Leanpub The Leanpub Logo is a Registered Trademark
AccountLibraryOverviewPurchasesStoreSupport
BooksBundlesCoursesFeaturedNewslettersPodcastSupportWhy Leanpub
BooksBundlesCoursesFeaturedNewslettersPodcastSupportWhy Leanpub
Accelerated Windows Memory Dump Analysis, Fifth Edition, Part 1, Process User Space
Accelerated Windows Memory Dump Analysis, Fifth Edition, Part 1, Process User Space
$49.00
Minimum price
$49.00
Suggested price
  • 387

    Pages

  • English

  • PDF

  • EPUB

Accelerated Windows Memory Dump Analysis, Fifth Edition, Part 1, Process User Space

This book is 100% complete

Completed on 2020-02-12

About the Book

The full color transcript of Software Diagnostics Services training sessions with 20 step-by-step exercises, notes, source code of specially created modeling applications and more than 60 questions and answers. Covers more than 50 crash dump analysis patterns from x86 and x64 process memory dumps. Learn how to analyse application and service crashes and freezes, navigate through process user space and diagnose heap corruption, memory and handle leaks, CPU spikes, blocked threads, deadlocks, wait chains, and much more. The training uses a unique and innovative pattern-oriented analysis approach developed by Software Diagnostics Institute to speed up the learning curve. Prerequisites: Basic Windows troubleshooting. Audience: Software technical support and escalation engineers, system administrators, security researchers, reverse engineers, malware and memory forensics analysts, software developers and quality assurance engineers, site reliability engineers. The 5th edition was fully reworked with additional slides, exercises, and analysis patterns.

About the Author

Dmitry Vostokov
Dmitry Vostokov

Dmitry Vostokov is an internationally recognized expert, speaker, educator, scientist and author. He is the founder of pattern-oriented software diagnostics, forensics and prognostics discipline and Software Diagnostics Institute. Vostokov has also authored more than 50 books on software diagnostics, anomaly detection and analysis, software and memory forensics, root cause analysis and problem solving, memory dump analysis, debugging, software trace and log analysis, reverse engineering and malware analysis. He has more than 25 years of experience in software architecture, design, development and maintenance in a variety of industries including leadership, technical and people management roles. Dmitry also founded Syndromatix, Anolog.io, BriteTrace, DiaThings, Logtellect, OpenTask Iterative and Incremental Publishing and Software Diagnostics Technology and Services (former Memory Dump Analysis Services) and Software Prognostics. In his spare time, he presents various topics on Debugging TV and explores Software Narratology, its further development as Narratology of Things and Diagnostics of Things (DoT), and Software Pathology. His current areas of interest are theoretical software diagnostics and its mathematical and computer science foundations, application of artificial intelligence, machine learning and data mining to diagnostics and anomaly detection, software diagnostics engineering and diagnostics-driven development, diagnostics workflow and interaction.

Bundles that include this book

Accelerated Windows Memory Dump Analysis, Fifth Edition, Part 1, Process User Space
Encyclopedia of Crash Dump Analysis Patterns
Crash and Hang Analysis of Native Windows Desktop Applications
2 Books
$129.00
Suggested Price
$100.00
Bundle Price

Table of Contents

About the Author 5

Presentation Slides and Transcript 7

Practice Exercises 33

Exercise 0: Download, setup and verify your WinDbg or WinDbg Preview installation 38

Exercise P1: Analysis of a normal application process dump (64-bit notepad) 48

Exercise P2: Analysis of a normal application process dump (32-bit notepad) 72

Exercise P3: Analysis of a normal application process dump (64-bit Microsoft Edge) 74

Exercise P4: Analysis of an application process dump (64-bit AppK, no symbols) 114

Exercise P5: Analysis of an application process dump (64-bit AppK, with application symbols) 128

Exercise P6: Analysis of an application process dump (AppL, 64-bit) 134

Exercise P7: Analysis of an application process dump (AppL2, 64-bit) 148

Exercise P8: Analysis of an application process dump (AppM, 64-bit) 168

Exercise P9: Analysis of an application process dump (AppN, 64-bit) 178

Exercise P10: Analysis of an application process dump (AppO, 64-bit) 192

Exercise P11: Analysis of an application process dump (AppP, 64-bit) 202

Exercise P12: Analysis of an application process dump (AppR, 32-bit) 218

Exercise P13: Analysis of an application process dump (AppA, WOW64) 242

Exercise P14: Analysis of an application process dump (AppS, 64-bit) 252

Exercise P15: Analysis of an application process dump (notepad, 32-bit) 272

Exercise P16: Analysis of an application process dump (notepad, 64-bit) 278

Exercise P17: Analysis of an application process dump (AppQ, 32-bit) 286

Exercise P18: Analysis of an application process dump (AppQ, 64-bit) 300

Exercise P19: Analysis of an application process dump (AppT, 64-bit) 314

Application Source Code 335

AppA 337

AppK 339

AppL 340

AppL2 341

AppM 342

AppN 343

AppO 344

AppP 346

AppR 347

AppS 348

AppQ 350

AppT 354

Selected Q&A 357

Triple Dereference 383

Large Heap Allocations 385

Other books by this author

Trace and Log Analysis
Trace and Log Analysis
Dmitry Vostokov
Encyclopedia of Crash Dump Analysis Patterns
Encyclopedia of Crash Dump Analysis Patterns
Dmitry Vostokov
Theoretical Software Diagnostics
Theoretical Software Diagnostics
Dmitry Vostokov
Accelerated .NET Memory Dump Analysis
Accelerated .NET Memory Dump Analysis
Dmitry Vostokov
Accelerated Linux Core Dump Analysis
Accelerated Linux Core Dump Analysis
Dmitry Vostokov
Practical Foundations of Windows Debugging, Disassembling, Reversing
Practical Foundations of Windows Debugging, Disassembling, Reversing
Dmitry Vostokov
Accelerated Windows Malware Analysis with Memory Dumps
Accelerated Windows Malware Analysis with Memory Dumps
Dmitry Vostokov
Accelerated Windows Debugging 3
Accelerated Windows Debugging 3
Dmitry Vostokov
Advanced Windows Memory Dump Analysis with Data Structures
Advanced Windows Memory Dump Analysis with Data Structures
Dmitry Vostokov
Accelerated Software Trace Analysis, Revised Edition, Part 1
Accelerated Software Trace Analysis, Revised Edition, Part 1
Dmitry Vostokov
Accelerated Mac OS X Core Dump Analysis, Second Edition
Accelerated Mac OS X Core Dump Analysis, Second Edition
Dmitry Vostokov
Accelerated Disassembly, Reconstruction and Reversing
Accelerated Disassembly, Reconstruction and Reversing
Dmitry Vostokov
Visual Category Theory Brick by Brick, Part 1
Visual Category Theory Brick by Brick, Part 1
Dmitry Vostokov
Visual Category Theory Brick by Brick, Part 2
Visual Category Theory Brick by Brick, Part 2
Dmitry Vostokov
Memory Dump Analysis Anthology, Volume 1, Revised Edition
Memory Dump Analysis Anthology, Volume 1, Revised Edition
Dmitry Vostokov
Machine Learning Brick by Brick, Epoch 1
Machine Learning Brick by Brick, Epoch 1
Dmitry Vostokov
Software Construction Brick by Brick, Increment 1
Software Construction Brick by Brick, Increment 1
Dmitry Vostokov
Visual Category Theory Brick by Brick, Part 3
Visual Category Theory Brick by Brick, Part 3
Dmitry Vostokov
Visual Category Theory Brick by Brick, Part 4
Visual Category Theory Brick by Brick, Part 4
Dmitry Vostokov
Visual Category Theory Brick by Brick, Part 5
Visual Category Theory Brick by Brick, Part 5
Dmitry Vostokov
Memory Dump Analysis Anthology, Volume 2, Revised Edition
Memory Dump Analysis Anthology, Volume 2, Revised Edition
Dmitry Vostokov
Visual Category Theory Brick by Brick, Part 6
Visual Category Theory Brick by Brick, Part 6
Dmitry Vostokov
Organic Chemistry Brick by Brick, Compound 1
Organic Chemistry Brick by Brick, Compound 1
Dmitry Vostokov
Fundamentals of Physical Memory Analysis
Fundamentals of Physical Memory Analysis
Dmitry Vostokov
Memory Dump Analysis Anthology, Volume 3, Revised Edition
Memory Dump Analysis Anthology, Volume 3, Revised Edition
Dmitry Vostokov

Authors have earned$9,221,885writing, publishing and selling on Leanpub,
earning 80% royalties while saving up to 25 million pounds of CO2 and up to 46,000 trees.

Learn more about writing on Leanpub

The Leanpub 45-day 100% Happiness Guarantee

Within 45 days of purchase you can get a 100% refund on any Leanpub purchase, in two clicks.

See full terms

Free Updates. DRM Free.

If you buy a Leanpub book, you get free updates for as long as the author updates the book! Many authors use Leanpub to publish their books in-progress, while they are writing them. All readers get free updates, regardless of when they bought the book or how much they paid (including free).

Most Leanpub books are available in PDF (for computers), EPUB (for phones and tablets) and MOBI (for Kindle). The formats that a book includes are shown at the top right corner of this page.

Finally, Leanpub books don't have any DRM copy-protection nonsense, so you can easily read them on any supported device.

Learn more about Leanpub's ebook formats and where to read them

Write and Publish on Leanpub

You can use Leanpub to easily write, publish and sell in-progress and completed ebooks and online courses! Leanpub is a powerful platform for serious authors, combining a simple, elegant writing and publishing workflow with a store focused on selling in-progress ebooks. Leanpub is a magical typewriter for authors: just write in plain text, and to publish your ebook, just click a button. It really is that easy.

Learn more about writing on Leanpub

Leanpub is copyright © 2010-2020 Ruboss Technology Corp. All rights reserved.