Encyclopedia of Crash Dump Analysis Patterns
Encyclopedia of Crash Dump Analysis Patterns
Detecting Abnormal Software Structure and Behavior in Computer Memory, Third Edition
About the Book
This reference reprints with corrections, additional comments, and classification more than 370 alphabetically arranged and cross-referenced memory analysis patterns originally published in Memory Dump Analysis Anthology volumes 1 – 13. This pattern catalog is a part of pattern-oriented software diagnostics, forensics, prognostics, anomaly detection, root cause analysis, and debugging developed by Software Diagnostics Institute. Most of the analysis patterns are illustrated with examples for WinDbg from Debugging Tools for Windows with a few examples from Mac OS X and Linux for GDB. The third edition includes more than 40 new analysis patterns, more than 30 new examples and comments for analysis patterns published in the previous editions, updated bibliography and links, improved illustrations and debugger output snippets with extra visual highlighting.
Bundles that include this book
Table of Contents
Summary of Contents 3
Detailed Table of Contents 20
Preface to the Third Edition 50
Preface to the Second Edition 51
Preface to the First Edition 52
Acknowledgements 53
About the Author 54
A 55
Abridged Dump 55
Accidental Lock 59
Activation Context 66
Active Space 69
Active Thread 71
Activity Resonance 78
Affine Thread 80
Aggregate Snapshot 83
Aggregated Frames 84
Anchor Region 85
Annotated Disassembly 86
B 87
Blocked DPC 87
Blocked Queue 88
Blocked Thread 91
Blocking File 104
Blocking Module 107
Broken Link 108
Busy System 110
C 119
C++ Exception 119
Caller-n-Callee 122
Changed Environment 125
Clone Dump 129
Cloud Environment 133
CLR Thread 135
Coincidental Error Code 139
Coincidental Frames 141
Coincidental Symbolic Information 145
Constant Subtrace 153
Context Pointer 154
Corrupt Dump 155
Corrupt Structure 157
Coupled Machines 159
Coupled Modules 160
Coupled Processes 161
Crash Signature 166
Crash Signature Invariant 168
Crashed Process 169
Critical Region 170
Critical Section Corruption 174
Critical Stack Trace 181
Custom Exception Handler 182
D 187
Data Alignment 187
Data Contents Locality 188
Data Correlation 193
Deadlock 197
Debugger Bug 239
Debugger Omission 240
Design Value 241
Deviant Module 242
Deviant Token 249
Diachronic Module 250
Dialog Box 252
Directing Module 255
Disassembly Ambiguity 256
Disconnected Network Adapter 257
Disk Packet Buildup 259
Dispatch Level Spin 262
Distributed Exception 265
Distributed Spike 267
Distributed Wait Chain 275
Divide by Zero 277
Double Free 282
Double IRP Completion 302
Driver Device Collection 303
Dry Weight 304
Dual Stack Trace 305
Duplicate Extension 306
Duplicated Module 310
Dynamic Memory Corruption 315
E 335
Early Crash Dump 335
Effect Component 338
Embedded Comments 343
Empty Stack Trace 344
Environment Hint 347
Error Reporting Fault 348
Evental Dumps 351
Exception Module 384
Exception Reporting Thread 386
Exception Stack Trace 387
Execution Residue 389
F 409
Fake Module 409
False Effective Address 413
False Frame 414
False Function Parameters 416
False Memory 419
False Positive Dump 428
Fat Process Dump 430
Fault Context 431
First Fault Stack Trace 432
Foreign Module Frame 433
FPU Exception 436
Frame Pointer Omission 438
Frame Regularity 442
Frame Trace 446
Frozen Process 455
G 459
Ghost Thread 459
Glued Stack Trace 461
H 464
Handle Leak 464
Handle Limit 466
Handled Exception 477
Hardware Activity 486
Hardware Error 490
Hidden Call 499
Hidden Exception 504
Hidden IRP 514
Hidden Module 515
Hidden Parameter 517
Hidden Process 519
Hidden Stack 521
Hidden Stack Trace 524
High Contention 527
Historical Information 543
Hooked Functions 544
Hooked Modules 550
Hooking Level 552
Hyperdump 555
I 559
Incomplete Stack Trace 559
Incomplete Session 560
Inconsistent Dump 562
Incorrect Stack Trace 563
Incorrect Symbolic Information 569
Injected Symbols 574
Inline Function Optimization 576
Instrumentation Information 580
Instrumentation Side Effect 584
Insufficient Memory 587
Internal Stack Trace 638
Interrupt Stack 640
Invalid Exception Information 642
Invalid Handle 646
Invalid Parameter 658
Invalid Pointer 663
J 667
JIT Code 667
L 672
Last Error Collection 672
Last Object 675
Late Crash Dump 677
Lateral Damage 678
Least Common Frame 684
Livelock 686
Local Buffer Overflow 688
Lost Opportunity 692
M 694
Main Thread 694
Managed Code Exception 697
Managed Stack Trace 704
Manual Dump 705
Memory Fibration 714
Memory Fluctuation 715
Memory Hierarchy 717
Memory Leak 718
Memory Region 743
Memory Snapshot 744
Message Box 745
Message Hooks 748
Mirror Dump Set 751
Missing Component 753
Missing Process 767
Missing Thread 768
Mixed Exception 773
Module Collection 778
Module Hint 781
Module Product Process 783
Module Stack Trace 784
Module Variable 786
Module Variety 788
Multiple Exceptions 791
N 807
Namespace 807
Nested Exceptions 808
Nested Offender 815
Network Packet Buildup 818
No Component Symbols 819
No Current Thread 822
No Data Types 824
No Process Dumps 826
No System Dumps 827
Not My Thread 828
Not My Version 829
NULL Pointer 831
O 842
Object Distribution Anomaly 842
OMAP Code Optimization 847
One-Thread Process 851
Optimized Code 853
Optimized VM Layout 855
Origin Module 857
Out-of-Module Pointer 859
Overaged System 860
P 861
Packed Code 861
Paged Out Data 864
Parameter Flow 866
Paratext 869
Pass Through Function 873
Passive System Thread 875
Passive Thread 879
Past Stack Trace 886
Patched Code 888
Pervasive System 889
Place Trace 890
Platform-Specific Debugger 892
Pleiades 894
Pointer Class 895
Pointer Cone 899
Pre-Obfuscation Residue 901
Problem Exception Handler 902
Problem Module 904
Problem Vocabulary 905
Process Factory 906
Punctuated Memory Leak 911
Q 915
Quiet Dump 915
Quotient Stack Trace 916
R 917
Random Object 917
Raw Pointer 920
Reduced Symbolic Information 921
Reference Leak 922
Region Boundary 925
Region Clusters 927
Region Profile 931
Region Strata 932
Regular Data 934
Relative Memory Leak 935
RIP Stack Trace 938
Rough Stack Trace 940
S 943
Same Vendor 943
Screwbolt Wait Chain 944
Self-Diagnosis 945
Self-Dump 953
Semantic Split 955
Semantic Structure 962
Shared Buffer Overwrite 966
Shared Structure 974
Small Value 975
Snapshot Collection 977
Software Exception 978
Source Stack Trace 980
Special Process 981
Special Stack Trace 986
Special Thread 987
Spike Interval 988
Spiking Thread 989
Stack Overflow 999
Stack Trace 1024
Stack Trace Change 1041
Stack Trace Collection 1042
Stack Trace Motif 1061
Stack Trace Race 1062
Stack Trace Set 1064
Stack Trace Signature 1067
Stack Trace Surface 1069
Step Dumps 1070
Stored Exception 1071
String Hint 1072
String Parameter 1074
Subsystem Modules 1076
Suspended Thread 1077
Swarm of Shared Locks 1079
System Call 1084
System Object 1086
T 1089
Tampered Dump 1089
Technology-Specific Subtrace 1102
Template Module 1112
Thread Age 1116
Thread Cluster 1118
Thread Poset 1119
Thread Starvation 1121
Top Module 1127
Translated Exception 1128
Truncated Dump 1129
Truncated Stack Trace 1132
U 1135
Ubiquitous Component 1135
Unified Stack Trace 1150
Unknown Component 1152
Unloaded Module 1156
Unrecognizable Symbolic Information 1160
Unsynchronized Dumps 1165
User Space Evidence 1166
V 1167
Value Adding Process 1167
Value Deviation 1168
Value References 1174
Variable Subtrace 1175
Version-Specific Extension 1181
Virtualized Process 1185
Virtualized System 1193
W 1199
Wait Chain 1199
Waiting Thread Time 1257
Well-Tested Function 1266
Well-Tested Module 1267
Wild Code 1268
Wild Pointer 1271
Window Hint 1273
Y 1276
Young System 1276
Z 1278
Zombie Processes 1278
Bibliography 1285
Appendix A 1286
Reference Stack Traces 1286
Appendix B 1287
.NET / CLR / Managed Space Patterns 1287
Contention Patterns 1288
Deadlock and Livelock Patterns 1289
DLL Link Patterns 1290
Dynamic Memory Corruption Patterns 1291
Executive Resource Patterns 1292
Exception Patterns 1293
Falsity and Coincidence Patterns 1294
Frame Patterns 1295
Hidden Artifact Patterns 1296
Hooksware Patterns 1297
Memory Consumption Patterns 1299
Meta-Memory Dump Patterns 1300
Module Patterns 1301
Optimization Patterns 1302
Pointer Patterns 1303
Process Patterns 1304
RPC, LPC and ALPC Patterns 1305
Stack Overflow Patterns 1306
Stack Trace Patterns 1307
Structural Memory Patterns 1309
Symbol Patterns 1310
Thread Patterns 1311
Wait Chain Patterns 1313
Appendix C 1314
Crash Dump Analysis Checklist 1314
Index 1317
Other books by this author
The Leanpub 60 Day 100% Happiness Guarantee
Within 60 days of purchase you can get a 100% refund on any Leanpub purchase, in two clicks.
Now, this is technically risky for us, since you'll have the book or course files either way. But we're so confident in our products and services, and in our authors and readers, that we're happy to offer a full money back guarantee for everything we sell.
You can only find out how good something is by trying it, and because of our 100% money back guarantee there's literally no risk to do so!
So, there's no reason not to click the Add to Cart button, is there?
See full terms...
Earn $8 on a $10 Purchase, and $16 on a $20 Purchase
We pay 80% royalties on purchases of $7.99 or more, and 80% royalties minus a 50 cent flat fee on purchases between $0.99 and $7.98. You earn $8 on a $10 sale, and $16 on a $20 sale. So, if we sell 5000 non-refunded copies of your book for $20, you'll earn $80,000.
(Yes, some authors have already earned much more than that on Leanpub.)
In fact, authors have earnedover $14 millionwriting, publishing and selling on Leanpub.
Learn more about writing on Leanpub
Free Updates. DRM Free.
If you buy a Leanpub book, you get free updates for as long as the author updates the book! Many authors use Leanpub to publish their books in-progress, while they are writing them. All readers get free updates, regardless of when they bought the book or how much they paid (including free).
Most Leanpub books are available in PDF (for computers) and EPUB (for phones, tablets and Kindle). The formats that a book includes are shown at the top right corner of this page.
Finally, Leanpub books don't have any DRM copy-protection nonsense, so you can easily read them on any supported device.
Learn more about Leanpub's ebook formats and where to read them