You are previewing Memory Dump Analysis Anthology, Volume 6.
O'Reilly logo
Memory Dump Analysis Anthology, Volume 6

Book Description

Contains revised, edited, cross-referenced, and thematically organized selected DumpAnalysis.org blog posts about memory dump and software trace analysis, software troubleshooting and debugging written in November 2010 - October 2011 for software engineers developing and maintaining products on Windows platforms, quality assurance engineers testing software on Windows platforms, technical support and escalation engineers dealing with complex software issues, and security researchers, malware analysts and reverse engineers. The sixth volume features: - 56 new crash dump analysis patterns including 14 new .NET memory dump analysis patterns - 4 new pattern interaction case studies - 11 new trace analysis patterns - New Debugware pattern - Introduction to UI problem analysis patterns - Introduction to intelligence analysis patterns - Introduction to unified debugging pattern language - Introduction to generative debugging, metadefect template library and DNA of software behavior - The new school of debugging - .NET memory dump analysis checklist - Software trace analysis checklist - Introduction to close and deconstructive readings of a software trace - Memory dump analysis compass - Computical and Stack Trace Art - The abductive reasoning of Philip Marlowe - Orbifold memory space and cloud computing - Memory worldview - Interpretation of cyberspace - Relationship of memory dumps to religion - Fully cross-referenced with Volume 1, Volume 2, Volume 3, Volume 4, and Volume 5.

Table of Contents

  1. Cover Page
  2. Title Page
  3. Copyright Page
  4. Summary of Contents
  5. Contents
  6. Preface
  7. Acknowledgements
  8. Part 1: Professional Crash Dump Analysis and Debugging
    1. Memory Dump Analysis Best Practices
    2. Windows Debugging Expert System WinDbg Extension
    3. Common Mistakes
      1. Not Comparing to Reference Debugger Output
    4. From Bugchecks to Patterns
    5. Raw Stack from Laterally Damaged Memory Dumps
    6. WinDbg Tips and Ricks: Getting the Bottom of a Stack Trace
  9. Part 2: Crash Dump Analysis Patterns
    1. Divide by Zero (Kernel Mode)
    2. Fat Process Dump
    3. Blocked Queue
    4. Crash Signature
    5. Invalid Parameter (Process Heap)
    6. Hooking Level
    7. Embedded Comments
    8. Well-Tested Module
    9. String Parameter
    10. Environment Hint
    11. Dual Stack Trace
    12. Blocking Module
    13. Wait Chain (Window Messaging)
    14. Wait Chain (Named Pipes)
    15. Top Module
    16. Dialog Box
    17. Technology-Specific Subtrace (COM Interface Invocation)
    18. Livelock
    19. Semantic Structure (PID.TID)
    20. Instrumentation Side Effect
    21. Directing Module
    22. Stack Overflow (Software Implementation)
    23. Data Correlation
    24. Truncated Stack Trace
    25. Least Common Frame
    26. Self-Diagnosis (Kernel Mode)
    27. Technology-Specific Subtrace (Dynamic Memory)
    28. Module Hint
    29. Custom Exception Handler (Kernel Space)
    30. No Data Types
    31. Cloud Environment
    32. Version-Specific Extension
    33. Multiple Exceptions (Managed Space)
    34. Blocking File
    35. Quiet Dump
    36. Pleiades
    37. Thread Age
    38. Unsynchronized Dumps
    39. Coupled Modules
    40. Managed Stack Trace
    41. Problem Vocabulary
    42. Activation Context
    43. Stack Trace Set
    44. Special Thread (.NET CLR)
    45. Dynamic Memory Corruption (Managed Heap)
    46. Stack Trace Collection (Managed Space)
    47. Duplicate Extension
    48. Deadlock (Managed Space)
    49. Caller-n-Callee
    50. Handled Exception (User Space)
    51. Handled Exception (.NET CLR)
    52. Execution Residue (Managed Space)
    53. Annotated Disassembly (JIT .NET code)
    54. Wait Chain (Mutex Objects)
    55. Inline Function Optimization (Managed Code)
    56. Technology-Specific Subtrace (JIT .NET Code)
    57. Double IRP Completion
  10. Part 3: Pattern Interaction
    1. Main Thread, Self-Diagnosis, Window Message Chain, Blocking Module, Ubiquitous Component, Dual Stack Trace, Pipe Wait Chain and Coupled Machines
    2. Abridged Dump, Embedded Comment, Spiking Thread, Incorrect Stack Trace and Top Module
    3. Stack Trace Collection, Message Box, Self-Diagnosis, Version-Specific Extension, Managed Stack Trace and Managed Code Exception
  11. Part 4: Unified and Generative Debugging
    1. A Periodic Table of Software Defects
    2. Analysis, Architectural, Design, Implementation and Usage Debugging Patterns
    3. Generative Debugging
    4. Metadefect Template Library
  12. Part 5: A Bit of Science and Philosophy
    1. On Memory Perspectives
    2. Orbifold Memory Space
    3. Notes on Memoidealism
    4. M->analysis
    5. Memiosphere
    6. On Memory-Time vs. Space-Time
    7. The Will to Be Memorized
    8. The Trinity of Memory Worldview
    9. Uses of Memoretics
    10. Crossdisciplinary Memoretics as Interdisciplinary Science
    11. Private Property on Memory Spaces
    12. Coarse vs. Fine Grained DNA of Software Behavior
  13. Part 6: Fun with Crash Dumps
    1. Music for Debugging
      1. 555 Binary Threads
      2. Out of Memory and Losing My Data (Comment Impact)
      3. Navigating the Long List
    2. Debugging Joke
    3. Memory Dump Barcodes
    4. MessageBox at Dublin Zoo
    5. CDB for Kids
    6. Snow Spike Residue
    7. Second Snowfall Spike in Dublin
    8. MMXI
    9. Happy New Year and Decade of Debugging 0×7DB - 0×7E4!
    10. Do Security Professionals Dream?
    11. Debugging Slang
      1. Golden Bug
      2. Beer Time
      3. Finger Exercise
      4. Resolution Rush
      5. The Window of Opportunity
      6. Dump
      7. Pre-analysis
      8. Tapping
      9. Having Fun
      10. Adult Debugging
      11. Second Eye
      12. Abscess
      13. Finction
    12. Mad OS and other Publishing Blunders
    13. The Ultimate Debugger's Desk
    14. Memceptions: Flags and Handles are Everywhere!
    15. Computer Memory Monsters
    16. On President's Daily Briefs (PDBs)
    17. The First Evidence for Process Resurrection
    18. Vacuum Pages
    19. WinDbg Command on Certificate
    20. Pleasing WinDbg SOS Extension
    21. Airport Terminal Services Incident
    22. Philosophical Self-Interview
  14. Part 7: A Bit of Religion
    1. Memory Creates God
    2. Morality and Memorianity
    3. On Natural Theology
  15. Part 8: Software Trace Analysis
    1. Pattern Interaction
      1. Basic Facts, Periodic Error and Defamiliarizing Effect
    2. Close and Deconstructive Readings of a Software Trace
    3. Software Tracing Best Practices
    4. No Longer Seeing Nothing: The Advantage of Patterns
  16. Part 9: Software Trace Analysis Patterns
    1. Focus of Tracing
    2. Event Sequence Order
    3. Implementation Discourse
    4. News Value
    5. Master Trace
    6. Gossip
    7. Impossible Trace
    8. Glued Activity
    9. Message Invariant
    10. UI Message
    11. Original Message
  17. Part 10: Software Troubleshooting and Debugging
    1. Debugware Patterns
      1. System Description Snapshot
    2. Debugging in 2021: Trends for the Next Decade
    3. The Way of Philip Marlowe: Abductive Reasoning for Troubleshooting and Debugging
    4. Workaround Patterns
      1. Fake API
    5. User Interface Problem Analysis Patterns
      1. Message Box
  18. Part 11: Software Victimology
    1. Function Activity Theory
  19. Part 12: Art
    1. No E-numbers Software Product Sticker
    2. Paleo-debugging: Excavated Minidump
    3. Stack Trace Art
    4. Debugger's Dream
    5. Defect in Defect
    6. Memorianity Cross
    7. Memioart: The New Art Form
    8. Clouded
    9. Cloud Traces
    10. What Is To Be Done?
  20. Part 13: Miscellaneous
    1. GI Index of Memory Dump Analysis
    2. The New School of Debugging
    3. TestWER Tool to Test Windows Error Reporting
    4. Moving to ARM
    5. The New School of Debugging: What's New
    6. A.C.P. Root Cause Analysis Methodology
    7. TestWAER Tool to Test Windows Azure Error Reporting
  21. Part 14: Intelligence Analysis
    1. Intelligence Analysis Patterns
    2. The Birth of Memory Intelligence Agency
  22. Appendix
    1. Memory Analysis as a Service
    2. Stack Overflow Patterns
    3. .NET / CLR / Managed Space Patterns
    4. Stack Trace Patterns
    5. Symbol Patterns
    6. Analysis Compass
    7. Software Trace Analysis Checklist
    8. Crash Dump Analysis Checklist
  23. Index of WinDbg Commands
  24. Cover Images