Memory Dump, Software Trace, Debugging, Malware and Intelligence Analysis Portal

Some software components are innocent victims of other component coding mistakes or deliberate subversion and some start as a part of crimeware and malware but eventually become victims themselves (they crash, hang, spike, leak, are dumped, subverted, etc). Learn about unified malware and victimware analysis by using behavioral and structural patterns including a live memory dump analysis example.

Date: 29th of June, 2012
Time: 17:00 (BST) 12:00 (EST) 09:00 (PST)
Duration: 60 minutes

Space is limited.
Reserve your Webinar seat now at:
https://www3.gotomeeting.com/register/332458406

Learn how to navigate process, kernel and physical spaces and diagnose various malware patterns in Windows memory dump files. We use a unique and innovative pattern-driven analysis approach to speed up the learning curve. The training consists of practical step-by-step hands-on exercises using WinDbg, process, kernel and complete memory dumps.

Memory Dump Analysis Services (DumpAnalysis.com) organizes a training course:

The training consists of 4 two-hour sessions (2 hours every day). When you finish the training you additionally get:

1. A full transcript in PDF format (retail price $200)
2. 5 volumes of Memory Dump Analysis Anthology in PDF format (retail price $100)
3. A personalized attendance certificate with unique CID (PDF format)
4. Free Dump Analysis World Network membership including updates to full PDF transcript Q&A section

Session 1: October 17, 2012 4:00 PM - 6:00 PM BST
Session 2: October 18, 2012 4:00 PM - 6:00 PM BST
Session 3: October 19, 2012 4:00 PM - 6:00 PM BST
Session 4: October 22, 2012 4:00 PM - 6:00 PM BST

Price: 210 USD

Space is limited.
Reserve your remote training seat now at:
https://student.gototraining.com/r/1632252841018601984

If you are mainly interested in software diagnostics and debugging using memory dump files there are other courses available:

Accelerated Windows Memory Dump Analysis

Accelerated .NET Memory Dump Analysis

Accelerated Mac OS X Core Dump Analysis

Welcome to the project CARE!

New! We now also accept GDB logs and crash reports from Mac OS X and iOS.

CARE means Crash Analysis Report Environment. It includes a pattern-driven debugger log analyzer and standards for structured audience-driven reports. The system architecture is described here.

Please help to populate the database of stack traces by submitting your WinDbg and GDB output logs including Mac OS X and iOS crash reports. For Windows you can use VBScript / WinDbg script to process all .DMP files on your hard drives: DebuggerLogs.zip. The archive contains VBScript file for x64 WinDbg (DebuggerLogs64.vbs) and for x86 WinDbg (DebuggerLogs.vbs) plus the very simple mode-independent WinDbg script (DebuggerLogs.wds). The WinDbg output is stored in dbgeng.log file.

Note: Please do not submit your crash or core dumps because the file size is limited to 2 MB and CARE system is currently being designed to analyze debugger logs and crash reports only. If your log is bigger you can submit a zip file. If you have any problems please contact the administrator. Please do not expect any crash analysis response for your logs or reports. The submittal is currently for internal CARE database population only and not for the pattern analysis of your computer memory.

Under inscription...

The name for this table was suggested by Joshua J. Drake and first propagated to me by @jcran

Action                      | GDB                 | WinDbg
----------------------------------------------------------------
Start the process           | run                 | g
Exit                        | (q)uit              | q
Disassemble (forward)       | (disas)semble       | uf, u
Disassemble N instructions  | x/<N>i              | -
Disassemble (backward)      | disas <a-o> <a>     | ub
Stack trace                 | backtrace (bt)      | k
Full stack trace            | bt full             | kv
Stack trace with parameters | bt full             | kP
Partial trace (innermost)   | bt <N>              | k <N>
Partial trace (outermost)   | bt -<N>             | -
Stack trace for all threads | thread apply all bt | ~*k
Breakpoint                  | break               | bp
Frame numbers               | any bt command      | kn
Select frame                | frame               | .frame
Display parameters          | info args           | dv /t /i /V
Display locals              | info locals         | dv /t /i /V
Dump byte char array        | x/<N>bc             | db
Switch to thread            | thread <N>          | ~<N>s
Sections/regions            | maint info sections | !address
Load symbol file            | add-symbol-file     | .reload
CPU registers               | i(nfo) r            | r

The current version is from April 30th, 2012:
http://www.dumpanalysis.org/blog/index.php/2012/04/30/gdb-for-windbg-users-part-8/

To Do:

- Split rows by categories
- Add links to command descriptions, examples, relevant patterns

Learn how to analyze application, service and system crashes and freezes, navigate through memory dump space and diagnose heap corruption, memory leaks, CPU spikes, blocked threads, deadlocks, wait chains, and much more. We use a unique and innovative pattern-driven analysis approach to speed up the learning curve. The training consists of more than 20 practical step-by-step exercises using WinDbg highlighting more than 50 patterns diagnosed in 32-bit and 64-bit process, kernel and complete memory dumps.

Public preview (selected slides) of the previous training

Memory Dump Analysis Services (DumpAnalysis.com) organizes a training course:

If you are registered you are allowed to optionally submit your memory dumps before the training. This will allow us in addition to the carefully constructed problems tailor extra examples to the needs of the attendees.

The training consists of 4 two-hour sessions (2 hours every day). When you finish the training you additionally get:

1. A full transcript in PDF format (retail price $200)
2. 5 volumes of Memory Dump Analysis Anthology in PDF format (retail price $100)
3. A personalized attendance certificate with unique CID (PDF format)
4. Free Dump Analysis World Network membership including updates to full PDF transcript Q&A section

Prerequisites: Basic Windows troubleshooting

Audience: Software technical support and escalation engineers, system administrators, software developers and quality assurance engineers.

Session 1: July 11, 2012 4:00 PM - 6:00 PM BST
Session 2: July 12, 2012 4:00 PM - 6:00 PM BST
Session 3: July 13, 2012 4:00 PM - 6:00 PM BST
Session 4: July 16, 2012 4:00 PM - 6:00 PM BST

Price: 210 USD

Space is limited.
Reserve your remote training seat now at:
https://student.gototraining.com/r/517556957642208512

If scheduled dates or time are not suitable for you Memory Dump Analysis Services offers the same training in book format.

Training testimonials:

I would like to thank you and recommend your training. I think that the “Accelerated Windows Memory Dump Analysis” training is a pin-point, well taught training. I think it’s the leading training in the dump analysis area and I’ve enjoyed it, the books and materials are very detailed and well written and Dmitry answered all of the needed question. In addition after the training Dmitry sent a PDF with written answers and more information about the questions that were asked. I will give this training 5/5. Thank you Dmitry. --Yaniv Miron, Security Researcher, IL.Hack

If you are mainly interested in .NET memory dump analysis there is another course available:

Accelerated .NET Memory Dump Analysis

If you are mainly interested in Mac OS X core dump analysis there is another course available:

Accelerated Mac OS X Core Dump Analysis

Learn how to navigate through memory dump space and Windows data structures to troubleshoot and debug complex software incidents. We use a unique and innovative pattern-driven analysis approach to speed up the learning curve. The training consists of practical step-by-step exercises using WinDbg to diagnose structural and behavioral patterns in 64-bit kernel and complete memory dumps. Additional topics include memory search, kernel linked list navigation, practical WinDbg scripting, registry, system variables and objects, device drivers and I/O.

Public preview (selected slides) of the previous training

Memory Dump Analysis Services (DumpAnalysis.com) organizes a training course:

If you are registered you are allowed to optionally submit your memory dumps before the training. This will allow us in addition to the carefully constructed problems tailor extra examples to the needs of the attendees.

The training consists of 2 two-hour sessions and additional homework exercises. When you finish the training you additionally get:

1. A full transcript in PDF format (retail price $200)
2. 5 volumes of Memory Dump Analysis Anthology in PDF format (retail price $100)
3. A personalized attendance certificate with unique CID (PDF format)
4. Free Dump Analysis World Network membership including updates to full PDF transcript Q&A section

Prerequisites: Basic and intermediate level Windows memory dump analysis: ability to list processors, processes, threads, modules, apply symbols, walk through stack traces and raw stack data, diagnose patterns such as heap corruption, CPU spike, memory and handle leaks, access violation, stack overflow, critical section and resource wait chains and deadlocks. If you don't feel comfortable with prerequisites then Accelerated Windows Memory Dump Analysis training is recommended to take (or purchase a corresponding book) before attending this course.

Audience: Software developers, software technical support and escalation engineers.

Session 1: July 20, 2012 4:00 PM - 6:00 PM BST
Session 2: July 23, 2012 4:00 PM - 6:00 PM BST

Price: 210 USD

Space is limited.
Reserve your remote training seat now at:
https://student.gototraining.com/r/9202117719453636096

Note: 40% discount is available for those who previously booked Accelerated Windows or .NET Memory Dump Analysis training or purchased one of their books. Please use the contact form if you would like to register for the training with a discount.

Learn how to analyze app crashes and freezes, navigate through process core memory dump space and diagnose corruption, memory leaks, CPU spikes, blocked threads, deadlocks, wait chains, and much more. We use a unique and innovative pattern-driven analysis approach to speed up the learning curve. The training consists of practical step-by-step exercises using Xcode and GDB environments highlighting various patterns diagnosed in 64-bit process core memory dumps. The training also includes an overview of relevant similarities and differences between Windows and Mac OS X user space memory dump analysis useful for engineers with Wintel background.

Memory Dump Analysis Services (DumpAnalysis.com) organizes a training course:

If you are registered you are allowed to optionally submit your app core dumps before the training. This will allow us in addition to the carefully constructed problems tailor additional examples to the needs of the attendees.

The training consists of 2 two-hour sessions. When you finish the training you additionally get:

1. A full transcript in PDF format (retail price $200)
2. 5 volumes of Memory Dump Analysis Anthology in PDF format (retail price $100)
3. A personalized attendance certificate with unique CID (PDF format)
4. Free Dump Analysis World Network membership including updates to full PDF transcript Q&A section

Prerequisites: Basic Mac OS X troubleshooting and debugging

Audience: Software technical support and escalation engineers, system administrators, software developers and quality assurance engineers.

Session 1: July 27, 2012 4:00 PM - 6:00 PM BST
Session 2: July 30, 2012 4:00 PM - 6:00 PM BST

Price: 210 USD

Space is limited.
Reserve your remote training seat now at:
https://student.gototraining.com/r/3803636572165653760

If you are mainly interested in Windows memory dump analysis there is another course available:

Accelerated Windows Memory Dump Analysis

Note: 40% discount is available for those who previously booked Accelerated Windows Memory Dump Analysis training or purchased its book. Please use the contact form if you would like to register for the training with a discount.

Learn how to analyze .NET application and service crashes and freezes, navigate through memory dump space (managed and unmanaged code) and diagnose corruption, leaks, CPU spikes, blocked threads, deadlocks, wait chains, resource contention, and much more. We use a unique and innovative pattern-driven analysis approach to speed up the learning curve. The training consists of practical step-by-step exercises using WinDbg to diagnose patterns in 32-bit and 64-bit process memory dumps.

Public preview (selected slides) of the previous training

Memory Dump Analysis Services (DumpAnalysis.com) organizes a training course:

If you are registered you are allowed to optionally submit your memory dumps before the training. This will allow us in addition to the carefully constructed problems tailor extra examples to the needs of the attendees.

The training consists of 2 two-hour sessions and additional homework exercises. When you finish the training you additionally get:

1. A full transcript in PDF format (retail price $200)
2. 5 volumes of Memory Dump Analysis Anthology in PDF format (retail price $100)
3. A personalized attendance certificate with unique CID (PDF format)
4. Free Dump Analysis World Network membership including updates to full PDF transcript Q&A section

Prerequisites: Basic .NET programming and debugging.

Audience: Software developers, software technical support and escalation engineers.

Session 1: May 11, 2012 4:00 PM - 6:00 PM BST
Session 2: May 14, 2012 4:00 PM - 6:00 PM BST

Price: 210 USD

Space is limited.
Reserve your remote training seat now at:
https://student.gototraining.com/r/2835428622992718336

If you are interested in kernel and complete memory dump analysis there is another course available:

Accelerated Windows Memory Dump Analysis

After 4 years in print this bestselling title needs an update to address minor changes, include extra examples and reference additional research published in Volumes 2, 3, 4, 5 and 6.

• Title: Memory Dump Analysis Anthology, Volume 1
• Author: Dmitry Vostokov
• Publisher: OpenTask (Summer 2012)
• Language: English
• Product Dimensions: 22.86 x 15.24

• Paperback: 800 pages
• ISBN-13: 978-1-908043-35-1

• Hardcover: 800 pages
• ISBN-13: 978-1-908043-36-8

Previous edition

The following direct links can be used to order the book now:

Buy Paperback from Amazon

This is a transcript of Memory Dump Analysis Services Webinar about Software Narratology: an exciting new discipline and a field of research founded by DumpAnalysis.org. When software executes it gives us its stories in the form of UI events, software traces and logs. Such stories can be analyzed for their structure and patterns for troubleshooting, debugging and problem resolution purposes. Topics also include software narremes and their types, anticipatory software construction and software diagnostics.

• Title: Software Narratology: An Introduction to the Applied Science of Software Stories
• Authors: Dmitry Vostokov, Memory Dump Analysis Services
• Publisher: OpenTask (April 2012)
• Language: English
• Product Dimensions: 28.0 x 21.6
• Paperback: 26 pages
• ISBN-13: 978-1908043078

Due to many questions on recommended books to learn assembly language for debugging purposes we provide these references:

Windows Debugging: Practical Foundations
x64 Windows Debugging: Practical Foundations

Each book can be read independently although some platform-independent content overlaps. x64 bit book focuses on 64-bit only.

We believe these books provide all necessary motivation, context and practical foundation for other in-depth assembly language textbooks on the market.

The similar book for x64 Mac OS X is in preparation.

Welcome to the new scalable and cost-effective software support model devised to address various shortcomings in existing tiered software support organizations. Don't miss an opportunity to learn about its foundation during a free Webinar organized by Memory Dump Analysis Services:

Date: 22nd of June, 2012
Time: 17:00 (BST) 12:00 (EST) 09:00 (PST)
Duration: 60 minutes

Space is limited.
Reserve your Webinar seat now at:
https://www3.gotomeeting.com/register/172771078

NEW! Now also with Mac OS X and GDB

Welcome to Debugging TV and Frames series where each episode features some facet of debugging, memory dump, and software trace analysis in 8 slides in 8 minutes including live WinDbg (Windows) or GDB (Mac OS X, Linux) demonstration plus extra 8 minutes for you to ask questions.

Register for Debugging TV Frame 0x0E and further weekly episodes
Date: Friday, May 18, 2012
Time: 5:45 PM - 6:01 PM GMT

Space is limited.
Reserve your seat now at:
https://www3.gotomeeting.com/register/318613774

After registering you will receive a confirmation email containing information about joining the show.

Debugging TV Frame 0x01
Recording: https://www3.gotomeeting.com/register/640694470
Recording (zip): 2011-10-07-Debugging-TV-Frame-0x01.zip
Slides: DebuggingTV_Frame_0x01.pdf
WinDbg log: DebuggingTV_Frame_0x01.txt

Debugging TV Frame 0x02
Recording: 2011-10-14-Debugging-TV-Frame-0x02.zip
Slides: DebuggingTV_Frame_0x02.pdf
From Q&A session: DIA SDK to access PDB symbol files

Debugging TV Frame 0x03
Recording: 2011-10-21-Debugging-TV-Frame-0x03.zip
Slides: DebuggingTV_Frame_0x03.pdf
WinDbg log: DebuggingTV_Frame_0x03.txt

Debugging TV Frame 0x04
Recording: 2011-11-25-Debugging-TV-Frame-0x04.zip
Slides: DebuggingTV_Frame_0x04.pdf
WinDbg log: DebuggingTV_Frame_0x04.txt
Note on Q&A: There was a question about the difference between .symopt-4 and .reload /f and indeed for the exercise purpose there was no difference. However I understood the question incorrectly and when I mentioned about forcing mismatched symbols load I meant .reload /f /i that we covered in the previous Frame Episode 0x02.

Debugging TV Frame 0x05
Recording: 2011-12-02-Debugging-TV-Frame-0x05.zip
Slides: DebuggingTV_Frame_0x05.pdf
WinDbg log: DebuggingTV_Frame_0x05.txt

Debugging TV Frame 0x06
Recording: 2012-01-06-Debugging-TV-Frame-0x06.zip
Slides: DebuggingTV_Frame_0x06.pdf
WinDbg log: DebuggingTV_Frame_0x06.txt

Debugging TV Frame 0x07
Recording: 2012-02-03-Debugging-TV-Frame-0x07.zip
Slides: DebuggingTV_Frame_0x07.pdf
WinDbg log: DebuggingTV_Frame_0x07.txt

Debugging TV Frame 0x08
Recording: 2012-02-17-Debugging-TV-Frame-0x08.zip
Slides: DebuggingTV_Frame_0x08.pdf
WinDbg log: DebuggingTV_Frame_0x08.txt
API description: contexts.h
Modeling application: TestActCtx.zip

Debugging TV Frame 0x09
Recording: 2012-02-24-Debugging-TV-Frame-0x09.zip
Slides: DebuggingTV_Frame_0x09.pdf
WinDbg log 1: DebuggingTV_Frame_0x09-1.txt
WinDbg log 2: DebuggingTV_Frame_0x09-2.txt
Modeling application: MixedBreakpoints.zip

Debugging TV Frame 0x0A (Mac OS X)
Recording: 2012-03-16-Debugging-TV-Frame-0x0A.zip
Slides: DebuggingTV_Frame_0x0A.pdf

Debugging TV Frame 0x0B (Mac OS X)
Recording: 2012-03-30-Debugging-TV-Frame-0x0B.zip
Slides: DebuggingTV_Frame_0x0B.pdf

Debugging TV Frame 0x0C (Mac OS X)
Recording: 2012-04-06-Debugging-TV-Frame-0x0C.zip
Crash report: MultipleThreads_2012-04-06-092234_DumpAnalysis-MacBook-Air.crash
Slides: DebuggingTV_Frame_0x0C.pdf

Debugging TV Frame 0x0D (Mac OS X)
Recording: https://www3.gotomeeting.com/archive/318613774
Crash report: SpikingThread_2012-05-04-174941_DumpAnalysis-MacBook-Air.crash
Slides: DebuggingTV_Frame_0x0D.pdf

More frames are coming and www.debugging.tv hosts TV programme and recordings of past episodes.

This newly expanded field studies all types of narratives in software construction and post-construction.

For details please visit our blog:

http://www.dumpanalysis.org/blog/index.php/2012/03/11/software-narratolo...
http://www.dumpanalysis.org/blog/index.php/2012/03/11/software-narrative...
http://www.dumpanalysis.org/blog/index.php/2012/02/02/narremes-in-softwa...

Please also register for our free Webinar: http://www.dumpanalysis.org/webinar-introduction-software-narratology

One of sources of Memoretics is Narratology to which the former contributes back by providing structural and behavioral analysis patterns and frameworks.

For the full story please visit our blog: http://www.dumpanalysis.org/blog/index.php/2012/02/13/software-narratolo...

New! Available for Safari Books Online subscribers

The following direct links can be used to order the book now:

Buy Paperback from Amazon

Buy Paperback from Barnes & Noble

Available for sale in PDF format from Memory Dump Analysis Services.

The full transcript of Memory Dump Analysis Services Training with 10 step-by-step exercises, notes, and selected Q&A.

• Title: Advanced Windows Memory Dump Analysis with Data Structures: Training Course Transcript and WinDbg Practice Exercises with Notes
• Authors: Dmitry Vostokov, Memory Dump Analysis Services
• Publisher: OpenTask (January 2012)
• Language: English
• Product Dimensions: 28.0 x 21.6
• Paperback: 180 pages
• ISBN-13: 978-1908043344

Table of Contents

Feel frustrated when opening a software trace with millions of messages from hundreds of software components, threads and processes?

Memory Dump Analysis Services (DumpAnalysis.com) organizes a training course:

Learn how to efficiently and effectively analyze software traces and logs from complex software environments. Covered popular software logs and trace formats from Microsoft and Citrix products and tools including Event Tracing for Windows (ETW) and Citrix Common Diagnostics Format (CDF). Learn how to use pioneering and innovative pattern-driven software problem behavior analysis to troubleshoot and debug software incidents.

If you are registered you are allowed to optionally submit your software traces and logs before the training. This will allow us in addition to the carefully constructed problems tailor additional examples to the needs of the attendees.

The training consists of 2 two-hour sessions and additional homework exercises. When you finish the training you additionally get:

1. A full transcript in PDF format (retail price $200)
2. 6 volumes of Memory Dump Analysis Anthology in PDF format (retail price $120)
3. A personalized attendance certificate with unique CID (PDF format)
4. Free Dump Analysis World Network membership including updates to full PDF transcript Q&A section

Prerequisites: Basic Windows troubleshooting.

Audience: Software technical support and escalation engineers, software maintenance engineers, system administrators.

Session 1: October 12, 2012 4:00 PM - 6:00 PM BST
Session 2: October 15, 2012 4:00 PM - 6:00 PM BST

Price: 210 USD

Space is limited.
Reserve your remote training seat now at:
https://student.gototraining.com/r/5287623225237732608

For details please visit our blog.

New! Available for Safari Books Online subscribers

The following direct links can be used to order the book now:

Buy Paperback from Amazon

Buy Paperback from Barnes & Noble

Available for sale in PDF format from Memory Dump Analysis Services.

The full transcript of Memory Dump Analysis Services Training with 7 step-by-step exercises, notes, source code of specially created modeling applications and selected Q&A. Covers 20 .NET memory dump analysis patterns plus additional unmanaged patterns.

• Title: Accelerated .NET Memory Dump Analysis: Training Course Transcript and WinDbg Practice Exercises with Notes
• Authors: Dmitry Vostokov, Memory Dump Analysis Services
• Publisher: OpenTask (November 2011)
• Language: English
• Product Dimensions: 28.0 x 21.6
• Paperback: 204 pages
• ISBN-13: 978-1908043320

Table of Contents

A software problem incident is described using software problem description language. Its program interpretation or compilation results in a published software problem solving tool. Tools can be reused, parameterized, aggregated and organized into hierarchical catalogs. Welcome to the TaaS of the future!

0. The design and development of SPDL (Software Problem Description Language) with a purpose to automatic generation of software troubleshooting tools based on the description of a problem. Please visit this archival link for more details: http://www.dumpanalysis.org/blog/index.php/category/spdl/

1. The design and development of memory-oriented operating system where memory is the foundation of the whole architecture from the ground up. Please visit this archival link for more details: http://www.dumpanalysis.org/blog/index.php/category/memory-os/

We have conducted research and our internal case studies show that pattern-driven approach to memory analysis significantly decreases learning time: up to 10 times faster than before if not more. Whereas in the past it could take several years to master crash and hang dump analysis - today it takes a few months.

Memory Dump Analysis Services provides the first accelerated pattern-driven analysis training to decrease learning time even more while simultaneously lowering the steep learning curve:

Accelerated Windows Memory Dump Analysis Training

Accelerated .NET Memory Dump Analysis Training

Also available:

Advanced Windows Memory Dump Analysis with Data Structures

The new 6th volume from the discoverer of software behavioral genome and periodic table of software defects. Contains revised, edited, cross-referenced, and thematically organized selected DumpAnalysis.org blog posts about memory dump and software trace analysis, software troubleshooting and debugging written in November 2010 - October 2011 for software engineers developing and maintaining products on Windows platforms, quality assurance engineers testing software on Windows platforms, technical support and escalation engineers dealing with complex software issues, and security researchers, malware analysts and reverse engineers. The sixth volume features:

- 56 new crash dump analysis patterns including 14 new .NET memory dump analysis patterns
- 4 new pattern interaction case studies
- 11 new trace analysis patterns
- New Debugware pattern
- Introduction to UI problem analysis patterns
- Introduction to intelligence analysis patterns
- Introduction to unified debugging pattern language
- Introduction to generative debugging, metadefect template library and DNA of software behavior
- The new school of debugging
- .NET memory dump analysis checklist
- Software trace analysis checklist
- Introduction to close and deconstructive readings of a software trace
- Memory dump analysis compass
- Computical and Stack Trace Art
- The abductive reasoning of Philip Marlowe
- Orbifold memory space and cloud computing
- Memory worldview
- Interpretation of cyberspace
- Relationship of memory dumps to religion
- Fully cross-referenced with Volume 1, Volume 2, Volume 3, Volume 4, and Volume 5

Product information:

• Title: Memory Dump Analysis Anthology, Volume 6
• Author: Dmitry Vostokov
• Language: English
• Product Dimensions: 22.86 x 15.24

• Paperback: 300 pages
• Publisher: Opentask (December 2011)
• ISBN-13: 978-1-908043-19-1

• Hardcover: 300 pages
• Publisher: Opentask (January 2012)
• ISBN-13: 978-1-908043-20-7

Back cover features 3d memory space visualization image created with ParaView.

Available for Safari Books Online subscribers

The following direct links can be used to order the book now:

Buy Kindle Edition from Amazon

Buy Paperback or Hardcover from Amazon

Buy Paperback or Hardcover from Barnes & Noble

Buy Digital PDF, Nook, iTunes

Written by the founder of DumpAnalysis.org this book is not about bugs or debugging techniques but about background knowledge everyone needs to start experimenting with WinDbg, learn from practical experience and read other advanced debugging books. Solid understanding of fundamentals like pointers is needed to analyze stack traces beyond !analyze -v and lmv WinDbg commands. This is the book to help technical support and escalation engineers and Windows software testers without the knowledge of assembly language to master necessary prerequisites to understand and start debugging and crash dump analysis on Windows platforms. It doesn't require any specific knowledge, fills the gap and lowers the learning curve. The book is also useful for software engineers coming from managed code or Java background, engineers coming from non-Wintel environments, Windows C/C++ software engineers without assembly language background, security researchers and beginners learning Windows software disassembling and reverse engineering techniques. This book can also be used as Intel assembly language and Windows debugging supplement for relevant undergraduate level courses.

Product details:

• Title: Windows Debugging: Practical Foundations
• Author: Dmitry Vostokov
• Language: English
• Product Dimensions: 22.86 x 15.24

• Paperback: 200 pages
• ISBN-13: 978-1-906717-10-0
• Publisher: Opentask (01 February 2009)

• Hardback: 200 pages
• ISBN-13: 978-1-906717-67-4
• Publisher: Opentask (23 March 2009)

Table of Contents
Errata

Praise for the book:

I am a C++/Windows developer and have been a Windows debugging enthusiast for quite a long time now. However, I have never been able to get a good and credible source of information with regards to the internals of debugging using WinDbg. Over the years, I have laid my hands on various sources that deal with Windows Debugging tools and debugging techniques. Every time I purchased a book or went through an online source, I was limited to confusing information that lead me to give up on this topic. Even reliable books that claimed to be the best in the market were nothing less than a colossal disappointment. However, recently when I came across "Windows Debugging: Practical Foundation" that was purchased by a friend of mine, I was sceptic but, nonetheless, decided to give it a chance. Trust me, although not perfect, the book has helped me a lot in learning more about windows internals and debugging techniques. I would like to extend my complements for writing a book that divulges details in a very concise yet clear manner.

Sriram Sarma

Book reviews:

Amazon reviews
Amazon UK reviews

Free recording of the Webinar organized by Memory Dump Analysis Services can be found here:

https://www3.gotomeeting.com/register/562134486

The presentation slides, WinDbg logs and other materials are available here:

http://www.dumpanalysis.com/FCMDA-materials-Rev2

Memoretics views Cyber Space as Memory Space + Memory Data. Here Memory Space consists of many different memory spaces. Although data is private property memory space where it is located is not:

We propose private property on memory spaces and their partitions as a solution to various Cyber problems such as Cyber Crime and Cyber War:

New! The revised PDF edition now contains extra 28 pages of Q&A section totalling more than 70 questions and answers.

Available for Safari Books Online subscribers

The following direct links can be used to order the book now:

Buy Paperback from Amazon

Buy Paperback from Barnes & Noble

Also available for sale in PDF format from Memory Dump Analysis Services.

The full transcript of Memory Dump Analysis Services Training with 21 step-by-step exercises, notes, source code of specially created modeling applications and selected Q&A. Covers about 50 crash dump analysis patterns from process, kernel and complete memory dumps.

• Title: Accelerated Windows Memory Dump Analysis: Training Course Transcript and WinDbg Practice Exercises with Notes
• Authors: Dmitry Vostokov, Memory Dump Analysis Services
• Publisher: OpenTask (August 2011)
• Language: English
• Product Dimensions: 28.0 x 21.6
• Paperback: 360 pages
• ISBN-13: 978-1908043290

Table of Contents

New! Available for Safari Books Online subscribers

The following direct links can be used to order the book now:

Buy Paperback from Amazon

Buy Paperback from Barnes & Noble

The full transcript of Memory Dump Analysis Services Webinar on pattern-driven software troubleshooting, debugging and maintenance. Topics include: A Short History of DumpAnalysis.org; Memory Dump Analysis Patterns; Troubleshooting and Debugging Tools (Debugware) Patterns; Software Trace Analysis Patterns; From Software Defects to Software Behavior; Workaround Patterns; Structural Memory Patterns; Memory Analysis Domain Pattern Hierarchy; New Directions.

• Title: Introduction to Pattern-Driven Software Problem Solving
• Authors: Dmitry Vostokov, Memory Dump Analysis Services
• Publisher: OpenTask (June 2011)
• Language: English
• Product Dimensions: 28.0 x 21.6
• Paperback: 24 pages
• ISBN-13: 978-1908043177