Encyclopedia of Crash Dump Analysis Patterns
Encyclopedia of Crash Dump Analysis Patterns
$80.00
Minimum price
$80.00
Suggested price
Encyclopedia of Crash Dump Analysis Patterns

This book is 100% complete

Completed on 2019-11-03

About the Book

This reference reprints with corrections, additional comments, and classification 373 alphabetically arranged and cross-referenced memory analysis patterns originally published in Memory Dump Analysis Anthology volumes 1 – 9 including 5 analysis patterns from volume 10a. This pattern catalog is a part of pattern-oriented software diagnostics, forensics, prognostics, anomaly detection, root cause analysis, and debugging developed by Software Diagnostics Institute. Most of the analysis patterns are illustrated with examples for WinDbg from Debugging Tools for Windows with a few examples from Mac OS X and Linux for GDB. The second edition includes more than 50 new analysis patterns and more than 70 new examples and comments for analysis patterns published in the first edition.

About the Author

Dmitry Vostokov
Dmitry Vostokov

Dmitry Vostokov is an internationally recognized expert, speaker, educator, scientist and author. He is the founder of pattern-oriented software diagnostics, forensics and prognostics discipline and Software Diagnostics Institute. Vostokov has also authored more than 50 books on software diagnostics, anomaly detection and analysis, software and memory forensics, root cause analysis and problem solving, memory dump analysis, debugging, software trace and log analysis, reverse engineering and malware analysis. He has more than 25 years of experience in software architecture, design, development and maintenance in a variety of industries including leadership, technical and people management roles. Dmitry also founded Anolog.io, BriteTrace, DiaThings, Logtellect, OpenTask Iterative and Incremental Publishing and Software Diagnostics Technology and Services (former Memory Dump Analysis Services) and Software Prognostics. In his spare time, he presents various topics on Debugging TV and explores Software Narratology, its further development as Narratology of Things and Diagnostics of Things (DoT), and Software Pathology. His current areas of interest are theoretical software diagnostics and its mathematical and computer science foundations, application of artificial intelligence and machine learning to diagnostics and anomaly detection, software diagnostics engineering and diagnostics-driven development, diagnostics workflow and interaction.

Table of Contents

Summary of Contents    3

Detailed Table of Contents          18

Preface to the First Edition          45

Preface to the Second Edition     46

Acknowledgements        47

About the Author           48

A           49

Abridged Dump 49

Accidental Lock 53

Activation Context          60

Active Thread    63

Activity Resonance         70

Affine Thread     72

Annotated Disassembly 75

B           76

Blocked DPC      76

Blocked Queue  77

Blocked Thread 80

Blocking File      93

Blocking Module             96

Broken Link        97

Busy System      99

C           108

C++ Exception    108

Caller-n-Callee   111

Changed Environment    114

Clone Dump       118

Cloud Environment         122

CLR Thread        124

Coincidental Error Code 128

Coincidental Frames       130

Coincidental Symbolic Information          134

Constant Subtrace          141

Corrupt Dump   142

Corrupt Structure           144

Coupled Machines          146

Coupled Modules           147

Coupled Processes          148

Crash Signature 153

Crash Signature Invariant            155

Crashed Process              156

Critical Region   157

Critical Section Corruption          161

Critical Stack Trace         168

Custom Exception Handler          169

D           174

Data Alignment 174

Data Contents Locality   175

Data Correlation             180

Deadlock            182

Debugger Bug   219

Debugger Omission        220

Design Value      221

Deviant Module 222

Deviant Token   229

Diachronic Module         230

Dialog Box         232

Directing Module            235

Disconnected Network Adapter 236

Disk Packet Buildup        238

Dispatch Level Spin        241

Distributed Exception     243

Distributed Spike            245

Distributed Wait Chain  253

Divide by Zero   255

Double Free       260

Double IRP Completion  279

Driver Device Collection 280

Dry Weight        281

Dual Stack Trace             282

Duplicate Extension        283

Duplicated Module         287

Dynamic Memory Corruption     292

E            312

Early Crash Dump           312

Effect Component           315

Embedded Comments    320

Empty Stack Trace          321

Environment Hint           324

Error Reporting Fault     325

Evental Dumps  328

Exception Module          361

Exception Stack Trace    363

Execution Residue          365

F            385

Fake Module      385

False Effective Address   389

False Function Parameters          390

False Positive Dump       393

Fat Process Dump           395

Fault Context     396

First Fault Stack Trace    397

Foreign Module Frame   398

FPU Exception   401

Frame Pointer Omission 403

Frozen Process  407

G           411

Ghost Thread     411

Glued Stack Trace           413

H           416

Handle Leak       416

Handle Limit      417

Handled Exception         428

Hardware Activity           437

Hardware Error 441

Hidden Call        450

Hidden Exception           455

Hidden IRP         462

Hidden Module 463

Hidden Parameter          465

Hidden Process  467

Hidden Stack Trace         469

High Contention              472

Historical Information    483

Hooked Functions           484

Hooked Modules            490

Hooking Level    492

I             495

Incomplete Stack Trace  495

Incomplete Session         496

Inconsistent Dump         498

Incorrect Stack Trace      499

Incorrect Symbolic Information  505

Injected Symbols            510

Inline Function Optimization       512

Instrumentation Information      516

Instrumentation Side Effect        520

Insufficient Memory       523

Internal Stack Trace        568

Invalid Exception Information     570

Invalid Handle   574

Invalid Parameter           586

Invalid Pointer   589

J            591

JIT Code             591

L            596

Last Error Collection       596

Last Object         599

Late Crash Dump            601

Lateral Damage 602

Least Common Frame    604

Livelock 606

Local Buffer Overflow    608

Lost Opportunity             612

M          614

Main Thread      614

Managed Code Exception            617

Managed Stack Trace     624

Manual Dump   625

Memory Fluctuation       634

Memory Leak    636

Message Box     660

Message Hooks 663

Mirror Dump Set            666

Missing Component       668

Missing Process 682

Missing Thread  683

Mixed Exception             688

Module Collection          693

Module Hint      696

Module Product Process              698

Module Stack Trace        699

Module Variable             701

Module Variety 703

Multiple Exceptions        706

N           722

Namespace        722

Nested Exceptions          723

Nested Offender             730

Network Packet Buildup 733

No Component Symbols              734

No Current Thread          737

No Data Types   739

No Process Dumps          740

No System Dumps          741

Not My Thread  742

Not My Version 743

NULL Pointer     745

O           756

Object Distribution Anomaly       756

OMAP Code Optimization           761

One-Thread Process       765

Optimized Code 767

Optimized VM Layout    769

Origin Module   771

Out-of-Module Pointer  773

Overaged System            774

P            775

Packed Code      775

Paged Out Data 778

Parameter Flow 780

Paratext             783

Pass Through Function   787

Passive System Thread   789

Passive Thread  793

Past Stack Trace              800

Patched Code    802

Pervasive System            803

Place Trace        804

Platform-Specific Debugger        806

Pleiades              808

Pre-Obfuscation Residue             809

Problem Exception Handler        810

Problem Module             812

Problem Vocabulary       813

Process Factory 814

Punctuated Memory Leak           819

Q           823

Quiet Dump       823

Quotient Stack Trace      824

R           825

Random Object 825

Raw Pointer       828

Reduced Symbolic Information   829

Reference Leak  830

Regular Data     833

Relative Memory Leak   834

RIP Stack Trace  837

Rough Stack Trace          839

S            842

Same Vendor     842

Screwbolt Wait Chain     843

Self-Diagnosis    844

Self-Dump          850

Semantic Split   853

Semantic Structure         860

Shared Buffer Overwrite              864

Shared Structure             872

Small Value        873

Software Exception        875

Special Process  877

Special Stack Trace         882

Special Thread   883

Spike Interval     884

Spiking Thread   885

Stack Overflow  895

Stack Trace        917

Stack Trace Change        932

Stack Trace Collection    933

Stack Trace Set  952

Stack Trace Signature     955

Stack Trace Surface        957

Step Dumps       958

Stored Exception            959

String Hint         960

String Parameter             962

Suspended Thread          964

Swarm of Shared Locks  966

System Object   971

T            974

Tampered Dump             974

Technology-Specific Subtrace     987

Template Module           997

Thread Age        1001

Thread Cluster   1003

Thread Poset     1004

Thread Starvation           1006

Top Module       1012

Translated Exception      1013

Truncated Dump             1014

Truncated Stack Trace    1017

U           1020

Ubiquitous Component  1020

Unified Stack Trace         1035

Unknown Component    1037

Unloaded Module           1041

Unrecognizable Symbolic Information     1045

Unsynchronized Dumps 1050

User Space Evidence      1051

V           1052

Value Adding Process     1052

Value Deviation 1053

Value References            1057

Variable Subtrace           1058

Version-Specific Extension          1064

Virtualized Process         1068

Virtualized System          1076

W          1082

Wait Chain         1082

Waiting Thread Time      1137

Well-Tested Function     1146

Well-Tested Module       1147

Wild Code          1148

Wild Pointer      1151

Window Hint     1153

Y            1156

Young System    1156

Z            1158

Zombie Processes           1158

Bibliography      1165

Appendix A        1166

Reference Stack Traces  1166

Appendix B        1167

.NET / CLR / Managed Space Patterns     1167

Contention Patterns       1168

Deadlock and Livelock Patterns  1169

DLL Link Patterns            1170

Dynamic Memory Corruption Patterns    1171

Executive Resource Patterns       1172

Exception Patterns         1173

Falsity and Coincidence Patterns              1174

Hooksware Patterns       1175

Memory Consumption Patterns 1177

Meta-Memory Dump Patterns   1178

Module Patterns             1179

Optimization Patterns    1180

Process Patterns             1181

RPC, LPC and ALPC Patterns        1182

Stack Overflow Patterns 1183

Stack Trace Patterns       1184

Symbol Patterns             1186

Thread Patterns 1187

Wait Chain Patterns       1188

Appendix C        1189

Crash Dump Analysis Checklist   1189

Index     1192

Authors have earned$8,182,613writing, publishing and selling on Leanpub,
earning 80% royalties while saving up to 25 million pounds of CO2 and up to 46,000 trees.

Learn more about writing on Leanpub

The Leanpub 45-day 100% Happiness Guarantee

Within 45 days of purchase you can get a 100% refund on any Leanpub purchase, in two clicks.

See full terms

Free Updates. Free App. DRM Free.

If you buy a Leanpub book, you get free updates for as long as the author updates the book! Many authors use Leanpub to publish their books in-progress, while they are writing them. All readers get free updates, regardless of when they bought the book or how much they paid (including free).

Most Leanpub books are available in PDF (for computers), EPUB (for phones and tablets), MOBI (for Kindle) and in the free Leanpub App (for Mac, Windows, iOS and Android). The formats that a book includes are shown at the top right corner of this page.

Finally, Leanpub books don't have any DRM copy-protection nonsense, so you can easily read them on any supported device.

Learn more about Leanpub's ebook formats and where to read them

Write and Publish on Leanpub

You can use Leanpub to easily write, publish and sell in-progress and completed ebooks and online courses! Leanpub is a powerful platform for serious authors, combining a simple, elegant writing and publishing workflow with a store focused on selling in-progress ebooks. Leanpub is a magical typewriter for authors: just write in plain text, and to publish your ebook, just click a button. It really is that easy.

Learn more about writing on Leanpub