You are previewing Memory Dump Analysis Anthology, Volume 2.
O'Reilly logo
Memory Dump Analysis Anthology, Volume 2

Book Description

This is a revised, edited, cross-referenced and thematically organized volume of selected DumpAnalysis.org blog posts about crash dump analysis and debugging written in January - September 2008 for software engineers developing and maintaining products on Windows platforms, quality assurance engineers testing software on Windows platforms and technical support and escalation engineers dealing with complex software issues. The second volume features: - 45 new crash dump analysis patterns - Pattern interaction and case studies - Updated checklist - Fully cross-referenced with Volume 1 - New appendixes

Table of Contents

  1. Copyright
  2. Preface
  3. Acknowledgements
  4. 1. Crash Dumps for Beginners
    1. The Time of the Crash
    2. Stack Trace
    3. EasyDbg
    4. Citrix Symbol Server
  5. 2. Professional Crash Dump Analysis
    1. WinDbg Scripts
      1. Introduction for C/C++ Users
      2. HELLO WORLD
      3. SIMPLE ARITHMETIC
      4. FACTORIAL
      5. Generating File Name for .dump Command
      6. All at Once: Postmortem Logs and Dump Files
    2. Common Mistakes
      1. Not Looking at Full Stack Traces
      2. Not Seeing Semantic and Pragmatic Inconsistencies
    3. Pattern Interaction
      1. Heuristic Stack Trace
      2. Multiple Patterns
      3. Exception and Deadlock
      4. Heap and Spike
      5. Hooksware
      6. Heap and Early Crash Dump
    4. WinDbg Shortcuts
      1. WinDbg as a Binary Editor
      2. Command Autocompletion
      3. !envvar
      4. .quit_lock
      5. .dumpcab
      6. .f+, .f-
      7. .exptr
      8. WinDbg as a Simple PE Viewer
      9. .sound_notify
    5. Signaled Objects
    6. Memory Search Revisited
    7. WDF and PNP BSOD: Case Study
    8. Exploring NDIS Extension
    9. The Hunt for the Debugger
    10. Complete Dump: User Space Critical Sections
    11. Microsoft DLL Help Database
    12. What Does This Function Do?
    13. What Was This Process Doing?
    14. STL and WinDbg
    15. WinDbg Cheat Sheet
    16. How Old Is Your Application or System?
    17. Demystifying First-chance Exceptions
    18. .NET Managed Code Analysis in Complete Memory Dumps
    19. Who Opened That File?
    20. In Search of Lost CID
    21. Large Heap Allocations
    22. First-order and Second-order Memory Leaks
    23. Hooked Modules
  6. 3. Crash Dump Analysis Patterns
    1. Wait Chain (Executive Resources)
    2. Corrupt Dump
    3. Dispatch Level Spin
    4. No Process Dumps
    5. No System Dumps
    6. Insufficient Memory (PTE)
    7. Suspended Thread
    8. Special Process
    9. Frame Pointer Omission
    10. False Function Parameters
    11. Message Box
    12. Self-Dump
    13. Blocked Thread
    14. Zombie Processes
    15. Wild Pointer
    16. Dynamic Memory Corruption (Kernel Pool)
    17. Insufficient Virtual Memory
    18. Wild Code
    19. Hardware Error
    20. Handle Limit (GDI)
    21. Missing Component
    22. NULL Pointer (Code)
    23. Execution Residue
    24. Optimized VM Layout
    25. Invalid Handle
    26. Overaged System
    27. Thread Starvation
    28. Stack Overflow (User Mode)
    29. Missing Component (Static Linkage)
    30. Duplicated Module
    31. Not My Version
    32. Data Contents Locality
    33. Nested Exceptions (Unmanaged Code)
    34. Nested Exceptions (Managed Code)
    35. Affine Thread
    36. Self-Diagnosis
    37. Waiting Thread Time (User Dumps)
    38. Inline Function Optimization
    39. Critical Section Corruption
    40. Lost Opportunity
    41. Young System
    42. Last Error Collection
    43. Hidden Module
    44. High Contention (Critical Sections)
  7. 4. Crash Dump Analysis AntiPatterns
    1. Debugging Architects
    2. Symbolless Analysis
    3. Myopic Troubleshooting and Debugging
  8. 5. A Bit of Science
    1. Memoretics
    2. Memory Analysis
    3. Memoidealism
    4. Memiotics
  9. 6. Fun with Crash Dumps
    1. Music for Debugging
      1. The Glory of Debugging
      2. Memory Analysis Album
      3. Biography of a Bug
      4. Visual Computer Memories
      5. The First Defect
      6. The Songs for Remote Debugging
    2. Thinking Out of the Box
    3. Crash Dumps and Science Fiction
    4. ColoRImetric Computer Memory Dating
    5. On CSI Abbreviation
    6. The First Memory Dump Book
    7. On SOS Abbreviation
    8. Software Exceptions: a Paranormal View
    9. Bug Entanglement (Bugtanglement)
    10. The Standard Model of Debugging
    11. Physics of Debugging
    12. Can Computers Debug?
  10. 7. Data Recovery
    1. With the Help of Memory Dump Analysis
  11. 8. Software Troubleshooting
    1. Troubleshooter's Block
    2. Causal Models
    3. Object-Oriented Debugging and Troubleshooting
    4. Component-Based Debugging and Troubleshooting
    5. Domain-Driven Debugging and Troubleshooting
    6. Myths and Facts about Software Support
    7. Ceteris Paribus in Comparative Troubleshooting
    8. Dancing in Software Support Environment
    9. PARTS: Problem Solving Power of Thought
    10. The Hidden Tomb in Pyramid of Software Change
    11. Tracing
      1. CDF Traces: Analyzing Process Launch Sequence
      2. ETW Tracing Tools
      3. Lean Tracing
    12. Debugware Patterns
      1. API Query
      2. Tool Fa├žade
      3. Configuration Wrapper
      4. Dual Interface
      5. Tool Chain
      6. Tool Box
  12. 9. Security
    1. Data Hiding in Crash Dumps
    2. Hardening Dump Security: Beware of PEB Data
  13. 10. The Origin of Crash Dumps
    1. Memory Dumps from Xen-virtualized Windows
    2. Bugchecks: SYSTEM_SERVICE_EXCEPTION
    3. Bugcheck Callbacks
    4. Application Verifier on x64 Platforms
    5. Who Saved the Dump File?
    6. ADPlus in 21 Seconds and 13 Steps
  14. 11. Miscellanious
    1. Three Main Ideas of Debugging
    2. Pseudo-corrupt Memory Dumps
    3. Win32 Exception Frequencies
    4. Bugcheck Frequencies
    5. Time Travel Debugging
    6. I/O and Memory Priority in Vista
  15. A.
    1. Crash Dump File Examples
  16. B.
    1. WinDbg.Org: WinDbg Quick Links
  17. C.
    1. Dump2Wave Source Code
  18. D.
    1. Dump2Picture Source Code
  19. E.
    1. Crash Dump Analysis Checklist
    2. CMDTREE.TXT