Encyclopedia of Crash Dump Analysis Patterns
Minimum price
Suggested price

Encyclopedia of Crash Dump Analysis Patterns

Detecting Abnormal Software Structure and Behavior in Computer Memory, Third Edition

About the Book

This reference reprints with corrections, additional comments, and classification more than 370 alphabetically arranged and cross-referenced memory analysis patterns originally published in Memory Dump Analysis Anthology volumes 1 – 13. This pattern catalog is a part of pattern-oriented software diagnostics, forensics, prognostics, anomaly detection, root cause analysis, and debugging developed by Software Diagnostics Institute. Most of the analysis patterns are illustrated with examples for WinDbg from Debugging Tools for Windows with a few examples from Mac OS X and Linux for GDB. The third edition includes more than 40 new analysis patterns, more than 30 new examples and comments for analysis patterns published in the previous editions, updated bibliography and links, improved illustrations and debugger output snippets with extra visual highlighting.

  • Share this book

  • Categories

    • Software
    • C and C++
    • .NET
    • Testing
    • Resiliency
    • Computer Security
  • Feedback

    Email the Author(s)

About the Author

Dmitry Vostokov
Dmitry Vostokov

Dmitry Vostokov is an internationally recognized expert, speaker, educator, scientist, inventor, and author. He is the founder of pattern-oriented software diagnostics, forensics, and prognostics discipline (Systematic Software Diagnostics), and Software Diagnostics Institute. Vostokov has also authored more than 50 books on software diagnostics, anomaly detection and analysis, software and memory forensics, root cause analysis and problem solving, memory dump analysis, debugging, software trace and log analysis, reverse engineering and malware analysis. He has more than 25 years of experience in software architecture, design, development and maintenance in a variety of industries including leadership, technical and people management roles. Dmitry also founded Syndromatix, Anolog.io, BriteTrace, DiaThings, Logtellect, OpenTask Iterative and Incremental Publishing, Software Diagnostics Technology and Services (former Memory Dump Analysis Services), and Software Prognostics. In his spare time, he presents various topics on Debugging TV and explores Software Narratology, its further development as Narratology of Things and Diagnostics of Things (DoT), Software Pathology, and Quantum Software Diagnostics. His current areas of interest are theoretical software diagnostics and its mathematical and computer science foundations, application of formal logic, artificial intelligence, machine learning and data mining to diagnostics and anomaly detection, software diagnostics engineering and diagnostics-driven development, diagnostics workflow and interaction. Recent interest areas also include cloud native computing, security, automation, functional programming, applications of category theory to software diagnostics, development and big data, and diagnostics of artificial intelligence.

Bundles that include this book

Bought separately
Bundle Price
Bought separately
Bundle Price

Table of Contents

Summary of Contents 3

Detailed Table of Contents 20

Preface to the Third Edition 50

Preface to the Second Edition 51

Preface to the First Edition 52

Acknowledgements 53

About the Author 54

A 55

Abridged Dump 55

Accidental Lock 59

Activation Context 66

Active Space 69

Active Thread 71

Activity Resonance 78

Affine Thread 80

Aggregate Snapshot 83

Aggregated Frames 84

Anchor Region 85

Annotated Disassembly 86

B 87

Blocked DPC 87

Blocked Queue 88

Blocked Thread 91

Blocking File 104

Blocking Module 107

Broken Link 108

Busy System 110

C 119

C++ Exception 119

Caller-n-Callee 122

Changed Environment 125

Clone Dump 129

Cloud Environment 133

CLR Thread 135

Coincidental Error Code 139

Coincidental Frames 141

Coincidental Symbolic Information 145

Constant Subtrace 153

Context Pointer 154

Corrupt Dump 155

Corrupt Structure 157

Coupled Machines 159

Coupled Modules 160

Coupled Processes 161

Crash Signature 166

Crash Signature Invariant 168

Crashed Process 169

Critical Region 170

Critical Section Corruption 174

Critical Stack Trace 181

Custom Exception Handler 182

D 187

Data Alignment 187

Data Contents Locality 188

Data Correlation 193

Deadlock 197

Debugger Bug 239

Debugger Omission 240

Design Value 241

Deviant Module 242

Deviant Token 249

Diachronic Module 250

Dialog Box 252

Directing Module 255

Disassembly Ambiguity 256

Disconnected Network Adapter 257

Disk Packet Buildup 259

Dispatch Level Spin 262

Distributed Exception 265

Distributed Spike 267

Distributed Wait Chain 275

Divide by Zero 277

Double Free 282

Double IRP Completion 302

Driver Device Collection 303

Dry Weight 304

Dual Stack Trace 305

Duplicate Extension 306

Duplicated Module 310

Dynamic Memory Corruption 315

E 335

Early Crash Dump 335

Effect Component 338

Embedded Comments 343

Empty Stack Trace 344

Environment Hint 347

Error Reporting Fault 348

Evental Dumps 351

Exception Module 384

Exception Reporting Thread 386

Exception Stack Trace 387

Execution Residue 389

F 409

Fake Module 409

False Effective Address 413

False Frame 414

False Function Parameters 416

False Memory 419

False Positive Dump 428

Fat Process Dump 430

Fault Context 431

First Fault Stack Trace 432

Foreign Module Frame 433

FPU Exception 436

Frame Pointer Omission 438

Frame Regularity 442

Frame Trace 446

Frozen Process 455

G 459

Ghost Thread 459

Glued Stack Trace 461

H 464

Handle Leak 464

Handle Limit 466

Handled Exception 477

Hardware Activity 486

Hardware Error 490

Hidden Call 499

Hidden Exception 504

Hidden IRP 514

Hidden Module 515

Hidden Parameter 517

Hidden Process 519

Hidden Stack 521

Hidden Stack Trace 524

High Contention 527

Historical Information 543

Hooked Functions 544

Hooked Modules 550

Hooking Level 552

Hyperdump 555

I 559

Incomplete Stack Trace 559

Incomplete Session 560

Inconsistent Dump 562

Incorrect Stack Trace 563

Incorrect Symbolic Information 569

Injected Symbols 574

Inline Function Optimization 576

Instrumentation Information 580

Instrumentation Side Effect 584

Insufficient Memory 587

Internal Stack Trace 638

Interrupt Stack 640

Invalid Exception Information 642

Invalid Handle 646

Invalid Parameter 658

Invalid Pointer 663

J 667

JIT Code 667

L 672

Last Error Collection 672

Last Object 675

Late Crash Dump 677

Lateral Damage 678

Least Common Frame 684

Livelock 686

Local Buffer Overflow 688

Lost Opportunity 692

M 694

Main Thread 694

Managed Code Exception 697

Managed Stack Trace 704

Manual Dump 705

Memory Fibration 714

Memory Fluctuation 715

Memory Hierarchy 717

Memory Leak 718

Memory Region 743

Memory Snapshot 744

Message Box 745

Message Hooks 748

Mirror Dump Set 751

Missing Component 753

Missing Process 767

Missing Thread 768

Mixed Exception 773

Module Collection 778

Module Hint 781

Module Product Process 783

Module Stack Trace 784

Module Variable 786

Module Variety 788

Multiple Exceptions 791

N 807

Namespace 807

Nested Exceptions 808

Nested Offender 815

Network Packet Buildup 818

No Component Symbols 819

No Current Thread 822

No Data Types 824

No Process Dumps 826

No System Dumps 827

Not My Thread 828

Not My Version 829

NULL Pointer 831

O 842

Object Distribution Anomaly 842

OMAP Code Optimization 847

One-Thread Process 851

Optimized Code 853

Optimized VM Layout 855

Origin Module 857

Out-of-Module Pointer 859

Overaged System 860

P 861

Packed Code 861

Paged Out Data 864

Parameter Flow 866

Paratext 869

Pass Through Function 873

Passive System Thread 875

Passive Thread 879

Past Stack Trace 886

Patched Code 888

Pervasive System 889

Place Trace 890

Platform-Specific Debugger 892

Pleiades 894

Pointer Class 895

Pointer Cone 899

Pre-Obfuscation Residue 901

Problem Exception Handler 902

Problem Module 904

Problem Vocabulary 905

Process Factory 906

Punctuated Memory Leak 911

Q 915

Quiet Dump 915

Quotient Stack Trace 916

R 917

Random Object 917

Raw Pointer 920

Reduced Symbolic Information 921

Reference Leak 922

Region Boundary 925

Region Clusters 927

Region Profile 931

Region Strata 932

Regular Data 934

Relative Memory Leak 935

RIP Stack Trace 938

Rough Stack Trace 940

S 943

Same Vendor 943

Screwbolt Wait Chain 944

Self-Diagnosis 945

Self-Dump 953

Semantic Split 955

Semantic Structure 962

Shared Buffer Overwrite 966

Shared Structure 974

Small Value 975

Snapshot Collection 977

Software Exception 978

Source Stack Trace 980

Special Process 981

Special Stack Trace 986

Special Thread 987

Spike Interval 988

Spiking Thread 989

Stack Overflow 999

Stack Trace 1024

Stack Trace Change 1041

Stack Trace Collection 1042

Stack Trace Motif 1061

Stack Trace Race 1062

Stack Trace Set 1064

Stack Trace Signature 1067

Stack Trace Surface 1069

Step Dumps 1070

Stored Exception 1071

String Hint 1072

String Parameter 1074

Subsystem Modules 1076

Suspended Thread 1077

Swarm of Shared Locks 1079

System Call 1084

System Object 1086

T 1089

Tampered Dump 1089

Technology-Specific Subtrace 1102

Template Module 1112

Thread Age 1116

Thread Cluster 1118

Thread Poset 1119

Thread Starvation 1121

Top Module 1127

Translated Exception 1128

Truncated Dump 1129

Truncated Stack Trace 1132

U 1135

Ubiquitous Component 1135

Unified Stack Trace 1150

Unknown Component 1152

Unloaded Module 1156

Unrecognizable Symbolic Information 1160

Unsynchronized Dumps 1165

User Space Evidence 1166

V 1167

Value Adding Process 1167

Value Deviation 1168

Value References 1174

Variable Subtrace 1175

Version-Specific Extension 1181

Virtualized Process 1185

Virtualized System 1193

W 1199

Wait Chain 1199

Waiting Thread Time 1257

Well-Tested Function 1266

Well-Tested Module 1267

Wild Code 1268

Wild Pointer 1271

Window Hint 1273

Y 1276

Young System 1276

Z 1278

Zombie Processes 1278

Bibliography 1285

Appendix A 1286

Reference Stack Traces 1286

Appendix B 1287

.NET / CLR / Managed Space Patterns 1287

Contention Patterns 1288

Deadlock and Livelock Patterns 1289

DLL Link Patterns 1290

Dynamic Memory Corruption Patterns 1291

Executive Resource Patterns 1292

Exception Patterns 1293

Falsity and Coincidence Patterns 1294

Frame Patterns 1295

Hidden Artifact Patterns 1296

Hooksware Patterns 1297

Memory Consumption Patterns 1299

Meta-Memory Dump Patterns 1300

Module Patterns 1301

Optimization Patterns 1302

Pointer Patterns 1303

Process Patterns 1304

RPC, LPC and ALPC Patterns 1305

Stack Overflow Patterns 1306

Stack Trace Patterns 1307

Structural Memory Patterns 1309

Symbol Patterns 1310

Thread Patterns 1311

Wait Chain Patterns 1313

Appendix C 1314

Crash Dump Analysis Checklist 1314

Index 1317

The Leanpub 60 Day 100% Happiness Guarantee

Within 60 days of purchase you can get a 100% refund on any Leanpub purchase, in two clicks.

Now, this is technically risky for us, since you'll have the book or course files either way. But we're so confident in our products and services, and in our authors and readers, that we're happy to offer a full money back guarantee for everything we sell.

You can only find out how good something is by trying it, and because of our 100% money back guarantee there's literally no risk to do so!

So, there's no reason not to click the Add to Cart button, is there?

See full terms...

80% Royalties. Earn $16 on a $20 book.

We pay 80% royalties. That's not a typo: you earn $16 on a $20 sale. If we sell 5000 non-refunded copies of your book or course for $20, you'll earn $80,000.

(Yes, some authors have already earned much more than that on Leanpub.)

In fact, authors have earnedover $13 millionwriting, publishing and selling on Leanpub.

Learn more about writing on Leanpub

Free Updates. DRM Free.

If you buy a Leanpub book, you get free updates for as long as the author updates the book! Many authors use Leanpub to publish their books in-progress, while they are writing them. All readers get free updates, regardless of when they bought the book or how much they paid (including free).

Most Leanpub books are available in PDF (for computers) and EPUB (for phones, tablets and Kindle). The formats that a book includes are shown at the top right corner of this page.

Finally, Leanpub books don't have any DRM copy-protection nonsense, so you can easily read them on any supported device.

Learn more about Leanpub's ebook formats and where to read them

Write and Publish on Leanpub

You can use Leanpub to easily write, publish and sell in-progress and completed ebooks and online courses!

Leanpub is a powerful platform for serious authors, combining a simple, elegant writing and publishing workflow with a store focused on selling in-progress ebooks.

Leanpub is a magical typewriter for authors: just write in plain text, and to publish your ebook, just click a button. (Or, if you are producing your ebook your own way, you can even upload your own PDF and/or EPUB files and then publish with one click!) It really is that easy.

Learn more about writing on Leanpub