OEM Support Tools Phase 3 Release Notes

Phase 3 Release History

2000/2/1        Phase 3 Service Release 0
2000/4/24      Phase 3 Service Release 1
2000/6/23      Phase 3 Service Release 2 (This release)

1. Introduction
2. Support Platform
3. Optional Software Information
4. Documentation
5. Update Summary
6. Sample Files
7. Known Issues and Restrictions
8. Specifications

1. Introduction

Welcome to the Phase 3 OEM Support Tools release. These tools are provided as troubleshooting and development tools for those working with Microsoft Windows NT 4.0 and Windows 2000. The tools extend the functionality of existing debugging tools, provide new features upon which new debugging methodologies can be based, and provide development support.

This document contains release notes for this release, as well as links to the specs for the tools, which are provided as html in this release. Following six tools are included in this release. The directory name indicates where you can find each tool.

• Kernel Debugger Extensions (\kdext)

• Kernel Memory Space Analyzer (\kanalyze)

• User Mode Process Dump (\userdump)

• Kernel Mode to User Mode Process Dump Extraction Utility (\genedump)

• NTFS File Sector Information Utility (\nfi)

• Driver Verifier and System Information API Wrapper (\syswrap)

2. Support Platform

This release supports Windows NT versions 4.0 SP3, SP4, SP5, SP6a, and Windows 2000 on x86 platform. Windows NT 3.51 on x86 platform and Windows NT 4.0 on Alpha platform are no longer supported.

3. Optional Software Information

1. This release of Kernel Debugger Extensions has been tested with i386kd 5.00.2184.1, which is available on the Windows 2000 Support Tools CD.
   
   

2. This release of Userdump and Genedump have been tested with Windbg 5.00.2184.1, which is available on the Windows 2000 Support Tools CD.
   
   

3. To configure Kanalyze Known Issues Database, SQL Server 7.0 is required. SQL Server 7.0 is supported on Windows NT 4.0 SP4 or later and Windows 2000.
   
   

4. To access Kanalyze Known Issues Database, Windows NT 4.0 clients should be running Microsoft Data Access Components (MDAC) 2.1 or later. MDAC 2.1 is available at http://www.microsoft.com/data/download.htm (U.S. English) or  http://www.microsoft.com/data/download_loc.htm (International).
   Windows 2000 clients do not require installation of any optional software to access the database.
   

4. Documentation

Specification documents provide functional specification including architecture, programmer's references, and usage information. No other user documents will be provided in this release.

End-User License Agreement (EULA.TXT) and Redistributable Code (REDIST.TXT) information can be found under \license directory.

5. Update Summary

5.1 Changes since Phase 3 SR0

Only Kernel Memory Space Analyzer and User Mode Process Dump have been updated in Phase 3 SR1 and SR2. There are no changes in the rest of the tools.

5.1.1 Kernel Memory Space Analyzer

Following issues have been addressed:

Phase 3 SR1

1. In Phase 3 SR0, if multiple clients tried to update Known Issues Database at the same time, some updates failed due to a deadlock condition. Kadbprov.dll has been updated to correct the problem, and this deadlock condition should no longer occur. [RAID 660]
   
   

2. There was an error in Phase 3 SR0 database.dll plug-in which listed match level in a wrong order for some cases. This error has been corrected. [RAID 692]
   
   

3. Phase 3 SR0 Kanalyze was unable to add more than 32768 crash instances due to a data type mismatch bug in kadbprov.dll. This has been fixed and crash instances can be added up to the size of long integer now. [RAID 694]
   
   

4. A problem with the KaKnown Issue Database Maintenance Tool ASP scripts (\samples\kanalyze\asp) that result in an error when entering solution, analysis, hintdata, or progress text which contains an embedded single quote has been fixed. [RAID 713]
   
   

5. ASP scripts have been updated to display a warning message if you try to update either the Analysis record with Analysis ID = 1 or the Solution record with Solution ID =1. These two records are used by Kanalyze to indicate that there is no analysis or solution available. You should not attempt to update these records. Instead, you should add a new Analysis and/or Solution record for the crash you analyzed. [RAID 712]
   
   

6. Based on the feedback we have received from OEM's, the words "Problem Description" under "Column Name" have been changed to "Analysis Details" on all of the ASP pages for Analysis. [RAID 712]
   

Phase 3 SR2

1. There was a problem that DB_PASSWORD which was used to gain access to a Known Issues Database was not masked in kanalyze.log file. Kanalyze has been updated to mask a password in kanalyze.log file. [RAID 718]
   
   

2. There were cases that database plug-in failed to update a known issues database randomly. This happens when kanalyze engine cannot retrieve processor type information when this information is missing from a minidump. Database plug-in has been fixed to avoid database update failure in this case. When kanalyze engine cannot retrieve processor spec information, database plug-in properly stores processor type field as 'unknown'. [RAID 732]
   

5.1.2 User Mode Process Dump

Following new and changed features have been provided:

Phase 3 SR1

1. Hot-Key "Dump Win32 GUI applications that appear hung" option has been implemented. Previous version supported this option only from command line mode. This option can be configured by either Control Panel applet or setup .ini file.
   
   

2. Hot-Key "magic key sequence" can be customized. It can be overridden by placing scan codes in the registry key
   HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\udmpdrvr\Parameters. For more details, please refer to the revised spec document.
   
   

3.  Exception Monitoring "Bugcheck after dumping" option has been implemented. This option can be configured by either Control Panel applet or setup .ini file.
   
   

4. Exception Monitoring "Ignore exceptions that occur inside Kernel32.dll" option has been implemented. This option can be configured by either Control Panel applet or setup .ini file.
   
   

5. Exception Monitoring has been changed so that a thread ID is added to each dump file name to avoid userdump files generated by a same process with different threads get overwritten each other.
   

Following issues have been addressed:

Phase 3 SR1

1. Phase 2 SR2 or Phase 3 SR0 userdump did not install on Windows 2000 if you have a USB keyboard attached to your PC. Phase 3 SR1 userdump supports USB keyboard with some limitations as shown below: [RAID 404]
   
   

   1. It supports only one USB keyboard which is recognized as KeyboardClass0 device by Windows 2000.
      
      
   2. Once you un-plug the USB keyboard, userdump Hot-Key feature will be automatically turned off. Then even if you plug-in the USB keyboard again, userdump Hot-Key feature will not be resumed. You need to reboot to get Hot-Key feature in this case. Command line mode userdump is always supported.
      
      
2. Phase 2 SR2 or Phase 3 SR0 userdump did not install on Finnish language version of Windows NT/2000 due to a problem in userdump.exe. This problem has been corrected. [RAID 696]
   

Phase 3 SR2

1. Previous versions of userdump.exe caused system hang on NT4 if you attempted to dump csrss.exe from command line. It happened when NT4 boot partition was formatted with NTFS. This problem has been fixed. [RAID 717]
   
   
2. There were occasional cases that userdump failed to dump a process. This happens when a target process contains a thread that has begun termination. Userdump has been updated so that it can dump a process which contains a terminating thread. [RAID 730]

5.2 Changes since Phase 2

Key new and changed features introduced in Phase 3 are listed below. For more details, please refer to the specs.

5.2.1 Kernel Debugger Extensions

1. !strct command (and other !strct-style dump commands) improvement; more nicely formatted and precise output with bug fixes.
   
   

2. !s new command which provides expanded search capability.
   
   

3. !ip new command which interprets memory as an IP packet and dumps the headers and data contained therein.
   

5.2.2 Kernel Memory Space Analyzer

1. Known Issues Database support; the database of previously seen crash data which can be used by kanalyze to determine whether a crash appears to match a previously seen crash scenario, and/or update the database to include new crash data. This is the main focus for phase 3.
   
   

2. kanalyze.exe; a new Wizard-based GUI program which guides the user through the steps of dealing with the crash dump, signature id files, and symbols; provides support for connecting to and utilizing a known issues database; and allows limited interaction with the debugging-oriented kanalyze features.
   
   

3. stopcode.dll; a new plug-in DLL to perform per-stopcode analysis.
   
   

4. database.dll; a new plug-in DLL to manage database access and perform hint processing.
   
   

5. Support of Windows 2000 small memory dump as well as support of  complete memory dump and kernel only dump.
   
   

6. SQL scripts for known issues database that can be used to create and maintain a known issues database on a SQL server.
   
   

7. kadbg.exe; a console mode program renamed from phase 2 kanalyze.exe, which aids to an expert debugger to debug through an interactive command line interface.
   
   

8. Miscellaneous bug fixes.
   

5.2.3 User Mode Process Dump

1. Multiple processes dump support which is available via command line and Hot-Key with options of "dump and kill" (command line and Hot-Key) or "dump and bugcheck" (Hot-Key and Exception Monitoring only).
   
   

2. Dump of all Win32 processes including csrss.exe and optionally bugcheck (Hot-Key only).
   
   

3. Easier management of dump file path for Hot-Key and Exception Monitoring via Control Panel applet.
   
   

4. Dump of  Win32 GUI applications that appear hang.
   

5.2.4 Kernel Mode to User Mode Process Dump Extraction Utility

1. A new tool in phase 3 to extract information from a kernel mode crash dump file about the processes that existed at the time of the crash, and generate user mode process dump files for these processes.
   

5.2.5 NTFS File Sector Information Utility

1. A new tool in phase 3 to dump information about an NTFS volume, and optionally determines which volume and file contains a particular sector.
   

5.2.6 Driver Verifier and System Information API Wrapper

1. A new tool in phase 3 to provide wrapper APIs for various functions that are only available via the NtQuerySystemInformation API, and other miscellaneous system functionality.
   

5.2.7 Pool Enhancements

1. Pool Enhancements tool which was included in the phase 1 and phase 2 release is no longer included in the phase 3. On Windows 2000, the Driver Verifier should be used instead of Pool Enhancements. The Driver Verifier is a more powerful tool which provides special pool, pool tracking, etc. and included in Windows 2000 itself. In addition, as a replacement of PoolExt APIs, phase 3 Syswrap provides a set of routines  for manipulating the settings of the Windows 2000 Driver Verifier. The Driver Verifier is documented at http://www.microsoft.com/HWDEV/driver/driververify.htm.
   

6. Sample files

Following Kanalyze and Syswrap related files are included under \samples directory.

1. \samples\kanalyze\asp directory contains .asp script files for IIS to help developing a Web site to manage Kanalyze Known Issues Database outside of Kanalyze. They are supposed to be run under IIS 4.0 or 5.0 on Windows NT 4.0 (Option Pack 4 required) or Windows 2000. To configure a Web site, take the following steps:
   
   

   1. Grant db_owner permission to the IIS default user IUSR so that it can access Known Issues Database. This can be done in SQL Enterprise Manager.
   2. Create a SQL Server system data source on IIS server to access Known Issues Database. This can be done by ODBC Data Source Administrator.
      
      

2. \samples\kanalyze\usermode directory contains the user-mode base plug-in DLLs to perform user-mode analysis. This plug-in is provided "as is" basis and not formally tested or supported.
   
   

3. \samples\kanalyze\pltaglst directory contains PoolTagList director plug-in to list pool tags found in a crash dump.
   
   

4. \samples\kanalyze\inc and \samples\kanalyze\lib directories contain Kanalyze public header and library files for programmers.
   
   

5. \samples\syswrap\inc and \samples\syswrap\lib directories contain Syswrap public header and library files for programmers.
   

7. Known Issues and Restrictions

Below lists known issues and restrictions in Phase 3 SR1.

7.1 Kernel Memory Space Analyzer

1. If a pool block located at the beginning of a page is broken, kanalyze (the pool plug-in) will not report an anomaly. [RAID 428]
   
   

2. Phase 3 kanalyze does not support Windows NT authentication to gain access to SQL Server. SQL Server should be running "SQL server logon id & Windows NT authentication" mode and the database administrator should create a SQL logon account for use with kanalyze. [RAID 612]
   
   

3. If crashe instances which have the same HWProfile, OSProfile, KernelModuleData, or KanalyzeModuleData are stored, records may be duplicated. A SQL script called kadbcleanup.sql to clean up duplicate records is provided for phase 3. It is recommended that this script be run periodically. [RAID 661]
   
   

4. If multiple clients try to update the same crash class at the same time, incorrect values for InstanceCount, FirstOccurrence, and LastOccurrence may be stored in the CrashClass table. A SQL script called kadbcleanup.sql to clean up the CrashClass table is provided for phase 3. It is recommended that this script be run periodically. [RAID 667]
   
   

5. WriteMemoryRoutine and WritePhysicalMemoryRoutine helper/callback routines do not work correctly due to a limitation of one of the libraries underlying the kanalyze implementation. [RAID 664]
   
   

7.2 User Mode Process Dump

1. Due to changes in the registry format userdump uses to store its Hot-Key configuration information in phase 3, Hot-Key settings will be lost when you perform upgrade installation from phase 2 userdump. You will be required to re-configure Hot-Key settings after installation of phase 3 userdump.
   
   
2. Due to changes in the .ini file format userdump setup uses to read Hot-Key configuration information, you will receive warning messages if you use phase 2 .ini file to install phase 3 userdump. Please update the .ini file to phase 3 format according to the spec document.
   
   
3. setup.exe -f option cannot be specified when you perform upgrade installation from any previous version of userdump. You should run setup.exe without -f option to perform upgrade installation, or you should uninstall previous version of userdump frist, then setup phase 3 userdump with -f option.
   
   
4. Maximum number of processes which can be queued by Hot-Key or Exception Monitoring is 30. Due to this limitation, Hot-Key "Dump all Win32 processes" can dump 29 processes at maximum (smss.exe is counted as one and ignored as it is not a standard Win32 process). [RAID 655]
   
   
5. If more than one exception occurs in the same thread, the dump file will get overwritten because they all have the same dump file name.
   
   
6. Userdump will not install if you have Symantec pcAnywhere 9.0 installed on your PC due to a conflict in pcAnywhere keyboard filter driver. This problem has been resolved by Symantec pcAnywhere 9.2. [RAID 682]
   

7.3 NTFS File Sector Information Utility

1. Physical sector to file mapping is not supported for Windows NT 4.0 volume sets, stripe sets (with or without parity), and mirrors. If a physical disk contains partitions that are part of such sets, Nfi may return incorrect information even when the specified physical sector is located in a "normal" partition. Logical sector to file and file to logical sector mappings are fully supported for all volumes. [RAID 499]
   
   
2. Physical sector to file mapping are not supported for Windows 2000 dynamic disk volumes except for simple volumes. Nfi will display a warning message if a specified device path and physical sector are located in such volumes. [If a volume set, stripe set, or mirror was created on a machine running NT4 and then upgraded to Windows 2000, then the volume is not actually a dynamic disk and this note does not apply.] Logical sector to file and file to logical sector mappings are fully supported for all volumes. [RAID 482]

7.4 Driver Verifier and System Information API Wrapper

1. To retrieve object type information using Handle and Object Type APIs, you must first set a system global flag GFlagMaintainObjectTypeList to true and reboot the system. This is due to the way the OS is implemented. By default, only port objects have this true.
   [RAID 478,479]
   
2.  If the user has set the global flags by Syswrap or any other method (say, gflags.exe, or any other program that uses NtSetSystemInformation (...SystemFlagsInformation,...) then the value that the syswrap Get function returns for the current settings is not guaranteed to be accurate for the boot only bits below:
   
   GFlgKernelStackTraceDb
   GFlgMaintainObjectTypeList
   GFlgEnableCsrDebug
   GFlgDebugInitCommandEx
   GFlgDebugInitialCommand
   GFlgDisablePageKernelStacks
   
   [RAID 654]

8. Specifications

• Kernel Debugger Extensions
• Kernel Memory Space Analyzer
• User Mode Process Dump
• Kernel Mode to User Mode Process Dump Extraction Utility
• NTFS File Sector Information Utility
• Driver Verifier and System Information API Wrapper