The Windows NT debugger (WinDbg) is a 32-bit application that, along with a collection of DLLs, is used for debugging the Kernel, device drivers, and applications. This section, however, will only discuss how to use WinDbg for Kernel debugging. The same application can be used on all hardware platforms, although there is a different build of it for each platform. It is provided on the Windows NT CD-ROM under the \SUPPORT\DEBUG directory.
It can be used for either remote or local Kernel debugging and can also be used in conjunction with the Recovery option located under the System option in Control Panel. Both remote and local Kernel debugging require that WinDbg run on another Windows NT host computer that is connected to your Windows NT target computer. The two computers send debugging (troubleshooting) information back and forth through communications ports that must be running at the same baud rate on each computer.
With local Kernel debugging, the host computer is located within a few feet of the target computer, and the two computers communicate through a null-modem serial cable. With remote Kernel debugging, the host computer can be any distance from the target computer, since communication takes place through modems.
Using the Recovery option allows you to configure the target computer to write debugging information to a log file when a STOP error occurs. This file preserves the state of the computer at the time of the STOP error, and the log file can be used later by WinDbg to troubleshoot the problem. By using this option, you can run WinDbg on any computer after loading the log file, including the computer on which the STOP error occurred.
When you get a Windows NT Executive STOP or STATUS message on a Windows NT Workstation computer, you should restart the computer after recording the important information in the message. (On a Windows NT Server computer, the computer restarts by default after writing an event to the system log, alerting administrators, and dumping system memory to the log file called MEMORY.DMP. Therefore, to preserve log files, you should copy them to a new filename each time a STOP error occurs.) You may then want to continue running Windows NT until the message is redisplayed.
When that happens, you need to decide whether to debug the STOP error locally or remotely and then configure your system appropriately. If a trained technician is available, you could also ask him or her to do one of the preparatory procedures given in this section to set up your computer to run WinDbg remotely. Or you could call your technical support group and request assistance with the debugging.