Memory Dump Analysis Anthology, Volume 8b
Memory Dump Analysis Anthology, Volume 8b
About the Book
This reference volume consists of revised, edited, cross-referenced, and thematically organized articles from Software Diagnostics Institute and Software Diagnostics Library (former Crash Dump Analysis blog) about software diagnostics, debugging, crash dump analysis, memory forensics, software trace and log analysis written in December 2014 - July 2015. It is fully cross-referenced with volumes 1 - 7 and 8a.
Compared to the volume 8a, the volume 8b features:
- 12 new crash dump analysis patterns
- 15 new software log and trace analysis patterns
- New memory dump analysis case study
- Introduction to articoding
- Introduction to special and general trace and log analysis
- Introduction to projective debugging
- Introduction to artifact-malware
- Introduction to concrete and general problem analysis patterns
The primary audience for Memory Dump Analysis Anthology reference volumes (Diagnomicon) is software engineers developing and maintaining products on Windows platforms, technical support, escalation, and site reliability engineers dealing with complex software issues, quality assurance engineers testing software, security and vulnerability researchers, reverse engineers, malware and memory forensics analysts.
About the Author
Bundles that include this book
Table of Contents
Preface 7
About the Author 9
PART 1: Professional Crash Dump Analysis and Debugging 11
Win32 Start Address Fallacy 11
Multidimensionality of Exceptions 13
PART 2: Crash Dump Analysis Patterns 15
Reference Leak 15
Origin Module 19
Hidden Call 21
Corrupt Structure 26
Software Exception 29
Crashed Process 30
Variable Subtrace 31
User Space Evidence 37
Technology-Specific Subtrace (COM Client Call) 38
Internal Stack Trace 39
Distributed Exception (Managed Code) 41
Thread Poset 43
PART 3: Pattern Interaction 45
Virtualized Process, Stack Trace Collection, COM Interface Invocation Subtrace, Active Thread, Spiking Thread, Last Error Collection, RIP Stack Trace, Value References, Namespace, and Module Hint 45
PART 4: A Bit of Science and Philosophy 57
Cantor Operating System 57
Metaphor of Memory as a Directed Container 57
Praxiverse 58
When Universe is Going to End? 58
Notes on Memoidealism 59
PART 5: Software Trace Analysis Patterns 61
Timeout 61
Activity Overlap 65
Adjoint Space 68
Indirect Message 71
Watch Thread 76
Punctuated Activity 78
Trace Mask 79
Trace Viewpoints 82
Data Reversal 84
Recovered Messages 86
Palimpsest Messages 88
Message Space 91
Interspace 93
Translated Message 95
Activity Disruption 97
PART 6: Fun with Debugging, Crash Dumps, and Traces 101
The Dump from the Future 101
Exchange Rate on 16.12.14 101
Check the Plug 102
Debugging Slang 103
YAWE 103
Embedded Software Engineer 103
Minute-wise 103
Developer 103
Multidigitalist 103
KgB 104
CIQ (Crash IQ) 104
Pat Ching 104
Explosive Mixture 104
POEM 104
YearNormous Day 105
eNormous 105
2015 - The Year of RAM 106
Diagnostics and Debugging in Science Fiction 107
Software and Hardware Exceptions 110
Logging for Kids 112
Find the Bug 113
Music for Debugging 114
Tracing and Counting Book 115
The Last Error 116
Patching the Hardware Defect 117
Pattern Match 118
PART 7: Software Narratology 119
Coding and Articoding 119
PART 8: Software Diagnostics, Troubleshooting, and Debugging 120
Special and General Trace and Log Analysis 121
Projective Debugging 125
Pattern! What Pattern? 134
I Didn’t See Anything 137
PART 9: Art and Photography 139
Diagnostics Designer Glasses 139
Pattern Diagnostics Logo 140
Happy Valentine’s Day 141
50 Shades of Crash Dump 142
Computer Universe 143
Failed Surveillance 144
Debugging Allegory on FEB 23 145
Object in Signaled State 146
Kernel Space Starts with 8 147
The Day of ST. P. The Elimination of Snakes 148
The Fifth Column 149
Proportionate Disproportionate Proportion 150
Autoportrait in 5 Objects 151
Kernel Works 152
Chip Forensics 153
Industrial Windows 154
The Meaning of Life 155
Hidden Bug 156
PART 10: Memory Forensics 157
Artifact-Malware and its Primary and Secondary Effects 157
PART 11: Miscellaneous 163
Quotes 163
Status Updates 165
Execution Residue 166
Appendix 167
Patterns are Weapons for Massive Debugging 167
Crash Dump Analysis Checklist 168
Index of WinDbg Commands 171
Other books by this author
The Leanpub 60 Day 100% Happiness Guarantee
Within 60 days of purchase you can get a 100% refund on any Leanpub purchase, in two clicks.
Now, this is technically risky for us, since you'll have the book or course files either way. But we're so confident in our products and services, and in our authors and readers, that we're happy to offer a full money back guarantee for everything we sell.
You can only find out how good something is by trying it, and because of our 100% money back guarantee there's literally no risk to do so!
So, there's no reason not to click the Add to Cart button, is there?
See full terms...
Earn $8 on a $10 Purchase, and $16 on a $20 Purchase
We pay 80% royalties on purchases of $7.99 or more, and 80% royalties minus a 50 cent flat fee on purchases between $0.99 and $7.98. You earn $8 on a $10 sale, and $16 on a $20 sale. So, if we sell 5000 non-refunded copies of your book for $20, you'll earn $80,000.
(Yes, some authors have already earned much more than that on Leanpub.)
In fact, authors have earnedover $14 millionwriting, publishing and selling on Leanpub.
Learn more about writing on Leanpub
Free Updates. DRM Free.
If you buy a Leanpub book, you get free updates for as long as the author updates the book! Many authors use Leanpub to publish their books in-progress, while they are writing them. All readers get free updates, regardless of when they bought the book or how much they paid (including free).
Most Leanpub books are available in PDF (for computers) and EPUB (for phones, tablets and Kindle). The formats that a book includes are shown at the top right corner of this page.
Finally, Leanpub books don't have any DRM copy-protection nonsense, so you can easily read them on any supported device.
Learn more about Leanpub's ebook formats and where to read them
