Accelerated Windows Memory Dump Analysis, Fifth Edition, Part 1, Revised, Process User Space
Accelerated Windows Memory Dump Analysis, Fifth Edition, Part 1, Revised, Process User Space
Training Course Transcript and WinDbg Practice Exercises with Notes
About the Book
This book is a full-color transcript of Software Diagnostics Services training sessions with 20 step-by-step exercises, notes, source code of specially created modeling applications, and more than 60 questions and answers. Covers more than 50 crash dump analysis patterns from x86 and x64 process memory dumps. Learn how to analyze application and service crashes and freezes, navigate through process user space and diagnose heap corruption, memory and handle leaks, CPU spikes, blocked threads, deadlocks, wait chains, and many more patterns of abnormal software behavior with WinDbg debugger. The training uses a unique and innovative pattern-oriented analysis approach developed by Software Diagnostics Institute to speed up the learning curve. Prerequisites: Basic Windows troubleshooting. Audience: Software technical support and escalation engineers, system administrators, security researchers, reverse engineers, malware and memory forensics analysts, software developers and quality assurance engineers, site reliability engineers. The 5th edition was fully reworked with new memory dumps, additional slides, exercises, and analysis patterns. It was further revised with some exercises updated to Windows 11, expanded Q&A, and optional Docker image.
About the Author
Bundles that include this book
Table of Contents
About the Author 5
Presentation Slides and Transcript 7
Practice Exercises 33
Exercise 0: Download, setup and verify your WinDbg or WinDbg Preview installation, or Docker image 38
Exercise P1: Analysis of a normal application process dump (64-bit notepad) 54
Exercise P2: Analysis of a normal application process dump (32-bit notepad) 78
Exercise P3: Analysis of a normal application process dump (64-bit Microsoft Edge) 80
Exercise P4: Analysis of an application process dump (64-bit AppK, no symbols) 120
Exercise P5: Analysis of an application process dump (64-bit AppK, with application symbols) 134
Exercise P6: Analysis of an application process dump (AppL, 64-bit) 140
Exercise P7: Analysis of an application process dump (AppL2, 64-bit) 154
Exercise P8: Analysis of an application process dump (AppM, 64-bit) 174
Exercise P9: Analysis of an application process dump (AppN, 64-bit) 184
Exercise P10: Analysis of an application process dump (AppO, 64-bit) 198
Exercise P11: Analysis of an application process dump (AppP, 64-bit) 208
Exercise P12: Analysis of an application process dump (AppR2, 64-bit) 224
Exercise P13: Analysis of an application process dump (AppA, WOW64) 254
Exercise P14: Analysis of an application process dump (AppS, 64-bit) 264
Exercise P15: Analysis of an application process dump (notepad, 32-bit) 284
Exercise P16: Analysis of an application process dump (notepad, 64-bit) 290
Exercise P17: Analysis of an application process dump (AppQ, 32-bit) 298
Exercise P18: Analysis of an application process dump (AppQ, 64-bit) 312
Exercise P19: Analysis of an application process dump (AppT, 64-bit) 326
Application Source Code 347
AppA 349
AppK 351
AppL 352
AppL2 353
AppM 354
AppN 355
AppO 356
AppP 358
AppR2 359
AppS 360
AppQ 362
AppT 366
Selected Q&A 369
Triple Dereference 405
Large Heap Allocations 408
Other books by this author
The Leanpub 60-day 100% Happiness Guarantee
Within 60 days of purchase you can get a 100% refund on any Leanpub purchase, in two clicks.
See full terms
Do Well. Do Good.
Authors have earned$11,234,590writing, publishing and selling on Leanpub, earning 80% royalties while saving up to 25 million pounds of CO2 and up to 46,000 trees.
Learn more about writing on Leanpub
Free Updates. DRM Free.
If you buy a Leanpub book, you get free updates for as long as the author updates the book! Many authors use Leanpub to publish their books in-progress, while they are writing them. All readers get free updates, regardless of when they bought the book or how much they paid (including free).
Most Leanpub books are available in PDF (for computers), EPUB (for phones and tablets) and MOBI (for Kindle). The formats that a book includes are shown at the top right corner of this page.
Finally, Leanpub books don't have any DRM copy-protection nonsense, so you can easily read them on any supported device.
Learn more about Leanpub's ebook formats and where to read them
Top Books
- #1
OpenIntro Statistics
David Diez, Christopher Barr, Mine Cetinkaya-Rundel, and OpenIntroA complete foundation for Statistics, also serving as a foundation for Data Science.
Leanpub revenue supports OpenIntro (US-based nonprofit) so we can provide free desk copies to teachers interested in using OpenIntro Statistics in the classroom and expand the project to support free textbooks in other subjects.
More resources: openintro.org.
- #2
Concurrency with Modern C++
Rainer GrimmC++11 is the first C++ standard that deals with concurrency. The story goes on with C++17, C++20, and will continue with C++23.
I'll give you a detailed insight into the current and the upcoming concurrency in C++. This insight includes the theory and a lot of practice.
- #3
Everyday Rails - RSpecによるRailsテスト入門
Junichi Ito (伊藤淳一) and Aaron SumnerRSpecを使ってRailsアプリケーションに信頼性の高いテストを書く実践的なアドバイスを提供します。詳細で丁寧な説明は本書のオリジナルコンテンツです。また、説明には実際に動かせるサンプルアプリケーションも使用します。本書は2022年版にアップデートされ、Rails 7.0やRSpec Rails 5.0といった新しい環境に対応しています!さあ、自信をもってテストできるようになりましょう!
- #4
C++20 - The Complete Guide
Nicolai M. JosuttisAll the new language and library features of C++20 (for those who know previous versions).
The book presents all new language and library features of C++20. Learn how this impacts day-to-day programming, to benefit in practice, to combine new features, and to avoid all new traps.
Buy early, pay less, free updates.
Other books:
- #5
Ansible for DevOps
Jeff GeerlingAnsible is a simple, but powerful, server and configuration management tool. Learn to use Ansible effectively, whether you manage one server—or thousands.
- #6
Jetpack Compose internals
Jorge CastilloJetpack Compose is the future of Android UI. Master how it works internally and become a more efficient developer with it. You'll also find it valuable if you are not an Android dev. This book provides all the details to understand how the Compose compiler & runtime work, and how to create a client library using them.
- #7
Stratospheric
Tom Hombergs, Björn Wilmsmann, and Philip RiecksFrom Zero to Production with Spring Boot and AWS. All you need to know to get a Spring Boot application into production with AWS. No previous AWS knowledge required.
Go to stratospheric.dev for a tour of the contents.
- #8
Introducing EventStorming
Alberto BrandoliniThe deepest tutorial and explanation about EventStorming, straight from the inventor.
- #9
C++20
Rainer GrimmC++20 is the next big C++ standard after C++11. As C++11 did it, C++20 changes the way we program modern C++. This change is, in particular, due to the big four of C++20: ranges, coroutines, concepts, and modules.
- #10
Atomic Kotlin
Bruce Eckel and Svetlana IsakovaFor both beginning and experienced programmers! From the author of the multi-award-winning Thinking in C++ and Thinking in Java and a Kotlin team member comes a book that breaks concepts into small, easy-to-digest "atoms," along with exercises supported by hints and solutions directly inside IntelliJ IDEA! Full support at www.AtomicKotlin.com.
Top Bundles
- #1
CCIE Service Provider Ultimate Study Bundle
2 Books
Piotr Jablonski, Lukasz Bromirski, and Nick Russo have joined forces to deliver the only CCIE Service Provider training resource you'll ever need. This bundle contains a detailed and challenging collection of workbook labs, plus an extensively detailed technical reference guide. All of us have earned the CCIE Service Provider certification... - #2
Software Architecture for Developers: Volumes 1 & 2 - Technical leadership and communication
2 Books
"Software Architecture for Developers" is a practical and pragmatic guide to modern, lightweight software architecture, specifically aimed at developers. You'll learn:The essence of software architecture.Why the software architecture role should include coding, coaching and collaboration.The things that you really need to think about before... - #3
Modern C++ Collection
3 Books
Get All about Modern C++C++ Standard Library, including C++20Concurrency with Modern C++, including C++20C++20Each book has about 200 complete code examples. Updates are included. When I update one of the books, you immediately get the updated bundle. You can expect significant updates to each new C++ standard (C++23, C++26, .. ) and also... - #6
The Python Craftsman
3 Books
The Python Craftsman series comprises The Python Apprentice, The Python Journeyman, and The Python Master. The first book is primarily suitable for for programmers with some experience of programming in another language. If you don't have any experience with programming this book may be a bit daunting. You'll be learning not just a programming... - #8
Linux Administration Complet
4 Books
Ce lot comprend les quatre volumes du Guide Linux Administration :Linux Administration, Volume 1, Administration fondamentale : Guide pratique de préparation aux examens de certification LPIC 1, Linux Essentials, RHCSA et LFCS. Administration fondamentale. Introduction à Linux. Le Shell. Traitement du texte. Arborescence de fichiers. Sécurité...
