Accelerated Windows Memory Dump Analysis, Sixth Edition, Part 1, Process User Space
$49.00
Minimum price
$49.00
Suggested price

Accelerated Windows Memory Dump Analysis, Sixth Edition, Part 1, Process User Space

Training Course Transcript and WinDbg Practice Exercises with Notes

About the Book

This book is a full-color transcript of Software Diagnostics Services training sessions with 22 step-by-step exercises, notes, source code of specially created modeling applications, and more than 70 questions and answers. Covers more than 50 crash dump analysis patterns from x86 and x64 process memory dumps. Learn how to analyze application and service crashes and freezes, navigate through process user space, and diagnose heap corruption, memory and handle leaks, CPU spikes, blocked threads, deadlocks, wait chains, and many more patterns of abnormal software behavior with WinDbg debugger. The training uses a unique and innovative pattern-oriented analysis approach developed by Software Diagnostics Institute to speed up the learning curve. Prerequisites: Basic Windows troubleshooting. Audience: Software technical support and escalation engineers, system administrators, security researchers, reverse engineers, malware and memory forensics analysts, software developers and quality assurance engineers, and site reliability engineers. The 6th edition was fully reworked for the latest WinDbg version and includes additional Windows 11 memory dumps, relevant x64 assembly language review, and a Rust memory dump analysis example.

  • Share this book

  • Categories

    • C and C++
    • Computer Security
    • Resiliency
    • Testing
    • Software Engineering
    • .NET
    • Rust

  • Feedback

    Email the Author(s)

About the Author

Dmitry Vostokov
Dmitry Vostokov

Dmitry Vostokov is an internationally recognized expert, speaker, educator, scientist, inventor, and author. He is the founder of pattern-oriented software diagnostics, forensics, and prognostics discipline (Systematic Software Diagnostics), and Software Diagnostics Institute. Vostokov has also authored more than 50 books on software diagnostics, anomaly detection and analysis, software and memory forensics, root cause analysis and problem solving, memory dump analysis, debugging, software trace and log analysis, reverse engineering and malware analysis. He has more than 25 years of experience in software architecture, design, development and maintenance in a variety of industries including leadership, technical and people management roles. Dmitry also founded Syndromatix, Anolog.io, BriteTrace, DiaThings, Logtellect, OpenTask Iterative and Incremental Publishing, Software Diagnostics Technology and Services (former Memory Dump Analysis Services), and Software Prognostics. In his spare time, he presents various topics on Debugging TV and explores Software Narratology, its further development as Narratology of Things and Diagnostics of Things (DoT), Software Pathology, and Quantum Software Diagnostics. His current areas of interest are theoretical software diagnostics and its mathematical and computer science foundations, application of formal logic, artificial intelligence, machine learning and data mining to diagnostics and anomaly detection, software diagnostics engineering and diagnostics-driven development, diagnostics workflow and interaction. Recent interest areas also include cloud native computing, security, automation, functional programming, applications of category theory to software diagnostics, development and big data, and diagnostics of artificial intelligence.

Bundles that include this book

Crash and Hang Analysis of Native Windows Desktop Applications
2 Books
$129.00
Bought separately
$100.00
Bundle Price
Accelerated Windows Memory Dump Analysis
2 Books
$98.00
Bought separately
$80.00
Bundle Price

Table of Contents

About the Author 5

Presentation Slides and Transcript 7

Review of x64 Disassembly 35

Practice Exercises 47

Exercise 0: Download, set up, and verify your WinDbg or Debugging Tools for Windows installation, or Docker Debugging Tools for Windows image 52

Exercise P1: Analysis of a normal application process dump (64-bit wordpad) 66

Exercise P2: Analysis of a normal application process dump (32-bit wordpad) 77

Exercise P3: Analysis of a normal application process dump (64-bit Microsoft Edge) 80

Exercise P4: Analysis of an application process dump (64-bit AppK, no symbols) 91

Exercise P5: Analysis of an application process dump (64-bit AppK, with application symbols) 101

Exercise P6: Analysis of an application process dump (AppL, 64-bit) 106

Exercise P7: Analysis of an application process dump (AppL2, 64-bit) 116

Exercise P8: Analysis of an application process dump (AppM, 64-bit) 130

Exercise P9: Analysis of an application process dump (AppN, 64-bit) 140

Exercise P10: Analysis of an application process dump (AppO, 64-bit) 150

Exercise P11: Analysis of an application process dump (AppP, 64-bit) 159

Exercise P12: Analysis of an application process dump (AppR2, 64-bit) 171

Exercise P13: Analysis of an application process dump (AppA, WOW64) 185

Exercise P14: Analysis of an application process dump (AppS, 64-bit) 204

Exercise P15: Analysis of an application process dump (notepad, 32-bit) 224

Exercise P16: Analysis of an application process dump (notepad, 64-bit) 229

Exercise P17: Analysis of an application process dump (AppQ, 32-bit) 237

Exercise P18: Analysis of an application process dump (AppQ, 64-bit) 249

Exercise P19: Analysis of an application process dump (AppT, 64-bit) 259

Exercise P20: Analysis of a service process dump (ServiceA, 64-bit) 274

Exercise P21: Analysis of a Rust process dump (Rusty, 64-bit) 277

Application Source Code 287

AppA 289

AppK 291

AppL 292

AppL2 293

AppM 294

AppN 295

AppO 296

AppP 298

AppR2 299

AppS 300

AppQ 302

AppT 306

ServiceA 308

Rusty 311

Selected Q&A 313

Triple Dereference 349

Large Heap Allocations 352

Other books by this author

Accelerated .NET Memory Dump Analysis
Dmitry Vostokov
Accelerated Linux Core Dump Analysis, Second Edition, Revised and Extended
Dmitry Vostokov
Accelerated Linux Core Dump Analysis, Third Edition
Dmitry Vostokov
Accelerated Mac OS X Core Dump Analysis, Second Edition
Dmitry Vostokov
Encyclopedia of Crash Dump Analysis Patterns
Dmitry Vostokov
Accelerated Linux Debugging 4D
Dmitry Vostokov
Extended Windows Memory Dump Analysis
Dmitry Vostokov
Accelerated .NET Core Memory Dump Analysis
Dmitry Vostokov
Accelerated Linux API for Software Diagnostics
Dmitry Vostokov
Trace, Log, Text, Narrative, Data
Dmitry Vostokov
Accelerated Disassembly, Reconstruction and Reversing
Dmitry Vostokov
Accelerated Software Trace Analysis, Revised Edition, Part 1
Dmitry Vostokov
Practical Foundations of ARM64 Linux Debugging, Disassembling, Reversing
Dmitry Vostokov
Practical Foundations of Linux Debugging, Disassembling, Reversing
Dmitry Vostokov
Memory Dump Analysis Anthology, Volume 5, Revised Edition
Dmitry Vostokov

The Leanpub 60 Day 100% Happiness Guarantee

Within 60 days of purchase you can get a 100% refund on any Leanpub purchase, in two clicks.

Now, this is technically risky for us, since you'll have the book or course files either way. But we're so confident in our products and services, and in our authors and readers, that we're happy to offer a full money back guarantee for everything we sell.

You can only find out how good something is by trying it, and because of our 100% money back guarantee there's literally no risk to do so!

So, there's no reason not to click the Add to Cart button, is there?

See full terms...

Earn $8 on a $10 Purchase, and $16 on a $20 Purchase

We pay 80% royalties on purchases of $7.99 or more, and 80% royalties minus a 50 cent flat fee on purchases between $0.99 and $7.98. You earn $8 on a $10 sale, and $16 on a $20 sale. So, if we sell 5000 non-refunded copies of your book for $20, you'll earn $80,000.

(Yes, some authors have already earned much more than that on Leanpub.)

In fact, authors have earnedover $13 millionwriting, publishing and selling on Leanpub.

Learn more about writing on Leanpub

Free Updates. DRM Free.

If you buy a Leanpub book, you get free updates for as long as the author updates the book! Many authors use Leanpub to publish their books in-progress, while they are writing them. All readers get free updates, regardless of when they bought the book or how much they paid (including free).

Most Leanpub books are available in PDF (for computers) and EPUB (for phones, tablets and Kindle). The formats that a book includes are shown at the top right corner of this page.

Finally, Leanpub books don't have any DRM copy-protection nonsense, so you can easily read them on any supported device.

Learn more about Leanpub's ebook formats and where to read them

Write and Publish on Leanpub

You can use Leanpub to easily write, publish and sell in-progress and completed ebooks and online courses!

Leanpub is a powerful platform for serious authors, combining a simple, elegant writing and publishing workflow with a store focused on selling in-progress ebooks.

Leanpub is a magical typewriter for authors: just write in plain text, and to publish your ebook, just click a button. (Or, if you are producing your ebook your own way, you can even upload your own PDF and/or EPUB files and then publish with one click!) It really is that easy.

Learn more about writing on Leanpub

Publish Early, Publish Often

  • Path
  • There are many paths, but the one you're on right now on Leanpub is...
  • › Windows

*   *   *

Leanpub is copyright © 2010-2024 Ruboss Technology Corp.
All rights reserved.

This site is protected by reCAPTCHA
and the Google Privacy Policy and Terms of Service apply.