You are previewing Memory Dump Analysis Anthology, Volume 8a.
O'Reilly logo
Memory Dump Analysis Anthology, Volume 8a

Book Description

Contains revised, edited, cross-referenced, and thematically organized selected articles from Software Diagnostics Institute (DumpAnalysis.org + TraceAnalysis.org) and Software Diagnostics Library (former Crash Dump Analysis blog, DumpAnalysis.org/blog) about software diagnostics, debugging, crash dump analysis, memory forensics, software trace and log analysis written in June 2014 - November 2014 for software engineers developing and maintaining products on Windows platforms, quality assurance engineers testing software, technical support and escalation engineers dealing with complex software issues, security researchers, reverse engineers, malware and memory forensics analysts. This volume is fully cross-referenced with volumes 1 - 7 and features: - 19 new crash dump analysis patterns; - 10 new software log and trace analysis patterns; - Introduction to malnarratives and higher-order pattern narratives; - Introduction to pattern language for performance analysis; - Introduction to pater-oriented debugging process.

Table of Contents

  1. Cover Page
  2. Title Page
  3. Copyright Page
  4. Table of Contents
  5. Preface
  6. About the Author
  7. Part 1: Professional Crash Dump Analysis and Debugging
    1. Software Diagnostics Professional Certification
    2. Three Roads to Kernel Space
  8. Part 2: Crash Dump Analysis Patterns
    1. Design Value
    2. Hidden IRP
    3. Tampered Dump
    4. Wait Chain (RTL_RESOURCE)
    5. Memory Fluctuation (Process Heap)
    6. Last Object
    7. Rough Stack Trace
    8. Past Stack Trace
    9. Stack Trace (I/O Request)
    10. Stack Trace (File System Filters)
    11. Stack Trace (Database)
    12. Wait Chain (Modules)
    13. Insufficient Memory (Stack Trace Database)
    14. Insufficient Memory (Region)
    15. Memory Leak (Regions)
    16. Invalid Handle (Managed Space)
    17. Ghost Thread
    18. Dry Weight
    19. Exception Module
  9. Part 3: Memory Forensics
    1. Memory Forensics Professional Certification
    2. Native Memory Forensics
  10. Part 4: A Bit of Science and Philosophy
    1. Memory Symmetry Breaking
    2. Memoevolutionism
    3. Entropy as Memory and Memory as Entropy
    4. Notes on Memoidealism
    5. Welcome to Memorianism
    6. United Memory Lands, Memorianites, EthnOS
    7. Quotes from Memoriarch
    8. Pattern-Oriented Philosophy
  11. Part 5: Software Trace Analysis Patterns
    1. Hidden Facts
    2. Back Trace
    3. Blackout
    4. Missing Message
    5. Use Case Trail
    6. Event Sequence Phase
    7. Milestones
    8. File Size
    9. Singleton Event
    10. Visitor Trace
  12. Part 6: Fun with Crash Dumps
    1. Debugging Slang and Proverbs
      1. PUS
      2. Coollect
      3. Dump-out
      4. LOGIC
      5. DiagNose
      6. Consolidation
      7. No Pass a Run!
      8. ID IoT Zone
      9. Putty in Someone's Hands
      10. DisPatched vs. DESPatched
      11. Programmatica Nervosa
      12. GOTCHA
      13. Pan-o-RAM-ic
      14. VLSI
      15. Debugging Proverb
    2. Space Opera
    3. If Programmers were Writers
    4. My Computer Celebrates Halloween
    5. Look, there's a Bug!
    6. Diagnostics in Science Fiction
    7. Hard Copy Natives
  13. Part 7: Software Narratology
    1. Malnarratives
    2. Higher-Order Pattern Narratives (Analyzing Diagnostic Analysis)
  14. Part 8: Software Diagnostics, Troubleshooting, and Debugging
    1. A Pattern Language for Performance Analysis
    2. The Timeless Way of Diagnostics
    3. Pattern-Oriented Debugging Process
  15. Part 9: Art and Visualization
    1. Café WoW
    2. Bang Debugging
    3. Bug Hunter
    4. Glass of Water Dump
    5. Memory Dump Analysis
    6. Organic Incidents and Bad Stench
  16. Part 10: Miscellaneous
    1. Book Discovery
    2. Quotes
  17. Appendix
    1. Crash Dump Analysis Checklist
  18. Index of WinDbg Commands
  19. Notes