Dr Watson logs are generally only useful when combined with the linker map
of the executable. Maybe we should modify the nmake files to produce them.
The lack of symbols is also a slight difficulty, for the NT symbols the user
must have installed them on their PC. On Win2K this is a 135MB download and
takes up approx 500MB in the WINNT directory so this isn't usually done.
For ethereal itself, we could produce a pdb build which encodes information
into the executable about the location of the pdb (Program Database) file
that contains the symbol information. Doing this only increases the size of
the executable by 1K or so, and doesn't cause any other problems that I've
found. Given the map and pdb files, and a user.dmp then most NT crashes can
be successfully debugged without having to run a debug version.
Of course if you have a trace file that consistently reproduces the problem,
then using that in ethereal running under the debugger is a much easier way
to spend an evening.
Dr Watson also produces a user.dmp file which is similar to a core dump and
using the windows kernel debugger they can be used to find out what went
wrong. Unfortunately these user.dmp files contain the whole process image
for the offending process and can get very big. The user.dmp files produced
under NT 4.0 can also be corrupted due to a bug in Dr Watson. This has been
fixed in Win2K
Graham