You are previewing Accelerated Windows Memory Dump Analysis: Training Course Transcript and WinDbg Practice Exercises with Notes, Third Edition.
O'Reilly logo
Accelerated Windows Memory Dump Analysis: Training Course Transcript and WinDbg Practice Exercises with Notes, Third Edition

Book Description

The full transcript of Software Diagnostics Services training with 25 step-by-step exercises, notes, source code of specially created modelling applications and more than 100 questions and answers. Covers more than 50 crash dump analysis patterns diagnosed in 32-bit and 64-bit process, kernel and complete memory dumps. Learn how to analyse application, service and system crashes and freezes, navigate through memory dump space and diagnose heap corruption, memory leaks, CPU spikes, blocked threads, deadlocks, wait chains, and much more. The training uses a unique and innovative pattern-driven analysis approach to speed up the learning curve. Prerequisites: Basic Windows troubleshooting. Audience: software technical support and escalation engineers, system administrators, security professionals, software developers and quality assurance engineers. The 3rd edition was updated to the latest version of WinDbg from Debugging Tools for Windows and includes news exercises for Windows 7 and Windows 8.1 crash dumps.

Table of Contents

  1. Cover Page
  2. Copyright Page
  3. Contents
  4. Presentation Slides and Transcript
  5. Practice Exercises
    1. Exercise 0: Download, setup and verify your WinDbg installation
    2. Exercise P1: Analysis of a normal application process dump (32-bit notepad)
    3. Exercise P2: Analysis of a normal application process dump (64-bit notepad)
    4. Exercise P3: Analysis of a normal application process dump (32-bit IE)
    5. Exercise P4: Analysis of an application process dump (ApplicationK, no symbols)
    6. Exercise P5: Analysis of an application process dump (ApplicationK, with application symbols)
    7. Exercise P6: Analysis of application process dump (ApplicationL, 32-bit)
    8. Exercise P7: Analysis of an application process dump (ApplicationL, 64-bit)
    9. Exercise P8: Analysis of an application process dump (ApplicationM, 32-bit)
    10. Exercise P9: Analysis of an application process dump (ApplicationN, 64-bit)
    11. Exercise P10: Analysis of an application process dump (ApplicationO, 64-bit)
    12. Exercise P11: Analysis of an application process dump (ApplicationP, 32-bit)
    13. Exercise P12: Analysis of an application process dump (ApplicationR, 32-bit)
    14. Exercise P13: Analysis of an application process dump (ApplicationA, 32-bit)
    15. Exercise P14: Analysis of an application process dump (ApplicationS, 32-bit)
    16. Exercise P15: Analysis of an application process dump (notepad, 32-bit)
    17. Exercise P16: Analysis of an application process dump (notepad, 64-bit)
    18. Exercise P17: Analysis of an application process dump (ApplicationQ, 32-bit)
    19. Exercise K1: Analysis of a normal kernel dump (32-bit)
    20. Exercise K2: Analysis of a kernel dump with pool leak (32-bit)
    21. Exercise K3: Analysis of a kernel dump with pool corruption (32-bit)
    22. Exercise K4: Analysis of a kernel dump with code corruption (32-bit)
    23. Exercise K5: Analysis of a kernel dump with hang I/O (32-bit)
    24. Exercise C1: Analysis of a normal complete dump (32-bit)
    25. Exercise C2: Analysis of a problem complete dump (32-bit)
    26. Exercise C3: Analysis of a problem complete dump (64-bit)
  6. Application Source Code
    1. ApplicationA
    2. ApplicationB
    3. ApplicationC
    4. ApplicationE
    5. ApplicationK
    6. ApplicationL
    7. ApplicationM
    8. ApplicationN
    9. ApplicationO
    10. ApplicationP
    11. ApplicationR
    12. ApplicationS
    13. ApplicationQ
  7. Selected Q & A