Accelerated Windows Memory Dump Analysis, Fifth Edition, Part 1, Process User Space
Accelerated Windows Memory Dump Analysis, Fifth Edition, Part 1, Process User Space
Training Course Transcript and WinDbg Practice Exercises with Notes
About the Book
The full color transcript of Software Diagnostics Services training sessions with 20 step-by-step exercises, notes, source code of specially created modeling applications and more than 60 questions and answers. Covers more than 50 crash dump analysis patterns from x86 and x64 process memory dumps. Learn how to analyse application and service crashes and freezes, navigate through process user space and diagnose heap corruption, memory and handle leaks, CPU spikes, blocked threads, deadlocks, wait chains, and much more. The training uses a unique and innovative pattern-oriented analysis approach developed by Software Diagnostics Institute to speed up the learning curve. Prerequisites: Basic Windows troubleshooting. Audience: Software technical support and escalation engineers, system administrators, security researchers, reverse engineers, malware and memory forensics analysts, software developers and quality assurance engineers, site reliability engineers. The 5th edition was fully reworked with additional slides, exercises, and analysis patterns.
About the Author
Bundles that include this book
Table of Contents
About the Author 5
Presentation Slides and Transcript 7
Practice Exercises 33
Exercise 0: Download, setup and verify your WinDbg or WinDbg Preview installation 38
Exercise P1: Analysis of a normal application process dump (64-bit notepad) 48
Exercise P2: Analysis of a normal application process dump (32-bit notepad) 72
Exercise P3: Analysis of a normal application process dump (64-bit Microsoft Edge) 74
Exercise P4: Analysis of an application process dump (64-bit AppK, no symbols) 114
Exercise P5: Analysis of an application process dump (64-bit AppK, with application symbols) 128
Exercise P6: Analysis of an application process dump (AppL, 64-bit) 134
Exercise P7: Analysis of an application process dump (AppL2, 64-bit) 148
Exercise P8: Analysis of an application process dump (AppM, 64-bit) 168
Exercise P9: Analysis of an application process dump (AppN, 64-bit) 178
Exercise P10: Analysis of an application process dump (AppO, 64-bit) 192
Exercise P11: Analysis of an application process dump (AppP, 64-bit) 202
Exercise P12: Analysis of an application process dump (AppR, 32-bit) 218
Exercise P13: Analysis of an application process dump (AppA, WOW64) 242
Exercise P14: Analysis of an application process dump (AppS, 64-bit) 252
Exercise P15: Analysis of an application process dump (notepad, 32-bit) 272
Exercise P16: Analysis of an application process dump (notepad, 64-bit) 278
Exercise P17: Analysis of an application process dump (AppQ, 32-bit) 286
Exercise P18: Analysis of an application process dump (AppQ, 64-bit) 300
Exercise P19: Analysis of an application process dump (AppT, 64-bit) 314
Application Source Code 335
AppA 337
AppK 339
AppL 340
AppL2 341
AppM 342
AppN 343
AppO 344
AppP 346
AppR 347
AppS 348
AppQ 350
AppT 354
Selected Q&A 357
Triple Dereference 383
Large Heap Allocations 385
Other books by this author
Authors have earned$9,542,965writing, publishing and selling on Leanpub, earning 80% royalties while saving up to 25 million pounds of CO2 and up to 46,000 trees.
Learn more about writing on Leanpub
The Leanpub 45-day 100% Happiness Guarantee
Within 45 days of purchase you can get a 100% refund on any Leanpub purchase, in two clicks.
See full terms
Free Updates. DRM Free.
If you buy a Leanpub book, you get free updates for as long as the author updates the book! Many authors use Leanpub to publish their books in-progress, while they are writing them. All readers get free updates, regardless of when they bought the book or how much they paid (including free).
Most Leanpub books are available in PDF (for computers), EPUB (for phones and tablets) and MOBI (for Kindle). The formats that a book includes are shown at the top right corner of this page.
Finally, Leanpub books don't have any DRM copy-protection nonsense, so you can easily read them on any supported device.
Learn more about Leanpub's ebook formats and where to read them
Top Books
- #1
Algebra-Driven Design
Sandy MaguireA how-to field guide on building leak-free abstractions and algebraically designing real-world applications.
- #2
Production Haskell
Matt ParsonsAre you excited about Haskell, but don't know where to begin? Are you thrilled by the technical advantages, but worried about the unknown pitfalls? This book has you covered.
- #3
The Hundred-Page Machine Learning Book
Andriy BurkovEverything you really need to know in Machine Learning in a hundred pages.
- #4
Ansible for DevOps
Jeff GeerlingAnsible is a simple, but powerful, server and configuration management tool. Learn to use Ansible effectively, whether you manage one server—or thousands.
- #5
Machine Learning Engineering
Andriy Burkov"If you intend to use machine learning to solve business problems at scale, I'm delighted you got your hands on this book."
—Cassie Kozyrkov, Chief Decision Scientist at Google
"Foundational work about the reality of building machine learning models in production."
—Karolis Urbonas, Head of Machine Learning and Science at Amazon
- #6
Cloud Strategy
Gregor Hohpe“Strategy is the difference between making a wish and making it come true.” A successful migration to the cloud shouldn’t be driven by wishes, but guided by a sound strategy, frameworks, and decision models. This book tells you how—without becoming superficial nor getting lost in technology and product details.
- #7
CCIE Service Provider Version 4 Written and Lab Exam Comprehensive Guide
Nicholas RussoThe service provider landscape has changed rapidly over the past several years. Networking vendors are continuing to propose new standards, techniques, and procedures for overcoming new challenges while concurrently reducing costs and delivering new services. Cisco has recently updated the CCIE Service Provider track to reflect these changes; this book represents the author's personal journey in achieving that certification.
- #8
CCIE SP v4.1 - Workbook
Łukasz Bromirski, Piotr Jablonski, and Nicholas RussoAre you striving to prepare to and pass CCIE SP lab exam? Take the opportunity and get this workbook! With the attached initial cfg files you will prepare yourself for the CCIE SP exam as well as learn SP technologies applicable to all kinds of today modern networks! This workbook covers blueprint topics and provides challenging examples.
- #9
C++ Best Practices
Jason TurnerLevel up your C++, get the tools working for you, eliminate common problems, and move on to more exciting things!
- #10
Introducing EventStorming
Alberto BrandoliniThe deepest tutorial and explanation about EventStorming, straight from the inventor.
Top Bundles
- #1
The Node.js Bundle
3 Books
This bundle combines three bestselling Leanpub Node.js books into a package that gives you everything you need to get started with developing Node.js applications at an unbeatable price. - #2
The Tester's Library
8 Books
The Tester's Library consists of eight five-star books that every software tester should read and re-read. As bound books, this collection would cost over $200. Even as e-books, their price would exceed $80, but in this bundle, their cost is only $49.99. Here are the books, and why they should be in your library: Perfect Software and Other... - #3
agile
11 Books
In this bundle, you will find 10 different agile books. They are about different aspects of being agile. - finding a job - doing coding dojo's - Retrospectives - Personal kanban - a non-typical coaching book and even a book that gives you an insight in the lives of some agile people. - #4
WTFlop 6M + HU - Beta Bundle
6 Books
- #5
Node Patterns
6 Books
- #6
Fifty Quick Ideas
3 Books
Get all three books for the price of two! Fifty Quick Ideas books are full of practical, real-world techniques that you can use to improve teamwork, build better products and build them in a better way. - #7
Growing Agile: Coach's Guide Series
4 Books
This bundle provides a collection of training and workshop plans for a variety of agile topics. The series is aimed at agile coaches, trainers and ScrumMasters who often find themselves needing to help teams understand agile concepts. Each book in the series provides the plans, slides, handouts and activity instructions to run a number of... - #8
Marionette.js A to Z
3 Books
Marionette.js has become a popular Backbone-based javascript library, because it helps you avoid boiler-plate code and focus on what makes your app special. But how do you get started?Whether you want to finally get started with dynamic client-side programming (like one reader did), or are an experienced front-end dev who has inherited a... - #9
Complete Scala Bundle
3 Books
Scala is a general-purpose programming language and it's getting extremely popular these days. Some say that learning Scala could be a challenging task. My experience, however, suggests that this is actually a myth that has very little to do with reality. With the right approach, learning Scala can be easy, fun and rewarding.The first book from... - #10
Build A Better Backbone App
3 Books
The best way to learn new development skills is through experience, but that takes time you don't have.Get the best of both worlds with this bundle: you'll learn how to produce modern web applications by learning from experienced developers like Derick Bailey and David Sulc. BackboneJS is one of the favorite tools on the web today, but it...
