Leanpub Header

Skip to main content
Go to Leanpub.com

Accelerated Windows Memory Dump Analysis, Seventh Edition, Part 1, Process User Space

Training Course Transcript and WinDbg Practice Exercises with Notes

Dmitry Vostokov

Learn how to analyze application and service crashes and freezes, navigate through process user space, and diagnose heap corruption, memory and handle leaks, CPU spikes, blocked threads, deadlocks, wait chains, and much more using the WinDbg debugger. The course covers more than 60 crash dump analysis patterns from x64 and ARM64 process memory dumps.

Minimum price

$49.00

$49.00

You pay

$49.00

Author earns

$39.20
$

...Or Buy With Credits!

You can get credits with a paid monthly or annual Reader Membership, or you can buy them here.
PDF
63
Readers
414
Pages
About

About

About the Book

The full-color transcript of Software Diagnostics Services training sessions with 26 step-by-step exercises, notes, source code of specially created modeling applications, and more than 70 questions and answers. Covers more than 60 crash dump analysis patterns from x64 and ARM64 process memory dumps. Learn how to analyze application and service crashes and freezes, navigate through process user space, and diagnose heap corruption, memory and handle leaks, CPU spikes, blocked threads, deadlocks, wait chains, and many more patterns of abnormal software behavior with the WinDbg debugger.  The training uses a unique, innovative pattern-oriented analysis approach developed by the Software Diagnostics Institute to accelerate learning. Prerequisites: Basic Windows troubleshooting. Audience: Software technical support and escalation engineers, system administrators, security researchers, reverse engineers, malware and memory forensics analysts, software developers and quality assurance engineers, and site reliability engineers. The 7th edition was fully reworked for the latest WinDbg version and includes memory dump collection methods, defect mechanism patterns, additional Windows 11 ARM64 memory dump analysis exercises, and a relevant review of x64 and ARM64 assembly languages.

Share this book

Categories

C and C++Computer SecurityResiliencyTestingSoftware Engineering.NETRust

Feedback

Email the Author

Bundles

Bundles that include this book

Author

About the Author

Dmitry Vostokov

Dmitry Vostokov is an internationally recognized expert, speaker, educator, scientist, inventor, and author. He founded the pattern-oriented software diagnostics, forensics, and prognostics discipline (Systematic Software Diagnostics) and Software Diagnostics Institute. Vostokov has also authored over 50 books on software diagnostics, anomaly detection and analysis, software and memory forensics, root cause analysis and problem solving, memory dump analysis, debugging, software trace and log analysis, reverse engineering, and malware analysis. He has over 30 years of experience in software architecture, design, development, and maintenance in various industries, including leadership, technical, and people management roles. Dmitry founded OpenTask Iterative and Incremental Publishing and Software Diagnostics Technology and Services (former Memory Dump Analysis Services). In his spare time, he explores Software Narratology and Quantum Software Diagnostics. His interest areas are theoretical software diagnostics and its mathematical and computer science foundations, application of formal logic, semiotics, artificial intelligence, machine learning, and data mining to diagnostics and anomaly detection, software diagnostics engineering and diagnostics-driven development, diagnostics workflow and interaction. Recent interest areas also include functional programming, cloud native computing, monitoring, observability, visualization, security, automation, applications of category theory to software diagnostics, development and big data, and diagnostics of artificial intelligence.

Leanpub Podcast

Episode 213

An Interview with Dmitry Vostokov

Contents

Table of Contents

About the Author 7

Introduction 8

What’s New 9

Prerequisites 10

Training Goals 11

Training Principles 12

Coverage (Part 1) 13

Fundamentals 14

Process Space (x64, ARM64) 15

Application/Process/Module 16

Process Virtual Space (x64, ARM64) 17

Process Memory Dump (x64, ARM64) 18

Process Space (x86) 19

Application/Process/Module (x86) 20

Process Memory Dump (x86) 21

Process Virtual Space (WOW64) 22

Process Memory Dump (WOW64) 23

Process Threads 24

Thread Stack Raw Data 25

Thread Stack Trace 26

Thread Stack Trace (no PDB) 27

Exceptions (Access Violation) 28

Exception (Runtime) 29

Pattern-Oriented Diagnostic Analysis 30

Review of x64 Disassembly 31

x64 CPU Registers 32

x64 Instructions and Registers 33

x64 Stack Addressing 34

x64 Memory Cell Sizes 35

x64 Memory Load Instructions 36

x64 Memory Store Instructions 37

x64 Flow Instructions 38

x64 Windows API Parameters 39

Review of ARM64 Disassembly 40

A64 CPU Registers 41

A64 Instructions and Registers 42

A64 Stack Addressing 43

A64 Memory Load Instructions 44

A64 Memory Store Instructions 45

A64 Flow Instructions 46

A64 Windows API Parameters 47

Practical Exercises 48

Links 49

Exercise 0 50

Process Memory Dumps 57

Types of WinDbg Command 58

Exercise P1 59

Exercise P2 71

Exercise P3 73

Exercise P4 85

Exercise P5 95

Exercise P6 101

Exercise P7 112

Exercise P8 127

Mechanisms (Invalid Pointer) 141

Mechanisms (Active Thread) 142

Exercise P9 143

Deadlock 154

Mechanisms (Deadlock) 155

Exercise P10 156

Mechanisms (Heap Corruption) 166

Mechanisms (Stack Corruption) 167

Mechanisms (Stack Overflow) 168

Exercise P11 169

Exercise P12 181

Exercise P13 198

Exercise P14 218

Mechanisms (Memory Leak) 236

Parameters and Locals 237

Symbol Types 238

Exercise P15 239

Exercise P16 244

Exercise P17 252

Exercise P18 264

Exercise P19 275

Exercise P20 290

Exercise P21 293

Exercise P22 297

Exercise P23 308

Exercise P24 316

Exercise P25 324

Windows Internals 335

Collection Methods 337

Process Dump Generation 338

Pattern Links 339

Pattern Classification 340

Pattern Case Studies 341

Additional Resources 342

Further Training Courses 344

Application Source Code 346

AppA 346

AppK 348

AppL 349

AppL2 350

AppM 351

AppN 352

AppO 354

AppP 356

AppR2 358

AppS 359

AppQ 361

AppT 366

ServiceA 368

Rusty 371

Selected Q&A 372

Added in Version 5.5 372

From Earlier Versions 383

Additional Materials 409

Triple Dereference 409

Large Heap Allocations 412

Get the free sample chapters

Click the buttons to get the free sample in PDF or EPUB, or read the sample online here

Download Sample PDF

The Leanpub 60 Day 100% Happiness Guarantee

Within 60 days of purchase you can get a 100% refund on any Leanpub purchase, in two clicks.

Now, this is technically risky for us, since you'll have the book or course files either way. But we're so confident in our products and services, and in our authors and readers, that we're happy to offer a full money back guarantee for everything we sell.

You can only find out how good something is by trying it, and because of our 100% money back guarantee there's literally no risk to do so!

So, there's no reason not to click the Add to Cart button, is there?

See full terms...

Earn $8 on a $10 Purchase, and $16 on a $20 Purchase

We pay 80% royalties on purchases of $7.99 or more, and 80% royalties minus a 50 cent flat fee on purchases between $0.99 and $7.98. You earn $8 on a $10 sale, and $16 on a $20 sale. So, if we sell 5000 non-refunded copies of your book for $20, you'll earn $80,000.

(Yes, some authors have already earned much more than that on Leanpub.)

In fact, authors have earned over $14 million writing, publishing and selling on Leanpub.

Learn more about writing on Leanpub

Free Updates. DRM Free.

If you buy a Leanpub book, you get free updates for as long as the author updates the book! Many authors use Leanpub to publish their books in-progress, while they are writing them. All readers get free updates, regardless of when they bought the book or how much they paid (including free).

Most Leanpub books are available in PDF (for computers) and EPUB (for phones, tablets and Kindle). The formats that a book includes are shown at the top right corner of this page.

Finally, Leanpub books don't have any DRM copy-protection nonsense, so you can easily read them on any supported device.

Learn more about Leanpub's ebook formats and where to read them

Write and Publish on Leanpub

You can use Leanpub to easily write, publish and sell in-progress and completed ebooks and online courses!

Leanpub is a powerful platform for serious authors, combining a simple, elegant writing and publishing workflow with a store focused on selling in-progress ebooks.

Leanpub is a magical typewriter for authors: just write in plain text, and to publish your ebook, just click a button. (Or, if you are producing your ebook your own way, you can even upload your own PDF and/or EPUB files and then publish with one click!) It really is that easy.

Learn more about writing on Leanpub