directory. 2. Make an additional copy of SFC.DLL called SFC1.DLL and open it in a hex editor. 3. At offset 00006211 (6211h) you should find the values "8B" and "C6". Do not continue if you are unable to find these values. 4. Change the values "8B C6" to read "90 90" and save the changes. 5. Run these commands to update the system files: 6. copy c:\winnt\system32\sfc1.dll c:\winnt\system32\sfc.dll /y 7. copy c:\winnt\system32\sfc1.dll c:\winnt\system32\dllcache\sfc.dll /y
8. If you are prompted to insert the Windows CD, click Cancel. 9. Restart Windows for the change to take effect. Windows XP 1. Make a backup the SFC_OS.DLL in the C:\WINDOWS\SYSTEM32 directory. 2. Make an additional copy of SFC_OS.DLL called SFC_OS1.DLL and open it in a hex editor. 3. Windows XP (no Service Pack) At offset 0000E2B8 (0E2B8h) you should find the values "8B" and "C6".
Windows XP (Service Pack 1) At offset 0000E3BB (0E3BBh) you should find the values "8B" and "C6". 4. Do not continue if you are unable to find these values. 5. Change the values "8B C6" to read "90 90" and save the changes. 6. Run these commands to update the system files: 7. copy c:\windows\system32\sfc_os1.dll c:\windows\system32\sfc_os.dll /y 8. copy c:\windows\system32\sfc_os1.dll c:\windows\system32\dllcache\sfc_os.dll /y
9. If you are prompted to insert the Windows CD, click Cancel. 10. Restart Windows for the change to take effect. Once these files have been updated apply the registry setting above. Note: You must manually modify the operating system files using a hex editor to allow this tweak to disable SFC on Windows 2000 (SP1+) or Windows XP.
(Default)
REG_SZ
(value not set)
SFCDisable
REG_DWORD
0xffffff9d (4294967197)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVers...
Registry Settings System Key: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] Value Name: SFCDisable Data Type: REG_DWORD (DWORD Value) Value Data: 0 = enabled (default), ffffff9d = disabled
File sharing in Windows XP
Next
Advantages File sharing involves making the content of one or more directories available through the network. All Windows systems have standard devices making it easy to share the content of a directory. However, file sharing may lead to security problems since, by definition, it gives other users access to the content of a part of the hard drive. As a result, it is essential that you share only directories for which it would not be extremely important if their content were revealed (or destroyed), Furthermore, you are strongly advised against sharing a whole partition of your hard drive. This operation is strongly discouraged if you do not trust the other network users!
Machine names Firstly, you need to give a specific machine name. To do so, simply to go Control panel/System, then to the "Computer name" tab and then "Change...".
You need to have administrator privileges to perform this operation.
Simple file sharing Simple file sharing is the sharing mode that is activated by default (and the only mode available in Windows XP Home, or Windows XP family edition). It makes it possible to globally share, for the whole workgroup, a directory's files, with no restrictions or passwords. It is simple to use. In Windows XP however, you need to enable simple file sharing by opening My computer then Tools/Folder options... /View.. At the bottom of the scrollable list, make sure the Use simple file sharing (recommended) option is checked.
To share a folder, simply right-click the directory you want to share, then select the Share tab:
Administrative shares and hidden shares When the name of a shared resource ends with the character "$", that means it is hidden, or that it doesn't appear in the list of resources. By default, Microsoft Windows systems have hidden administrative shares to let the administrator of a machine access the machine's resources through the network. The default administrative shares, which can be accessed only by the administrator, are as follows:
•
C$: Access to the root partition or volume. The other partitions are also accessible by their letter followed by the "$" character;
•
ADMIN$: Access to the %systemroot% directory, making it possible to manage a machine on the network.
•
IPC$: Enables communication between network processes.
•
PRINT$: Remote access to printers. To view and manage the computer's administrative shares, simply go to Control panel/Administrative tools/Computer management/Shared folders/Shares. An alternative is to right-click My computer and select Manage.
Advanced file sharing
Advanced file sharing, available only in Windows XP and higher, involves defining access permissions to shared resources by user or group of users. Unlike simple file sharing, users have to be identified before shared resources can be accessed. To set up advanced file sharing, you firstly need to disable simple file sharing by opening My computer, then Tools/Folder options... /View.. At the bottom of the scrollable list, make sure the Use simple file sharing (recommended) option is unchecked.
Secondly, you need to create as many user accounts as necessary. To create user accounts, simply click User accounts in the control panel, then Add. If an identical account (with the same password) exists on the remote machine, used by the user, he will not need to enter his password to access the share. When sharing a resource (right-click, then Sharing and security), simply click the button Permissions:
To restrict access to the shared resource, you need to remove access to "Everyone" and then give access only to authorized users. Anonymous access may potentially be created thanks to the "Guest" account.
Using a shared resource There are two methods for using a shared folder:
•
Direct use of the resource via its address. The address of a shared resource has the following form:
\\computer\share_name computer represents the computer's name or IP address and share_name corresponds to the name given to the shared resource.
•
The connection of a network drive, making it possible to link the shared resource to a virtual drive letter. To connect a network drive, simply open the file browser (Start/Run/"browse"), then in the Tools menu, select Connect a network drive... Choose an available drive letter and enter the folder name.
Diagnostics If access to shared resources doesn't work, it may be due to one of the following reasons:
•
The network connection between the machines is incorrect. In this case diagnose the network;
•
The users do not belong to the same domain.
•
The computers on the local area network must have the same subnet mask. You can easily check this using the ipconfig command.
•
A firewall (or antivirus) on the computer sharing the resource, on the computer accessing the resource or on the network is blocking access. Check the firewall's settings, and if necessary temporarily disable the firewall to find out whether the problem is related;
•
The maximum number of users is 5 in Windows XP family and 10 in Windows XP professional. For more information:
o
Limite du nombre de connexions d'entrée dans Windows XP - Article F314882 de la base de connaissance Microsoft
•
A special character (such as a space) in the name of a shared resource can block access for older operating systems.
•
The rights of the NTFS file system can interfere with sharing rights since restrictions have priority over permissions.
Related Documents
Description Of The Dr Watson
November 2019 21
Description Of The Plant
November 2019 27
Description Of The Chakra
October 2019 54
Description Of The Project
April 2020 23
Watson
October 2019 41