You are previewing Memory Dump Analysis Anthology, Volume 3.
O'Reilly logo
Memory Dump Analysis Anthology, Volume 3

Book Description

This is a revised, edited, cross-referenced and thematically organized volume of selected DumpAnalysis.org blog posts about crash dump analysis and debugging written in October 2008 - June 2009 for software engineers developing and maintaining products on Windows platforms, quality assurance engineers testing software on Windows platforms and technical support and escalation engineers dealing with complex software issues. The third volume features: - 15 new crash dump analysis patterns - 29 new pattern interaction case studies - Trace analysis patterns - Updated checklist - Fully cross-referenced with Volume 1 and Volume 2 - New appendixes

Table of Contents

  1. Copyright
  2. Preface
  3. Acknowledgements
  4. 1. Professional Crash Dump Analysis
    1. Sparse Complete x64 Memory Dumps
    2. Common Mistakes
      1. Not Looking at All Stack Traces
    3. Dump Analysis on Windows 7
    4. 32-bit Stack Traces from x64 Complete Memory Dumps
    5. Debugger Log Reading Technique
    6. Variable Kernel Stack in Vista and W2K8
    7. Advanced Local Procedure Call WinDbg Extension
    8. !cs vs. !ntsdexts.locks
    9. Copyright as Timestamp
    10. NULL Data Pointer Pattern: Case Study
    11. Looking for Abnormal: Case Study
    12. Raw Stack Dump of All Threads
    13. Comparative Memory Dump Analysis: CPU Spikes
    14. Graphical Notation for Memory Dumps
    15. Exception Addresses from Event Logs
    16. The Importance of Symbols
    17. Platformorphism
  5. 2. Crash Dump Analysis Patterns
    1. Data Alignment
    2. Multiple Exceptions (Kernel Mode)
    3. C++ Exception
    4. Deadlock (Mixed Objects, Kernel Space)
    5. Wait Chain (Thread Objects)
    6. Divide by Zero (User Mode)
    7. Wait Chain (LPC/ALPC)
    8. Insufficient Memory (Physical Memory)
    9. Swarm of Shared Locks
    10. Process Factory
    11. Paged Out Data
    12. Semantic Split
    13. Pass Through Function
    14. NULL Pointer (Data)
    15. JIT Code
  6. 3. Crash Dump Analysis AntiPatterns
    1. No Question
    2. Missing Space
  7. 4. Pattern Interaction
    1. Early Crash Dump, Blocked Thread, Not My Version and Lost Opportunity
    2. Lateral Damage, Stack Overflow and Execution Residue
    3. Truncated Dump, Spiking Thread, Not My Version and Hooked Functions
    4. Stack Trace Collection, Hidden Exception and NULL Code Pointer
    5. WOW64, Blocked Threads and Coupled Processes
    6. Invalid Handle, Stack Trace Collection, Multiple Exceptions, Invalid Pointer, Data Alignment on Page Boundary, Dynamic Memory Corruption and Not My Version
    7. Wait Chain and Spiking Thread
    8. Blocked GUI Thread, Wait Chain and Virtualized Process
    9. Insufficient Memory, Handle Leak, Wait Chain, Deadlock, Inconsistent Dump and Overaged System
    10. Memory Leak, Spiking Threads, Wait Chain, High Critical Section Contention and Module Variety
    11. NULL Code Pointer, Changed Environment, Hooked Functions and Execution Residue
    12. Swarm of Shared Locks, Blocked Threads and Waiting Time
    13. Stack Trace Collection, Blocked Thread and Coupled Processes
    14. Insufficient Memory, Handle Leak, Process Factory, High Contention and Busy System
    15. Busy System, Blocked Threads, Wait Chains and Deadlock
    16. Manual Dump, Dynamic Memory Corruption, Blocked Threads, Stack Trace Collection, Multiple Exceptions, Wait Chains and Deadlock
    17. Coupled Processes, Wait chains, Message Box, Waiting Thread Time, Paged Out Data, Incorrect Stack Trace, Hidden Exception, Unknown Component and Execution Residue
    18. Manual Dump, Wait Chain, Blocked Thread, Dynamic Memory Corruption and Historical Information
    19. Blocked Threads, Message Box and Self-Diagnosis
    20. Manual and Early Crash Dump, Stack Trace Collection, Main Thread, Blocked Threads and Pass Through Functions
    21. Blocked Thread, Historical Information, Execution Residue, Hidden Exception, Dynamic Memory Corruption, Incorrect Stack Trace and Not My Version
    22. Null Data Pointer, Incorrect Stack Trace, Changed Environment, Hooked Functions and Coincidental Symbolic Information
    23. Heap Corruption, Module Variety, Execution Residue, Coincidental Symbolic Information and Critical Section Corruption
    24. Stack Trace Collection, Blocked Threads, Pass Through Functions and Main Thread
    25. Stack Trace, Invalid Code Pointer and Hooked Functions
    26. Manual Dump, Virtualized Process, Stack Trace Collection, Multiple Exceptions, Optimized Code, Wild Code Pointer, Incorrect Stack Trace and Hidden Exception
    27. Main Blocked Thread, Missing Component, Execution Residue and Data Contents Locality
    28. Inconsistent Dump, Blocked Threads, Wait Chains, Incorrect Stack Trace and Process Factory
    29. Invalid Pointer, Incorrect Stack Trace, Multiple Exceptions, Insufficient Memory and Memory Leak
  8. 5. A Bit of Science and Philosophy
    1. Universal Memory Dump: A Definition
    2. The Source of Intuition about Infinite
    3. Geometrical Debugging
    4. Riemann Programming Language
    5. Is Memory Dump Analysis a Science?
    6. My Dangerous Idea: Parameterized Science
    7. Unique Events and Historical Narratives
    8. Notes on Memoidealism
    9. A Copernican Revolution in Debugging
    10. On Subjectivity of Software Defects
    11. Memory Field Theories of Memuonics
    12. Software Trace: A Mathematical Definition
    13. Quantum Memory Dumps
    14. Chemistry of Virtual Memory
  9. 6. Fun with Crash Dumps
    1. Music for Debugging
      1. Bugs Never Disappear
      2. Horrors of Computation
      3. Passion, Intellect and Expression
      4. Headphones for Debugging
      5. In the Memory Dump File
    2. Bugteriology
    3. Implausible Debugging Book Titles
    4. Build Date Astrology
    5. Breaking Technical Barrier
    6. Occult Debugging
    7. The Year of Dump Analysis!
    8. Stack Traces and Poetry
    9. Debugging Slang
    10. Memory Dump Analysis Walks
    11. E-Acheri
    12. The Meaning of DATA
    13. Irish Government on Dumps
    14. Memory Dumps as Relics
    15. The Ghost of Adelphi Training Center
  10. 7. Software Troubleshooting
    1. I'm RARE
    2. To Bugcheck or Not To Bugcheck
    3. T&D Labyrinth
    4. Efficient vs. Effective: DATA View
  11. 8. Software Trace Analysis
    1. Tracing Best Practices
    2. Software Narratology: A Definition
  12. 9. Software Trace Analysis Patterns
    1. Introduction
    2. Periodic Error
    3. Basic Facts
    4. Circular Trace
    5. Intra-Correlation
  13. 10. The Origin of Crash Dumps
    1. Hide, Seek and Dump
    2. OSMOSIS Memory Dumps
    3. Tools
      1. Crash2Hang
      2. MTCrash
    4. Where did the Crash Dump Come from?
    5. FinalExceptionHandler
  14. 11. Memory Visualization
    1. The Art of Memory Corruption
    2. Visualizing Secondary Storage
    3. Pictures from Memory Space
  15. 12. Miscellanious
    1. Hexadecimal / Decimal chaos
    2. The Measure of Debugging and Memory Dump Analysis Complexity
    3. How To Simulate a Process Hang?
    4. A Windows Case for Delta Debugging
    5. Sentinel Pointers
    6. Collapsed Stack Trace
  16. A.
    1. Crash Dump File Examples
  17. B.
    1. Crash Dump Analysis Checklist
  18. C.
    1. Memory Dump Analysis Pattern: A Definition
    2. Wait Chain Patterns
    3. DLL Link Patterns
    4. Insufficient Memory Patterns
    5. Dynamic Memory Corruption Patterns
    6. Deadlock Patterns