Memory Dump Analysis Anthology, Volume 2, Revised Edition
$20.00
Minimum price
$20.00
Suggested price

Memory Dump Analysis Anthology, Volume 2, Revised Edition

  • 465

    Pages

  • English

  • PDF

  • EPUB

About the Book

This reference volume consists of revised, edited, cross-referenced, and thematically organized articles from Software Diagnostics Institute and Software Diagnostics Library (former Crash Dump Analysis blog) written in January - September 2008. In addition to various corrections, this major revision updates relevant links and removes obsolete references. Some articles are preserved for historical reasons. Most of the content, especially memory analysis pattern language, is still relevant today and for the foreseeable future. The output of WinDbg commands is also remastered to include color highlighting. Crash dump analysis pattern names are also corrected to reflect the continued expansion of the catalog.

Compared to the first revised volume, the second revised volume features:

  • 44 more crash dump analysis patterns
  • Pattern interaction and case studies
  • Fully cross-referenced with Volume 1
  • New appendixes

The primary audience for Memory Dump Analysis Anthology reference volumes is: software engineers developing and maintaining products on Windows platforms, technical support, escalation, and site reliability engineers dealing with complex software issues, quality assurance engineers testing software on Windows platforms, security and vulnerability researchers, reverse engineers, malware and memory forensics analysts.

About the Author

Dmitry Vostokov
Dmitry Vostokov

Dmitry Vostokov is an internationally recognized expert, speaker, educator, scientist and author. He is the founder of pattern-oriented software diagnostics, forensics and prognostics discipline and Software Diagnostics Institute. Vostokov has also authored more than 50 books on software diagnostics, anomaly detection and analysis, software and memory forensics, root cause analysis and problem solving, memory dump analysis, debugging, software trace and log analysis, reverse engineering and malware analysis. He has more than 25 years of experience in software architecture, design, development and maintenance in a variety of industries including leadership, technical and people management roles. Dmitry also founded Syndromatix, Anolog.io, BriteTrace, DiaThings, Logtellect, OpenTask Iterative and Incremental Publishing and Software Diagnostics Technology and Services (former Memory Dump Analysis Services) and Software Prognostics. In his spare time, he presents various topics on Debugging TV and explores Software Narratology, its further development as Narratology of Things and Diagnostics of Things (DoT), and Software Pathology. His current areas of interest are theoretical software diagnostics and its mathematical and computer science foundations, application of artificial intelligence, machine learning and data mining to diagnostics and anomaly detection, software diagnostics engineering and diagnostics-driven development, diagnostics workflow and interaction. Recent interest areas also include cloud native computing, security, automation, functional programming, and applications of category theory to software development and big data.

Table of Contents

Preface 15

Acknowledgments 17

About the Author 18

PART 1: Crash Dumps for Beginners 19

The Time of the Crash 19

Stack Trace 20

EasyDbg 22

Citrix Symbol Server 27

PART 2: Professional Crash Dump Analysis 29

WinDbg Scripts 29

Introduction for C/C++ Users 29

Generating File Name for .dump Command 37

All at Once: Postmortem Logs and Dump Files 38

Common Mistakes 39

Not Looking at Full Stack Traces 39

Not Seeing Semantic and Pragmatic Inconsistencies 41

Pattern Interaction 43

Heuristic Stack Trace 43

Multiple Patterns 50

Exception and Deadlock 55

Heap and Spike 59

Hooksware 63

Heap and Early Crash Dump 65

WinDbg Shortcuts 67

WinDbg as a Binary Editor 67

Command Autocompletion 70

!envvar 71

.quit_lock 72

.dumpcab 73

.f+, .f- 74

.exptr 75

WinDbg as a Simple PE Viewer 76

.sound_notify 79

Signaled Objects 80

Memory Search Revisited 87

WDF and PNP BSOD: Case Study 95

Exploring NDIS Extension 105

The Hunt for the Debugger 109

Complete Dump: User Space Critical Sections 115

Microsoft DLL Help Database 116

What Does This Function Do? 118

What Was This Process Doing? 119

STL and WinDbg 122

WinDbg Cheat Sheet 125

How Old Is Your Application or System? 126

Demystifying First-chance Exceptions 129

.NET Managed Code Analysis in Complete Memory Dumps 131

Who Opened That File? 134

In Search of Lost CID 136

Large Heap Allocations 137

First-order and Second-order Memory Leaks 140

Hooked Modules 145

PART 3: Crash Dump Analysis Patterns 147

Wait Chain (Executive Resources) 147

Corrupt Dump 151

Dispatch Level Spin 154

No Process Dumps 157

No System Dumps 158

Insufficient Memory (PTE) 159

Suspended Thread 161

Special Process 164

Frame Pointer Omission 169

False Function Parameters 173

Message Box 177

Self-Dump 181

Blocked Thread (Software) 184

Zombie Processes 196

Wild Pointer 202

Dynamic Memory Corruption (Kernel Pool) 204

Insufficient Memory (Module Fragmentation) 210

Wild Code 219

Hardware Error 221

Handle Limit (GDI, Kernel Space) 226

Missing Component (General) 233

NULL Pointer (Code) 237

Execution Residue (Unmanaged Space) 239

Optimized VM Layout 267

Invalid Handle (General) 269

Overaged System 273

Thread Starvation (Realtime Priority) 274

Stack Overflow (User Mode) 279

Missing Component (Static Linkage, User Mode) 283

Duplicated Module 294

Not My Version (Software) 299

Data Contents Locality 300

Nested Exceptions (Unmanaged Code) 305

Nested Exceptions (Managed Code) 310

Affine Thread 314

Self-Diagnosis (User Mode) 318

Waiting Thread Time (User Dumps) 319

Inline Function Optimization (Unmanaged Code) 322

Critical Section Corruption 324

Lost Opportunity 332

Young System 335

Last Error Collection 337

Hidden Module 339

High Contention (Critical Sections) 341

PART 4: Crash Dump Analysis AntiPatterns 343

Debugging Architects 343

Symbolless Analysis 344

Myopic Troubleshooting and Debugging 345

PART 5: A Bit of Science 347

Memoretics 347

Memory Analysis 348

Memoidealism 349

Memiotics 350

PART 6: Fun with Crash Dumps 351

Music for Debugging 351

The Glory of Debugging 351

Memory Analysis Album 352

Biography of a Bug 354

Visual Computer Memories 355

The First Defect 356

The Songs for Remote Debugging 357

Thinking Out of the Box 358

Crash Dumps and Science Fiction 359

Colorimetric Computer Memory Dating 360

On CSI Abbreviation 362

The First Memory Dump Book 363

On SOS Abbreviation 365

Software Exceptions: a Paranormal View 366

Bug Entanglement (Bugtanglement) 367

The Standard Model of Debugging 368

Physics of Debugging 369

Can Computers Debug? 371

PART 7: Data Recovery 375

With the Help of Memory Dump Analysis 375

PART 8: Software Troubleshooting 377

Troubleshooter’s Block 377

Causal Models 378

Object-Oriented Debugging and Troubleshooting 379

Component-Based Debugging and Troubleshooting 380

Domain-Driven Debugging and Troubleshooting 381

Myths and Facts about Software Support 382

Ceteris Paribus in Comparative Troubleshooting 383

Dancing in Software Support Environment 384

PARTS: Problem Solving Power of Thought 385

The Hidden Tomb in Pyramid of Software Change 386

Tracing 387

CDF Traces: Analyzing Process Launch Sequence 387

ETW Tracing Tools 389

Lean Tracing 390

DebugWare Patterns 391

API Query 391

Tool Façade 392

Configuration Wrapper 393

Dual Interface 394

Tool Chain 395

Tool Box 396

PART 9: Security 397

Data Hiding in Crash Dumps 397

Hardening Dump Security: Beware of PEB Data 400

PART 10: The Origin of Crash Dumps 401

Memory Dumps from Xen-virtualized Windows 401

Bugchecks: SYSTEM_SERVICE_EXCEPTION 402

Bugcheck Callbacks 406

Application Verifier on x64 Platforms 413

Who Saved the Dump File? 414

ADPlus in 21 Seconds and 13 Steps 416

PART 11: Miscellaneous 425

Three Main Ideas of Debugging 425

Pseudo-corrupt Memory Dumps 426

Win32 Exception Frequencies 427

Bugcheck Frequencies 429

Time Travel Debugging 440

I/O and Memory Priority in Vista 441

Appendix A 443

Crash Dump File Examples 443

Appendix B 445

WinDbg.Org: WinDbg Quick Links 445

Appendix C 447

Dump2Wave Source Code 447

Appendix D 451

Dump2Picture Source Code 451

Appendix E 455

Crash Dump Analysis Checklist 455

CMDTREE.TXT 458

Appendix F 459

Index of WinDbg Commands 460

Cover Images 463

Other books by this author

Trace, Log, Text, Narrative
Dmitry Vostokov
Encyclopedia of Crash Dump Analysis Patterns
Dmitry Vostokov
Theoretical Software Diagnostics
Dmitry Vostokov
Accelerated .NET Memory Dump Analysis
Dmitry Vostokov
Accelerated Windows Memory Dump Analysis, Fifth Edition, Part 1, Process User Space
Dmitry Vostokov
Accelerated Linux Core Dump Analysis
Dmitry Vostokov
Practical Foundations of Windows Debugging, Disassembling, Reversing
Dmitry Vostokov
Accelerated Windows Malware Analysis with Memory Dumps
Dmitry Vostokov
Accelerated Windows Debugging 3
Dmitry Vostokov
Advanced Windows Memory Dump Analysis with Data Structures
Dmitry Vostokov
Accelerated Software Trace Analysis, Revised Edition, Part 1
Dmitry Vostokov
Accelerated Mac OS X Core Dump Analysis, Second Edition
Dmitry Vostokov
Accelerated Disassembly, Reconstruction and Reversing
Dmitry Vostokov
Visual Category Theory Brick by Brick, Part 1
Dmitry Vostokov
Visual Category Theory Brick by Brick, Part 2
Dmitry Vostokov
Memory Dump Analysis Anthology, Volume 1, Revised Edition
Dmitry Vostokov
Machine Learning Brick by Brick, Epoch 1
Dmitry Vostokov
Software Construction Brick by Brick, Increment 1
Dmitry Vostokov
Visual Category Theory Brick by Brick, Part 3
Dmitry Vostokov
Visual Category Theory Brick by Brick, Part 4
Dmitry Vostokov
Visual Category Theory Brick by Brick, Part 5
Dmitry Vostokov
Visual Category Theory Brick by Brick, Part 6
Dmitry Vostokov
Organic Chemistry Brick by Brick, Compound 1
Dmitry Vostokov
Fundamentals of Physical Memory Analysis
Dmitry Vostokov
Memory Dump Analysis Anthology, Volume 3, Revised Edition
Dmitry Vostokov
Practical Foundations of Linux Debugging, Disassembling, Reversing
Dmitry Vostokov
Visual Category Theory Brick by Brick, Part 7
Dmitry Vostokov
Visual Category Theory, CoPart 1
Dmitry Vostokov

Authors have earned$10,080,957writing, publishing and selling on Leanpub, earning 80% royalties while saving up to 25 million pounds of CO2 and up to 46,000 trees.

Learn more about writing on Leanpub

The Leanpub 45-day 100% Happiness Guarantee

Within 45 days of purchase you can get a 100% refund on any Leanpub purchase, in two clicks.

See full terms

Free Updates. DRM Free.

If you buy a Leanpub book, you get free updates for as long as the author updates the book! Many authors use Leanpub to publish their books in-progress, while they are writing them. All readers get free updates, regardless of when they bought the book or how much they paid (including free).

Most Leanpub books are available in PDF (for computers), EPUB (for phones and tablets) and MOBI (for Kindle). The formats that a book includes are shown at the top right corner of this page.

Finally, Leanpub books don't have any DRM copy-protection nonsense, so you can easily read them on any supported device.

Learn more about Leanpub's ebook formats and where to read them

Write and Publish on Leanpub

You can use Leanpub to easily write, publish and sell in-progress and completed ebooks and online courses! Leanpub is a powerful platform for serious authors, combining a simple, elegant writing and publishing workflow with a store focused on selling in-progress ebooks. Leanpub is a magical typewriter for authors: just write in plain text, and to publish your ebook, just click a button. It really is that easy.

Learn more about writing on Leanpub

Top Books

  1. #1

    C++ Best Practices

    Jason Turner

    Level up your C++, get the tools working for you, eliminate common problems, and move on to more exciting things!

  2. #2

    Digital-First Events

    Joep Piscaer and Jana Boruta

    The only resource you will ever need to launch your digital events program.

  3. #3

    C++20

    Rainer Grimm

    C++20 is the next big C++ standard after C++11. As C++11 did it, C++20 changes the way we program modern C++. This change is, in particular, due to the big four of C++20: ranges, coroutines, concepts, and modules.

    The book is almost daily updated. These incremental updates ease my interaction with the proofreaders.

  4. #4

    Sockets and Pipes

    Type Classes

    Sockets and Pipes is not an introduction to Haskell; it is an introduction to writing software in Haskell. Using a handful of everyday Haskell libraries, this book walks through reading the HTTP specification and implementing it to create a web server.

  5. #5

    Atomic Kotlin

    Bruce Eckel and Svetlana Isakova

    For both beginning and experienced programmers! From the author of the multi-award-winning Thinking in C++ and Thinking in Java together with a member of the Kotlin language team comes a book that breaks the concepts into small, easy-to-digest "atoms," along with exercises supported by hints and solutions directly inside IntelliJ IDEA!

  6. #6

    Algebra-Driven Design

    Sandy Maguire

    A how-to field guide on building leak-free abstractions and algebraically designing real-world applications.

  7. #7

    Introducing EventStorming

    Alberto Brandolini

    The deepest tutorial and explanation about EventStorming, straight from the inventor.

  8. #8

    node-opcua by example

    Etienne Rossignon

    Get the best out of node-opcua through a set of documented examples by the author himself that will allow you to create stunning OPCUA Servers or Clients.

  9. #9

    Ansible for DevOps

    Jeff Geerling

    Ansible is a simple, but powerful, server and configuration management tool. Learn to use Ansible effectively, whether you manage one server—or thousands.

  10. #10

    Cloud Strategy

    Gregor Hohpe

    “Strategy is the difference between making a wish and making it come true.” A successful migration to the cloud can transform your organization, but it shouldn’t be driven by wishes. This book tells you how to develop a sound strategy guided by frameworks and decision models without being overly abstract nor getting lost in product details.

Top Bundles

  1. #1

    Software Architecture for Developers: Volumes 1 & 2 - Technical leadership and communication

    2 Books

    "Software Architecture for Developers" is a practical and pragmatic guide to modern, lightweight software architecture, specifically aimed at developers. You'll learn:The essence of software architecture.Why the software architecture role should include coding, coaching and collaboration.The things that you really need to think about before...
  2. #2

    Django for Beginners/APIs/Professionals

    3 Books

  3. #3

    CCIE Service Provider Ultimate Study Bundle

    2 Books

    Piotr Jablonski, Lukasz Bromirski, and Nick Russo have joined forces to deliver the only CCIE Service Provider training resource you'll ever need. This bundle contains a detailed and challenging collection of workbook labs, plus an extensively detailed technical reference guide. All of us have earned the CCIE Service Provider certification...
  4. #4

    Cisco CCNA 200-301 Complet

    4 Books

    Ce lot comprend les quatre volumes du guide préparation à l'examen de certification Cisco CCNA 200-301.
  5. #5

    Linux Administration Complet

    4 Books

    Ce lot comprend les quatre volumes du Guide Linux Administration :Linux Administration, Volume 1, Administration fondamentale : Guide pratique de préparation aux examens de certification LPIC 1, Linux Essentials, RHCSA et LFCS. Administration fondamentale. Introduction à Linux. Le Shell. Traitement du texte. Arborescence de fichiers. Sécurité...
  6. #6

    Modern Management Made Easy

    3 Books

    Read all three Modern Management Made Easy books. Learn to manage yourself, lead and serve others, and lead the organization.
  7. #7

    PowerShell

    3 Books

    Buy every PowerShell book from Adam Bertram at a 20% discount!
  8. #8

    Mastering Containers

    2 Books

    Docker and Kubernetes are taking the world by storm! These books will get you up-to-speed fast! Docker Deep Dive is over 400 pages long, and covers all objectives on the Docker Certified Associate exam.The Kubernetes Book includes everything you need to get up and running with Kubernetes!
  9. #9

    CCDE Practical Studies (All labs)

    3 Books

    CCDE lab
  10. #10

    All the Books of The Medical Futurist

    6 Books

    We put together the most popular books from The Medical Futurist to provide a clear picture about the major trends shaping the future of medicine and healthcare. Digital health technologies, artificial intelligence, the future of 20 medical specialties, big pharma, data privacy, digital health investments and how technology giants such as Amazon...

Publish Early, Publish Often

  • Path
  • There are many paths, but the one you're on right now on Leanpub is:
  • › Windbg2

Leanpub is copyright © 2010-2021 Ruboss Technology Corp. All rights reserved.