Accelerated Windows Memory Dump Analysis, Fifth Edition, Part 1, Process User Space
This book is 100% complete
Completed on 2020-02-12
About the Book
The full color transcript of Software Diagnostics Services training sessions with 20 step-by-step exercises, notes, source code of specially created modeling applications and more than 60 questions and answers. Covers more than 50 crash dump analysis patterns from x86 and x64 process memory dumps. Learn how to analyse application and service crashes and freezes, navigate through process user space and diagnose heap corruption, memory and handle leaks, CPU spikes, blocked threads, deadlocks, wait chains, and much more. The training uses a unique and innovative pattern-oriented analysis approach developed by Software Diagnostics Institute to speed up the learning curve. Prerequisites: Basic Windows troubleshooting. Audience: Software technical support and escalation engineers, system administrators, security researchers, reverse engineers, malware and memory forensics analysts, software developers and quality assurance engineers, site reliability engineers. The 5th edition was fully reworked with additional slides, exercises, and analysis patterns.
About the Author
Table of Contents
About the Author 5
Presentation Slides and Transcript 7
Practice Exercises 33
Exercise 0: Download, setup and verify your WinDbg or WinDbg Preview installation 38
Exercise P1: Analysis of a normal application process dump (64-bit notepad) 48
Exercise P2: Analysis of a normal application process dump (32-bit notepad) 72
Exercise P3: Analysis of a normal application process dump (64-bit Microsoft Edge) 74
Exercise P4: Analysis of an application process dump (64-bit AppK, no symbols) 114
Exercise P5: Analysis of an application process dump (64-bit AppK, with application symbols) 128
Exercise P6: Analysis of an application process dump (AppL, 64-bit) 134
Exercise P7: Analysis of an application process dump (AppL2, 64-bit) 148
Exercise P8: Analysis of an application process dump (AppM, 64-bit) 168
Exercise P9: Analysis of an application process dump (AppN, 64-bit) 178
Exercise P10: Analysis of an application process dump (AppO, 64-bit) 192
Exercise P11: Analysis of an application process dump (AppP, 64-bit) 202
Exercise P12: Analysis of an application process dump (AppR, 32-bit) 218
Exercise P13: Analysis of an application process dump (AppA, WOW64) 242
Exercise P14: Analysis of an application process dump (AppS, 64-bit) 252
Exercise P15: Analysis of an application process dump (notepad, 32-bit) 272
Exercise P16: Analysis of an application process dump (notepad, 64-bit) 278
Exercise P17: Analysis of an application process dump (AppQ, 32-bit) 286
Exercise P18: Analysis of an application process dump (AppQ, 64-bit) 300
Exercise P19: Analysis of an application process dump (AppT, 64-bit) 314
Application Source Code 335
AppA 337
AppK 339
AppL 340
AppL2 341
AppM 342
AppN 343
AppO 344
AppP 346
AppR 347
AppS 348
AppQ 350
AppT 354
Selected Q&A 357
Triple Dereference 383
Large Heap Allocations 385
Authors have earned$8,524,644writing, publishing and selling on Leanpub,
earning 80% royalties while saving up to 25 million pounds of CO2 and up to 46,000 trees.
Learn more about writing on Leanpub
The Leanpub 45-day 100% Happiness Guarantee
Within 45 days of purchase you can get a 100% refund on any Leanpub purchase, in two clicks.
See full terms
Free Updates. DRM Free.
If you buy a Leanpub book, you get free updates for as long as the author updates the book! Many authors use Leanpub to publish their books in-progress, while they are writing them. All readers get free updates, regardless of when they bought the book or how much they paid (including free).
Most Leanpub books are available in PDF (for computers), EPUB (for phones and tablets) and MOBI (for Kindle). The formats that a book includes are shown at the top right corner of this page.
Finally, Leanpub books don't have any DRM copy-protection nonsense, so you can easily read them on any supported device.
Learn more about Leanpub's ebook formats and where to read them
