Memory Analysis Patterns
Multiple Exceptions (user mode)
Multiple Exceptions (kernel mode)
Dynamic Memory Corruption (process heap)
Dynamic Memory Corruption (kernel pool)
False Positive Dump
Lateral Damage- Optimized Code
- Invalid Pointer (general)
- NULL Pointer (code)
- NULL Pointer (data)
- Inconsistent Dump
- Hidden Exception
- Deadlock (critical sections)
- Deadlock (executive resources)
- Deadlock (mixed objects, user space)
- Deadlock (LPC)
- Deadlock (mixed objects, kernel space)
- Changed Environment
- Incorrect Stack Trace
- OMAP Code Optimization
- No Component Symbols
- Insufficient Memory (committed memory)
- Insufficient Memory (handle leak)
- Insufficient Memory (kernel pool)
- Insufficient Memory (PTE)
- Insufficient Memory (virtual memory)
- Insufficient Memory (physical memory)
- Insufficient Memory (control blocks)
- Spiking Thread
- Module Variety
- Stack Overflow (kernel mode)
- Stack Overflow (user mode)
- Managed Code Exception
- Truncated Dump
- Waiting Thread Time (kernel dumps)
- Waiting Thread Time (user dumps)
- Memory Leak (process heap)
- Memory Leak (.NET heap)
- Missing Thread
- Unknown Component
- Double Free (process heap)
- Double Free (kernel pool)
- Coincidental Symbolic Information
- Stack Trace
- Virtualized Process (WOW64)
- Stack Trace Collection
- Coupled Processes
- High Contention (executive resources)
- High Contention (critical sections)
- Accidental Lock
- Passive Thread (user space)
- Passive System Thread (kernel space)
- Main Thread
- Busy System
- Historical Information
- IRP Distribution Anomaly
- Local Buffer Overflow
- Early Crash Dump
- Hooked Functions
- Custom Exception Handler
- Special Stack Trace
- Manual Dump (kernel)
- Manual Dump (process)
- Wait Chain (general)
- Wait Chain (critical sections)
- Wait Chain (executive resources)
- Wait Chain (thread objects)
- Wait Chain (LPC/ALPC)
- Wait Chain (process objects)
- Corrupt Dump
- Dispatch Level Spin
- No Process Dumps
- No System Dumps
- Suspended Thread
- Special Process
- Frame Pointer Omission
- False Function Parameters
- Message Box
- Self-Dump
- Blocked Thread
- Zombie Processes
- Wild Pointer
- Wild Code
- Hardware Error
- Handle Limit (GDI)
- Missing Component (general)
- Missing Component (static linking, user mode)
- Execution Residue
- Optimized VM Layout
- Invalid Handle
- Overaged System
- Thread Starvation
- Duplicated Module
- Not My Version (software)
- Not My Version (hardware)
- Data Contents Locality
- Nested Exceptions (unmanaged code)
- Nested Exceptions (managed code)
- Affine Thread
- Self-Diagnosis
- Inline Function Optimization
- Critical Section Corruption
- Lost Opportunity
- Young System
- Last Error Collection
- Hidden Module
- Data Alignment (page boundary)
- C++ Exception
- Divide by Zero (user mode)
- Swarm of Shared Locks
- Process Factory
- Paged Out Data
- Semantic Split
- Pass Through Function
- JIT Code (.NET)
- Ubiquitous Component
- Nested Offender
- Virtualized System
- Effect Component
- Well-Tested Function
- Mixed Exception
- Random Object
- Missing Process
- Platform-Specific Debugger
- Value Deviation (stack trace)
- CLR Thread
- Coincidental Frames
- Fault Context
Dmitry Vostokov - Senior Director at Software Maintenance Institute
During the last year of debugging Dmitry Vostokov has successfully launched and led a number of initiatives and in recognition of his efforts he has been promoted to a senior director role at Software Maintenance Institute (SMI).
CARE: Crash Analysis Report Environment
Welcome to the project CARE!
CARE means Crash Analysis Report Environment. It includes a pattern-driven debugger log analyzer and standards for structured audience-driven reports.
Please help to populate the database of stack traces by submitting your WinDbg output logs. You can use VBScript / WinDbg script to process all .DMP files on your hard drives: DebuggerLogs.zip. The archive contains VBScript file for x64 WinDbg (DebuggerLogs64.vbs) and for x86 WinDbg (DebuggerLogs.vbs) plus the very simple mode-independent WinDbg script (DebuggerLogs.wds). The WinDbg output is stored in dbgeng.log file.
Note: Please do not submit your crash dumps because the file size is limited to 2 MB and CARE system is currently being designed to analyze debugger logs only. If your log is bigger you can submit a zip file. If you have any problems please contact the administrator. Please do not expect any crash analysis response for your logs. The submittal is currently for internal CARE database population only and not for the pattern analysis of your computer memory.
Forthcoming Memory Dump Analysis Anthology, Volume 4
This is a revised, edited, cross-referenced and thematically organized volume of selected DumpAnalysis.org blog posts about crash dump analysis and debugging written in July 2009 - January 2010 for software engineers developing and maintaining products on Windows platforms, quality assurance engineers testing software on Windows platforms and technical support and escalation engineers dealing with complex software issues. The fourth volume features:
- 13 new crash dump analysis patterns
- 13 new pattern interaction case studies
- 10 new trace analysis patterns
- 6 new Debugware patterns and case study
- Workaround patterns
- Updated checklist
- Fully cross-referenced with Volume 1, Volume 2 and Volume 3
- New appendixes
Product information:
- Title: Memory Dump Analysis Anthology, Volume 4
- Author: Dmitry Vostokov
- Language: English
- Product Dimensions: 22.86 x 15.24
- Paperback: 410 pages
- Publisher: Opentask (30 March 2010)
- ISBN-13: 978-1-906717-86-5
- Hardcover: 410 pages
- Publisher: Opentask (30 April 2010)
- ISBN-13: 978-1-906717-87-2
Back cover features memory space art image: Internal Process Combustion.
Plans for The Year of Dump Analysis
Release the first beta version of EasyDbg
Release the first beta version of CARE (Crash Analysis Report Environment) for a pattern-driven debugger log analyzer with standards for structured audience-driven reports
Release the first beta version of STARE (Software Trace Analysis Report Environment) for a pattern-driven software trace analyzer with corresponding standards for structured audience-driven reports
Publish the following books on dump analysis that address different audiences (general users, system administrators, support and escalation engineers, testers, software engineers, security and software defect researchers):
- Windows Debugging Notebook
- Crash Dump Analysis for System Administrators and Support Engineers
- Memory Dump Analysis Anthology, Volume 4
- Memory Dump Analysis Anthology, Volume 5
- Memory Dump Analysis Anthology Color Supplement
- Principles of Memory Dump Analysis
- My Computer Crashes and Freezes: A Non-technical Guide to Software and Hardware Errors
- Linux, FreeBSD and Mac OS X Debugging: Practical Foundations
- Encyclopedia of Crash Dump Analysis Patterns
- WinDbg In Use: Debugging Exercises
Publish articles related to memory dump analysis in Debugged! magazine
Update WinDbg Poster and Cards
The Year of Debugging in Retrospection
The Year of Debugging, 0x7D9, was a remarkable year for DumpAnalysis.org. Here is the list of achievements to report:
- Software Trace Analysis as a new discipline with its own set of patterns
- Unification of Memory Dump Analysis with Software Trace Analysis (DA+TA)
- New computer memory dump-based art movements: Opcodism and Physicalist Art
- Discovery of 3D computer memory visualization techniques
- Establishing Software Maintenance Institute
- Broadening software fault injection as Software Defect Construction discipline
- Establishing a new profession of a Software Defect Researcher
- Starting ambitious Dictionary of Debugging
- Publishing Windows Debugging: Practical Foundations book
- Publishing the first x86-free Windows debugging book: x64 Windows Debugging: Practical Foundations
- Establishing the new debugging magazine: Debugged! MZ/PE
- Publishing Memory Dump Analysis Anthology, Volume 3
- Cooperation with OpenTask to promote First Fault Software Problem Solving book
- Establishing Debugging Expert(s) Magazine Online
- Creating the first development process for debugging and software troubleshooting tools: RADII
- Publishing the first pattern-driven memory dump analysis troubleshooting methodology as a foundation for software debugging
- Proposal for an International Memory Analysts and Debuggers Day
- Almost completed Windows Debugging Notebook to be published soon
- The founder of DumpAnalysis.org (Dr. DebugLove) becomes a member of Citrix Systems Tweetrix Support Team
Memory Dump Analysis Anthology, Volume 3
The following direct links can be used to order the book now:
Buy Paperback
from Amazon
Buy Paperback from Barnes & Noble
Buy Paperback or Hardcover or Digital from Lulu
This is a revised, edited, cross-referenced and thematically organized volume of selected DumpAnalysis.org blog posts about crash dump analysis and debugging written in October 2008 - June 2009 for software engineers developing and maintaining products on Windows platforms, quality assurance engineers testing software on Windows platforms and technical support and escalation engineers dealing with complex software issues. The third volume features:
- 15 new crash dump analysis patterns
- 29 new pattern interaction case studies
- Trace analysis patterns
- Updated checklist
- Fully cross-referenced with Volume 1 and Volume 2
- New appendixes
Product information:
- Title: Memory Dump Analysis Anthology, Volume 3
- Author: Dmitry Vostokov
- Language: English
- Product Dimensions: 22.86 x 15.24
- Paperback: 404 pages
- Publisher: Opentask (20 December 2009)
- ISBN-13: 978-1-906717-43-8
- Hardcover: 404 pages
- Publisher: Opentask (30 January 2010)
- ISBN-13: 978-1-906717-44-5
Back cover features 3D computer memory visualization image.
International Memory Analysts and Debuggers Day
07.07 and/or 08.08 starting from The Year of Dump Analysis, 2010, 7DA at 7:00 and/or 8:00 (pm preferably for moderation purposes)
Debugged! MZ/PE: MagaZine for/from Practicing Engineers
As one of the new initiatives for the Year of Debugging (2009, 0x7D9) OpenTask starts publishing full color variable page periodical publication called:
Debugged! MZ/PE: MagaZine for/from Practicing Engineers
The only serial publication dedicated entirely to Windows® debugging
The following direct links can be used to order issues now:
Order March, 2009 issue from Amazon
or Barnes & Noble
Order June, 2009 issue from Amazon
or Barnes & Noble
Order September, 2009 issue from Amazon
or Barnes & Noble
Free version: Debugging Expert(s) Magazine Online
Sample magazine back covers featuring debugging, crash dump and software trace analysis tips:
If you have an article idea or if you'd like to write an article for us please use the following contact form:
First Fault Software Problem Solving Book
The following direct link can be used to order the book now:
Buy Paperback
from Amazon
Buy Paperback from Barnes & Noble
Written by a veteran in mission-critical computer system problem resolution, problem prevention, and system recovery, this book discusses solving problems on their FIRST occurrence while emphasizing software supportability and serviceability.
- Title: First Fault Software Problem Solving: A Guide for Engineers, Managers and Users
- Author: Dan Skwire
- Publisher: Opentask (1 December 2009)
- Language: English
- Product Dimensions: 22.86 x 15.24
- ISBN: 1906717427
- ISBN-13: 978-1906717421
- Paperback: 180 pages
Who should read this book?
- Software professional engineers and managers
- End-users, system administrators and their managers
- Software engineering students
What will the readers of this book learn?
- How to optimize use of pre-existing software problem solving features
- How to choose the best products to improve first fault problem-solving
- How to get the best results when problems occur on outsourced and cloud-placed work
- How to choose amongst first-fault tools, second-fault tools, and manual problem solving methods to best advantage for difficult problems
- How to be an educated consumer or creator of future problem-solving software
What is the business value of reading this book?
- Saving money on problem solving resources (servers, storage, network, software, power, space, cooling, personnel)
- Keeping customers happier since their issues are resolved sooner
- Reducing the durations of computer service outages that affect external clients
- Decreasing operational overhead and encouraging sustainable, higher-performing organizations and enterprises through best problem-solving practices
What else is special about this book?
- 21 original illustrations to feed the soul and tickle the funny-bone
- 21 thought-provoking quotes to feed the intellect and the spirit
- An extensive bibliography to aid in clarification and personal growth
Gigabyte
We plan to open 2010 (7DA), The Year of Dump Analysis, with the publication of a gigabyte.
Product information is:
- Title: Gigabyte
- Author: Dmitry Vostokov
- Language: English
- Product Dimensions: 21.6 x 21.6
- Paperback: 80 pages
- Publisher: Opentask (01 Jan 2010)
- ISBN-13: 978-1-906717-89-6
Memory Dump Analysis Anthology, Volume 2
The following direct links can be used to order the book now:
Buy Paperback
or Hardcover
from Amazon
Buy Paperback or Hardcover from Barnes & Noble
Buy Paperback or Hardcover or Digital from Lulu
This is a revised, edited, cross-referenced and thematically organized volume of selected DumpAnalysis.org blog posts about crash dump analysis and debugging written in January - September 2008 for software engineers developing and maintaining products on Windows platforms, quality assurance engineers testing software on Windows platforms and technical support and escalation engineers dealing with complex software issues. The second volume features:
- 45 new crash dump analysis patterns
- Pattern interaction and case studies
- Updated checklist
- Fully cross-referenced with Volume 1
- New appendixes
Product information is:
- Title: Memory Dump Analysis Anthology, Volume 2
- Author: Dmitry Vostokov
- Language: English
- Product Dimensions: 22.86 x 15.24
- Paperback: 470 pages
- Publisher: Opentask (03 Oct 2008)
- ISBN-13: 978-0-9558328-7-1
- Hardcover: 470 pages
- Publisher: Opentask (01 Nov 2008)
- ISBN-13: 978-1-906717-22-3
Back cover features visualized virtual process memory generated from a memory dump of colorimetric computer memory dating sample using Dump2Picture.
A New Profession of Software Defect Research
By analogy with a security researcher profession, DumpAnalysis.org, Memory Analysis and Debugging Institute and Software Maintenance Institute propose the new title of a software defect researcher as a unified profession combining relevant fields of security research, testing, debugging, memory dump analysis, software reverse engineering, construction and maintenance.
Interview Crashes and Hangs
As a dual to Resume and CV: As a Book OpenTask plans to publish the long time memories of the founder of DumpAnalysis.org in the following book next year:
My Failed Job Interviews: Reflections on 50 Percent (ISBN: 978-1906717889)
The recollections span East and West, small and giant software companies, full time and part time, office and remote job positions, direct and recruitment company hiring, phone and on-site, technical and business interviews.
Software Maintenance Institute
Memory Analysis and Debugging Institute (MA&DI), DA+TA Portal (DumpAnalysis.org + TraceAnalysis.org) and OpenTask establish R&D Institute of Software Maintenance:
Software Maintenance Institute (SMInstitute.com)
Hardware Reviews
DumpAnalysis.org accepts hardware such as laptops for reviewing in relation to their suitability for extreme debugging, virtualization, trace analysis, computer forensics, memory dump analysis, visualization and auralization. If you work for a H/W company like HP, Apple, Dell, Acer, Sony or any other respectable manufacturer please don't hesitate to forward this post to your management: it could be your company brand or laptop model that debugging and software technical support community chooses next time of upgrade or for T&D / R&D! H/W reviews will be posted on the main portal page which currently has an audience of more than 200,000 unique visitors per year from more than 30,000 network locations (*).
If your company is interested please don't hesitate to use this contact form:
http://www.dumpanalysis.org/contact
(*) From Google Analytics report.
Forthcoming Windows Debugging Notebook: Essential Concepts, WinDbg Commands and Tools
The following direct links can be used to pre-order the book now:
Pre-order Paperback
from Amazon
This is a forthcoming reference book for technical support and escalation engineers troubleshooting and debugging complex software issues. The book is also invaluable for software maintenance and development engineers debugging unmanaged, managed and native code.
- Title: Windows Debugging Notebook: Essential Concepts, WinDbg Commands and Tools
- Authors: Roberto Alexis Farah, Dmitry Vostokov
- Language: English
- Product Dimensions: 22.86 x 15.24
- ISBN-13: 978-1-906717-00-1
- Publisher: Opentask (30 November 2009)
- Paperback: 256 pages
- ISBN-13: 978-0-9558328-5-7
- Publisher: Opentask (01 February 2010)
- Hardcover: 256 pages
Draft Table of Contents
Draft Sample Chapter
Forthcoming Book: Crash Dump Analysis for System Administrators and Support Engineers (Windows Edition)
The following direct links can be used to pre-order the book now:
Pre-order Paperback
from Amazon
This is a must have book for system administrators of complex Windows server platforms and client workstations to understand and choose the best course of action to address system and application crashes, hangs, CPU spikes and memory leaks. It is also invaluable to general Windows users and technical support engineers.
- Title: Crash Dump Analysis for System Administrators and Support Engineers (Windows Edition)
- Authors: Thomas Monahan, Dmitry Vostokov
- Publisher: Opentask (30 November 2009)
- Language: English
- Product Dimensions: 22.86 x 15.24
- ISBN-13: 978-1-906717-02-5
- Paperback: 180 pages
Debugging Expert Magazine Online
The free online version of Debugged! MZ/PE magazine:
www.DebuggingExpert.com
x64 Windows Debugging: Practical Foundations
The following direct links can be used to order the book now:
Buy Paperback
from Amazon
Buy Paperback from Barnes & Noble
Buy Digital from Lulu
Written by the founder of DumpAnalysis.org this book is not about bugs or debugging techniques but about background knowledge everyone needs to start experimenting with x64 WinDbg, learn from practical experience and read other advanced debugging books. Solid understanding of fundamentals like pointers is needed to analyze stack traces beyond !analyze -v and lmv WinDbg commands. This is the book to help technical support and escalation engineers and Windows software testers without the knowledge of assembly language to master necessary prerequisites to understand and start debugging and crash dump analysis on x64 Windows platforms. It doesn't require any specific knowledge, fills the gap and lowers the learning curve. The book is also useful for software engineers coming from managed code or Java background, engineers coming from non-Wintel environments, Windows C/C++ software engineers without assembly language background, security researchers and beginners learning x64 Windows software disassembling and reverse engineering techniques. This book can also be used as AMD64 and Intel EM64T assembly language and x64 Windows debugging supplement for relevant undergraduate level courses. For someone, who wants to learn these foundations in the context of 32-bit Windows environments there is a separate x86 book (ISBN: 978-1-906717-10-0). However, this book is completely independent from that earlier book and almost every illustration was recreated to reflect x64 architecture and x64 Windows ILP 32-32-64 model (Integer-Long-Pointer).
Product details:
- Title: x64 Windows Debugging: Practical Foundations
- Author: Dmitry Vostokov
- Publisher: Opentask (Paperback, 17 August 2009)
- Language: English
- Product Dimensions: 22.86 x 15.24
- ISBN-13: 978-1-906717-56-8 (Paperback)
- Paperback: 194 pages
14 Aug 2006 - 13 Aug 2009: 3 Years of Blogging
DumpAnalysis.org congratulates Dmitry Vostokov, its founder, on 3 years of blogging!
RADII Software Support Tools Development Process
Requirements, Architecture, Design, Implementation and Improvement
Featured in the forthcoming book: DebugWare: The Art and Craft of Writing Troubleshooting and Debugging Tools
DATA (Dump Analysis + Trace Analysis) Facebook Group
Please join the community of memory (dump) and trace analysis engineers. This group promotes scientific methods and memory dump-based world view.
DATA (Dump Analysis + Trace Analysis) Facebook group
Memory Dump Analysis Certification
Memory Analysis and Debugging Institute develops x86/x64-based certification tracks for Windows and Unix (including Linux / FreeBSD / Mac OS X).
Each track consists of 3 exams, each having its own set of requirements and scope:
- Fundamentals of Memory Dump Analysis
- Intermediate Memory Dump Analysis
- Advanced Memory Dump Analysis
The initiative is supported by OpenTask.
Windows Debugging: Practical Foundations
The following direct links can be used to order the book now:
Buy Paperback
or Hardcover
from Amazon
Buy Paperback or Hardcover from Barnes & Noble
Buy Digital from Lulu
Written by the founder of DumpAnalysis.org this book is not about bugs or debugging techniques but about background knowledge everyone needs to start experimenting with WinDbg, learn from practical experience and read other advanced debugging books. Solid understanding of fundamentals like pointers is needed to analyze stack traces beyond !analyze -v and lmv WinDbg commands. This is the book to help technical support and escalation engineers and Windows software testers without the knowledge of assembly language to master necessary prerequisites to understand and start debugging and crash dump analysis on Windows platforms. It doesn't require any specific knowledge, fills the gap and lowers the learning curve. The book is also useful for software engineers coming from managed code or Java background, engineers coming from non-Wintel environments, Windows C/C++ software engineers without assembly language background, security researchers and beginners learning Windows software disassembling and reverse engineering techniques. This book can also be used as Intel assembly language and Windows debugging supplement for relevant undergraduate level courses.
Product details:
- Title: Windows Debugging: Practical Foundations
- Author: Dmitry Vostokov
- Publisher: Opentask (Paperback, 01 February 2009)
- Publisher: Opentask (Hardcover, 23 March 2009)
- Language: English
- Product Dimensions: 22.86 x 15.24
- ISBN-13: 978-1-906717-10-0 (Paperback)
- ISBN-13: 978-1-906717-67-4 (Hardcover)
- Paperback: 200 pages
Book reviews:
The Debugging Decade!
DumpAnalysis.org announces forthcoming 2011 - 2020 as
2011 (0x7DB) - 2020 (0x7E4) The Debugging Decade
The Year of Dump Analysis!
DumpAnalysis.org announces forthcoming 2010 as
2010 (0x7DA) - The Year of Dump Analysis
Forthcoming Computer Memory Visualization Book
This is a full color book about postmortem, static and dynamic memory visualization and its current and emerging applications:
- Authors: Jamie Fenton, Dmitry Vostokov
- Paperback: 64 pages
- ISBN-13: 978-1-906717-06-3
- Publisher: Opentask (2010)
- Language: English
- Product Dimensions: 28 x 21.6
Book cover features a journey to the center of pagefile theme and the discovery of cosmic rays in memory:
