Windows Debugging Notebook: Essential User Space WinDbg Commands

The following direct links can be used to order the book now:

Buy Paperback from Amazon

Buy Paperback from Barnes & Noble

Buy Paperback from Book Depository

Available for Safari Books Online subscribers

This is a reference book for technical support and escalation engineers troubleshooting and debugging complex software issues. The book is also invaluable for software maintenance and development engineers debugging Windows applications and services.

  • ISBN-13: 978-1-906717-00-1
  • Publisher: OpenTask (15 May 2011)
  • Paperback: 256 pages

Table of Contents
Book review
Errata

First Fault Software Problem Solving Book

The following direct links can be used to order the book now:

Buy Paperback or Kindle Edition from Amazon

Buy Paperback from Barnes & Noble

Buy Paperback from Book Depository

Available for Safari Books Online subscribers

Written by a veteran in mission-critical computer system problem resolution, problem prevention, and system recovery, this book discusses solving problems on their FIRST occurrence while emphasizing software supportability and serviceability.

  • Title: First Fault Software Problem Solving: A Guide for Engineers, Managers and Users
  • Author: Dan Skwire
  • Publisher: Opentask (1 December 2009)
  • Language: English
  • Product Dimensions: 22.86 x 15.24
  • ISBN: 1906717427
  • ISBN-13: 978-1906717421
  • Paperback: 180 pages

Table of Contents
Amazon reviews
c’t – Magazin für Computertechnik review
Alan Radding's DancingDinosaur and bottomlineIT reviews

Who should read this book?

  • Software professional engineers and managers
  • End-users, system administrators and their managers
  • Software engineering students

What will the readers of this book learn?

  • How to optimize use of pre-existing software problem solving features
  • How to choose the best products to improve first fault problem-solving
  • How to get the best results when problems occur on outsourced and cloud-placed work
  • How to choose amongst first-fault tools, second-fault tools, and manual problem solving methods to best advantage for difficult problems
  • How to be an educated consumer or creator of future problem-solving software

What is the business value of reading this book?

  • Saving money on problem solving resources (servers, storage, network, software, power, space, cooling, personnel)
  • Keeping customers happier since their issues are resolved sooner
  • Reducing the durations of computer service outages that affect external clients
  • Decreasing operational overhead and encouraging sustainable, higher-performing organizations and enterprises through best problem-solving practices

What else is special about this book?

  • 21 original illustrations to feed the soul and tickle the funny-bone
  • 21 thought-provoking quotes to feed the intellect and the spirit
  • An extensive bibliography to aid in clarification and personal growth

The New School of Debugging

The new founded school integrates traditional multidisciplinary debugging approaches and methodologies with:

- multiplatform pattern-driven software problem solving
- unified debugging patterns
- generative debugging
- best practices in memory dump analysis and software tracing
- computer security
- humanities and social sciences including archaeology and economics
- new emerging trends

Debugging in 2021: Trends for the Next Decade

  • Increased complexity of software will bring more methods from biological, social sciences and humanities in addition to existing methods of automated debugging and computer science techniques
  • Focus on first fault software problem solving (when aspect)
  • Focus on pattern-driven software problem solving (how aspect)
  • Fusion of debugging and malware analysis into a unified structural and behavioral pattern framework
  • Visual debugging, memory and software trace visualization techniques
  • Software maintenance certification
  • Focus on domain-driven troubleshooting and debugging tools as a service (debugware TaaS)
  • Focus on security issues related to memory dumps and software traces
  • New scripting languages and programming language extensions for debugging
  • The maturation of the science of memory snapshots and software traces (memoretics)

Memory Dump Analysis Anthology, Volume 4

The following direct links can be used to order the book now:

Buy Kindle or Paperback or Hardcover from Amazon

Buy Paperback or Hardcover from Barnes & Noble

Buy Paperback or Hardcover from Book Depository

Available for Safari Books Online subscribers

Also available in PDF format from Software Diagnostics Services

This is a revised, edited, cross-referenced and thematically organized volume of selected DumpAnalysis.org blog posts about crash dump analysis and debugging written in July 2009 - January 2010 for software engineers developing and maintaining products on Windows platforms, quality assurance engineers testing software on Windows platforms, technical support and escalation engineers dealing with complex software issues, and security researchers, malware analysts and reverse engineers. The fourth volume features:

- 15 new crash dump analysis patterns
- 13 new pattern interaction case studies
- 10 new trace analysis patterns
- 6 new Debugware patterns and case study
- Workaround patterns
- Updated checklist
- Fully cross-referenced with Volume 1, Volume 2 and Volume 3
- Memory visualization tutorials
- Memory space art

Product information:

  • Title: Memory Dump Analysis Anthology, Volume 4
  • Author: Dmitry Vostokov
  • Language: English
  • Product Dimensions: 22.86 x 15.24
  • Paperback: 424 pages
  • Publisher: Opentask (15 November 2010)
  • ISBN-13: 978-1-906717-86-5
  • Hardcover: 424 pages
  • Publisher: Opentask (15 November 2010)
  • ISBN-13: 978-1-906717-87-2

Table of Contents
Errata

Back cover features memory space art image: Internal Process Combustion.

Memory Dump Analysis Anthology: Color Supplement for Volumes 1-3

The following direct links can be used to order the book now:

Buy Paperback from Amazon

Buy Paperback from Barnes & Noble

Buy Paperback from Book Depository

This is a supplemental volume of selected articles with 68 full color illustrations from Memory Dump Analysis Anthology: revised, edited, cross-referenced and thematically organized volumes of selected DumpAnalysis.org blog posts about modern crash dump analysis and debugging written in August 2006 - June 2009 for software engineers developing and maintaining products on Windows platforms, quality assurance engineers testing software on Windows platforms, technical support and escalation engineers dealing with complex software issues, security and defect researchers, computer scientists and philosophers. Unique in its breadth, depth, and scope it offers unprecedented insight into the world of Windows software and draws profound scientific and metaphysical implications.

  • Title: Memory Dump Analysis Anthology: Color Supplement for Volumes 1-3
  • Author: Dmitry Vostokov
  • Publisher: OpenTask (May 2010)
  • Language: English
  • Product Dimensions: 21.6 x 14.0
  • Paperback: 110 pages
  • ISBN-13: 978-1906717698

Table of Contents

x64 Windows Debugging: Practical Foundations

The following direct links can be used to order the book now:

Buy Kindle version

Buy Paperback or Hardcover from Amazon

Buy Paperback or Hardcover from Barnes & Noble

Buy Paperback or Hardcover from Book Depository

Available for Safari Books Online subscribers

Written by the founder of DumpAnalysis.org this book is not about bugs or debugging techniques but about background knowledge everyone needs to start experimenting with x64 WinDbg, learn from practical experience and read other advanced debugging books. Solid understanding of fundamentals like pointers is needed to analyze stack traces beyond !analyze -v and lmv WinDbg commands. This is the book to help technical support and escalation engineers and Windows software testers without the knowledge of assembly language to master necessary prerequisites to understand and start debugging and crash dump analysis on x64 Windows platforms. It doesn't require any specific knowledge, fills the gap and lowers the learning curve. The book is also useful for software engineers coming from managed code or Java background, engineers coming from non-Wintel environments, Windows C/C++ software engineers without assembly language background, security researchers and beginners learning x64 Windows software disassembling and reverse engineering techniques. This book can also be used as AMD64 and Intel EM64T assembly language and x64 Windows debugging supplement for relevant undergraduate level courses. For someone, who wants to learn these foundations in the context of 32-bit Windows environments there is a separate x86 book (ISBN: 978-1-906717-10-0). However, this book is completely independent from that earlier book and almost every illustration was recreated to reflect x64 architecture and x64 Windows ILP 32-32-64 model (Integer-Long-Pointer).

Product details:

  • Title: x64 Windows Debugging: Practical Foundations
  • Author: Dmitry Vostokov
  • Language: English
  • Product Dimensions: 22.86 x 15.24
  • Paperback: 194 pages
  • Publisher: Opentask (17 August 2009)
  • ISBN-13: 978-1-906717-56-8
  • Hardcover: 194 pages
  • Publisher: Opentask (15 March 2010)
  • ISBN-13: 978-1-906717-92-6

Table of Contents

Memory Dump Analysis Anthology, Volume 3

The following direct links can be used to order the book now:

Buy Kindle or Paperback or Hardcover from Amazon

Buy Paperback or Hardcover from Barnes & Noble

Buy Paperback or Hardcover from Book Depository

Available for Safari Books Online subscribers

Also available in PDF format from Software Diagnostics Services

This is a revised, edited, cross-referenced and thematically organized volume of selected DumpAnalysis.org blog posts about crash dump analysis and debugging written in October 2008 - June 2009 for software engineers developing and maintaining products on Windows platforms, quality assurance engineers testing software on Windows platforms and technical support and escalation engineers dealing with complex software issues. The third volume features:

- 15 new crash dump analysis patterns
- 29 new pattern interaction case studies
- Trace analysis patterns
- Updated checklist
- Fully cross-referenced with Volume 1 and Volume 2
- New appendixes

Product information:

  • Title: Memory Dump Analysis Anthology, Volume 3
  • Author: Dmitry Vostokov
  • Language: English
  • Product Dimensions: 22.86 x 15.24
  • Paperback: 404 pages
  • Publisher: Opentask (20 December 2009)
  • ISBN-13: 978-1-906717-43-8
  • Hardcover: 404 pages
  • Publisher: Opentask (15 March 2010)
  • ISBN-13: 978-1-906717-44-5

Table of Contents
Errata

Back cover features 3D computer memory visualization image.

Memory Dump Analysis Anthology, Volume 1

The following direct links can be used to order the English edition now:

Buy Kindle or Paperback or Hardcover from Amazon

Buy Paperback or Hardcover from Barnes & Noble

Buy Paperback or Hardcover from Book Depository

Also available for Safari Books Online subscribers

Also available in PDF format from Software Diagnostics Services

The Korean edition is available:


The following direct links can be used to order the Korean edition now:

Acorn (The Korean translation publisher) or Kyobo book or Yes24.com


This is a revised, edited, cross-referenced and thematically organized volume of selected DumpAnalysis.org blog posts about crash dump analysis and debugging written in 2006 - 2007 for software engineers developing and maintaining products on Windows platforms, quality assurance engineers testing software on Windows platforms, technical support and escalation engineers dealing with complex software issues and general Windows users.

  • Title: Memory Dump Analysis Anthology, Volume 1
  • Author: Dmitry Vostokov
  • Publisher: OpenTask (15 Apr 2008)
  • Language: English
  • Product Dimensions: 22.86 x 15.24
  • Paperback (B/W): 720 pages
  • ISBN-13: 978-0-9558328-0-2
  • Hardcover (B/W): 720 pages
  • ISBN-13: 978-0-9558328-1-9
  • Hardcover (Color): 720 pages
  • ISBN-13: 978-1-906717-01-8

Table of Contents
Errata

The back cover image is the picture of TestDefaultDebugger crash dump generated by Dump2Picture

Book reviews:

Amazon reviews

Testimonials:

"This book is very good to startup on debugging. It really starts from the basics and it keeps going more in depth. Easy to read and very didactic." - Yuri Diogenes, ISA Server Support Team, Microsoft (Link)

The full premium color Collector's Edition is also available from Amazon, Barnes & Noble, and Book Depository

Debugged! MZ/PE: MagaZine for/from Practicing Engineers

As one of the new initiatives for the Year of Debugging (2009, 0x7D9) OpenTask starts publishing full color variable page periodical publication called:

Debugged! MZ/PE: MagaZine for/from Practicing Engineers

The only serial publication dedicated entirely to Windows® debugging

The following direct links can be used to order issues now:

Order March, 2009 issue from Amazon or Barnes & Noble

New! Now available for Kindle

Order June, 2009 issue from Amazon or Barnes & Noble

Order September, 2009 issue from Amazon or Barnes & Noble

Order March, 2010 issue from Amazon or Barnes & Noble


Free version: Debugging Expert(s) Magazine Online





























Sample magazine back covers featuring debugging, crash dump and software trace analysis tips:

If you have an article idea or if you'd like to write an article for us please use the following contact form:

http://www.dumpanalysis.org/contact

Memory Dump Analysis Anthology, Volume 2

The following direct links can be used to order the book now:

Buy Kindle or Paperback or Hardcover from Amazon

Buy Paperback or Hardcover from Barnes & Noble

Buy Paperback or Hardcover from Book Depository

Available for Safari Books Online subscribers

Also available in PDF format from Software Diagnostics Services

This is a revised, edited, cross-referenced and thematically organized volume of selected DumpAnalysis.org blog posts about crash dump analysis and debugging written in January - September 2008 for software engineers developing and maintaining products on Windows platforms, quality assurance engineers testing software on Windows platforms and technical support and escalation engineers dealing with complex software issues. The second volume features:

- 45 new crash dump analysis patterns
- Pattern interaction and case studies
- Updated checklist
- Fully cross-referenced with Volume 1
- New appendixes

Product information is:

  • Title: Memory Dump Analysis Anthology, Volume 2
  • Author: Dmitry Vostokov
  • Language: English
  • Product Dimensions: 22.86 x 15.24
  • Paperback: 470 pages
  • Publisher: Opentask (03 Oct 2008)
  • ISBN-13: 978-0-9558328-7-1
  • Hardcover: 470 pages
  • Publisher: Opentask (01 Nov 2008)
  • ISBN-13: 978-1-906717-22-3

Table of Contents
Errata

Back cover features visualized virtual process memory generated from a memory dump of colorimetric computer memory dating sample using Dump2Picture.

RADII Software Support Tools Development Process

Requirements, Architecture, Design, Implementation and Improvement



Featured in the forthcoming book: DebugWare: The Art and Craft of Writing Troubleshooting and Debugging Tools

DLL List Landscape: The Art from Computer Memory Space

The following direct links can be used to order the book now:

Buy Paperback from Amazon

Buy Paperback from Barnes & Noble

Buy Paperback from Book Depository

DLL is also a recursive acronym for DLL List Landscape. This full color book features magnificent images from process user space generated by Dump2Picture:

  • Title: DLL List Landscape: The Art from Computer Memory Space
  • Author: Dmitry Vostokov
  • Publisher: Opentask (15 December 2008)
  • Language: English
  • Product Dimensions: 21.6 x 21.6
  • ISBN-13: 978-1-906717-36-0
  • Paperback: 16 pages

Dumps, Bugs and Debugging Forensics

Finally Dr. Debugalov adventures are imprinted with bugs inside. The full-color book also features never published before cartoons and a few surprises. It sets a new standard for entertainment in software engineering.

The following direct links can be used to order the book now:

Buy Paperback from Amazon

Buy Paperback from Barnes & Noble

Buy Paperback from Book Depository

  • Title: Dumps, Bugs and Debugging Forensics: The Adventures of Dr. Debugalov
  • Author: Narasimha Vedala
  • Editor: Dmitry Vostokov
  • Publisher: Opentask (1 December 2008)
  • Language: English
  • Product Dimensions: 21.6 x 14.0
  • ISBN-13: 978-1-906717-25-4
  • Paperback: 64 pages

Table of Contents

WinDbg: A Reference Poster and Learning Cards

The following direct links can be used to order the book now:

Buy Paperback from Amazon

Buy Paperback from Barnes & Noble

Buy Paperback from Book Depository

WinDbg is a powerful debugger from Microsoft Debugging Tools for Windows. It has more than 350 commands that can be used in different debugging scenarios. The cover of this book is a poster featuring crash dump analysis checklist and common patterns seen in memory dumps and live debugging sessions. Inside the book you can find ready to cut learning cards with commands and their descriptions coloured according to their use for crash dump or live debugging sessions and user, kernel or complete memory dumps. Tossing cards can create unexpected connections between commands and help to learn them more quickly. Uncut pages can also serve as birds eye view to WinDbg debugging capabilities. More than 350 WinDbg commands including meta-commands and extensions are included.

  • Title: WinDbg: A Reference Poster and Learning Cards
  • Author: Dmitry Vostokov
  • Publisher: Opentask (20 November 2008)
  • Language: English
  • Product Dimensions: 28.0 x 21.6
  • ISBN-13: 978-1-906717-29-2
  • Paperback: 20 pages

Book Excerpt

2018 – The Year of Software Diagnostics Engineering

2017 was again a pivotal year for pattern-oriented software diagnostics with its software development turn, the birth of Software Diagnostics Engineering discipline and Diagnostics-Driven Development methodology. We look ahead to 2018 with more software engineering articles, descriptions of new DebugWare and DiagWare patterns, new projects, tools, training and reference books. The decade of 2010 – 2020 is the most prolific in software variety* during the short course of software evolution, an analog of the Cambrian explosion with emerging new forms of AI machines capable of learning. These are the most exciting times for software diagnostics.

Happy New Year!
Software Diagnostics Institute

* The Variety of Software: The Richness of Computation (ISBN: 978-1906717544, not yet published)

2017 – The Year of Theoretical Software Diagnostics

2016 was a pivotal year for pattern-oriented software diagnostics with its mathematical turn and the birth of theoretical software diagnostics discipline. We look ahead to 2017 with more theoretical articles, descriptions of diagnostic analysis patterns, and books already in the pipeline.

Happy New Year!
Software Diagnostics Institute

10 years!

On the 26th of March 2006, 10 years ago, dumpanalysis.org was registered! It was still a long way towards pattern-oriented software diagnostics. The main product of our activity, Memory Dump Analysis Anthology, is now in 10 books.

DebugWare: The Art and Craft of Writing Troubleshooting and Debugging Tools, Second Edition

This is a forthcoming book about architecture, design, and implementation of troubleshooting and debugging tools for software technical support. Preliminary information is:

  • Authors: Dmitry Vostokov, Software Diagnostics Institute
  • Paperback: 256 pages
  • ISBN-13: 978-1-908043-95-5
  • Publisher: Opentask (January 2016)
  • Language: English
  • Product Dimensions: 22.86 x 15.24

Front cover:

Draft Table of Contents

Happy New Year 2015!

Because 2015 is the true year of RAM we greet you again in memory dump analysis style:

; random analysis of memory / reversing analysis of memory

0:001> g o a t 2015
Bp expression 'o ' could not be resolved, adding deferred bp
*** Bp expression 'o ' contains symbols not qualified with module name.
Bp expression 't ' could not be resolved, adding deferred bp
*** Bp expression 't ' contains symbols not qualified with module name.
Unable to insert breakpoint 10001 at 00000000`0000000a, Win32 error 0n299
    "Only part of a ReadProcessMemory or WriteProcessMemory request was completed."
The breakpoint was set with BP.  If you want breakpoints
to track module load/unload state you must use BU.
go bp10001 at 00000000`0000000a failed
Unable to insert breakpoint 10003 at 00000000`00002015, Win32 error 0n299
    "Only part of a ReadProcessMemory or WriteProcessMemory request was completed."
The breakpoint was set with BP.  If you want breakpoints
to track module load/unload state you must use BU.
go bp10003 at 00000000`00002015 failed
WaitForEvent failed
ntdll!DbgBreakPoint+0x1:
00000000`77280591 c3              ret

Forthcoming Windows Debugging Notebook: Essential Concepts and Tools

This is a reference book for technical support and escalation engineers troubleshooting and debugging complex software issues. The book is also invaluable for software maintenance and development engineers debugging Windows applications and services.

  • Title: Windows Debugging Notebook: Essential Concepts and Tools
  • Authors: Malcolm McCaffery, Dmitry Vostokov
  • Language: English
  • Product Dimensions: 19.8 x 12.9 cm
  • ISBN-13: 978-1-908043-16-0
  • Publisher: OpenTask (November 2014)
  • Paperback: 256 pages

The Timeless Way of Diagnostics

Paraphrasing 2 classical books of architecture written by Christopher Alexander, et al. "The Timeless Way of Building" and "A Pattern Language: Towns, Buildings, Construction" we would like to introduce the complete restructuring of multivolume Memory Dump Analysis Anthology into the projected 10 volume "A Pattern Language for Software Diagnostics, Forensics, and Prognostics: Memory, Traces, Deconstruction". The first volume is planned for the beginning of October (ISBN: 978-1908043818) and then we plan to release additional volume every month until next Summer. The reference will have better browsing and cross-referencing format, additional examples and case studies. It will incorporate comments and new pattern knowledge acquired since the first patterns were described 8 years ago. The new edition will cover only patterns and will not include additional content found in Memory Dump Analysis Anthology such as philosophy and art. Here's the preliminary front cover based on Software Diagnostics Institute logo:

Memory Dump Analysis Anthology will continue to be released with Volume 8 planned for 2015 and include up to date research from Software Diagnostics Institute and additional topics not included in "A Pattern Language for Software Diagnostics, ...".

Training: Accelerated Windows Memory Forensics

Learn how to navigate through memory space and discover forensic artefacts. We use a unique and innovative pattern-driven analysis approach to speed up the learning curve. The training consists of practical step-by-step exercises using Microsoft WinDbg debugger from Debugging Tools for Windows to diagnose structural memory patterns in x86 and x64 physical and process memory dumps. Patterns of memory acquisition are also covered.

Accelerated Windows Memory Forensics Logo

Software Diagnostics Services (PatternDiagnostics.com) organizes a training course:

Level: Beginner/Intermediate

Prerequisites: Working knowledge of Windows. Operating system internals concepts are explained when necessary.

Audience: Security researchers, malware analysts, digital forensics engineers who have never used WinDbg for analysis of computer memory. The course will also be useful for technical support and escalation engineers who analyse memory dumps from complex software environments and need to go deeper in their analysis of abnormal software structure and behaviour.

Happy New Year 2014!

We break our tradition to greet in memory dump analysis style. This New Year we post a software trace diagram similar to what we use to illustrate trace and log analysis patterns:

Physical Memory Analysis Fundamentals

This is a revised version of the seminar delivered more than 2 years ago. Now updated to the latest WinDbg from Windows SDK 8.1.

Topics include:

  • User vs. kernel vs. physical memory space
  • Challenges of physical memory analysis
  • Common WinDbg commands
  • Patterns and pattern catalogues
  • Common mistakes
  • Fibre bundles
  • Hands-on exercise: a physical memory dump analysis
  • A guide to Software Diagnostics Library
  • Memory forensics

Physical Memory Analysis Logo

Date: December 30, 2013
Time: 7:00 PM (GMT)
Duration: 60 minutes

2014 - The Year of Software Forensics

The previous year 2013 was announced as The Year of Software Diagnostics and among various results it was successful in laying out the theoretical foundations for software forensics. We start the year 2014 with a seminar to show our vision of pattern-oriented software forensics and a roadmap for further development and advancement of its body of knowledge:

Webinar: Pattern-Oriented Software Forensics

Pattern-Oriented Software Forensics

This Webinar introduces a comprehensive theory behind software forensics based on systemic and pattern-oriented software diagnostics developed by Software Diagnostics Institute. It synthesises pattern-oriented memory analysis of malware and victimware with pattern-oriented software log and trace analysis based on software narratology.

Pattern-Oriented Software Forensics Webinar Logo

Date: 27th of December, 2013
Time: 19:00 (BST)
Duration: 60 minutes

Diagnosed by Vostokov®TM

Our founder and Chief Diagnostics Scientist Dmitry Vostokov launches his personal brand:

Training: Advanced Windows Memory Dump Analysis with Data Structures

Learn how to navigate through memory dump space and Windows data structures to troubleshoot and debug complex software incidents. We use a unique and innovative pattern-driven analysis approach to speed up the learning curve. The training consists of practical step-by-step exercises using WinDbg to diagnose structural and behavioral patterns in 64-bit kernel and complete memory dumps. Additional topics include memory search, kernel linked list navigation, practical WinDbg scripting, registry, system variables and objects, device drivers and I/O.

Public preview (selected slides) of the previous training

Advanced Windows Memory Dump Analysis Logo

Software Diagnostics Services (PatternDiagnostics.com) organizes a training course:

The training consists of 2 two-hour sessions. When you finish the training you additionally get:

  1. A full transcript in PDF format (retail price $300)
  2. 6 volumes of Memory Dump Analysis Anthology in PDF format (retail price $120)
  3. A personalized attendance certificate with unique CID (PDF format)
  4. Free Software Diagnostics Library membership with access to more than 200 cross-referenced patterns of memory dump analysis, their classification and more than 70 case studies

Prerequisites: Basic and intermediate level Windows memory dump analysis: ability to list processors, processes, threads, modules, apply symbols, walk through stack traces and raw stack data, diagnose patterns such as heap corruption, CPU spike, memory and handle leaks, access violation, stack overflow, critical section and resource wait chains and deadlocks. If you don't feel comfortable with prerequisites then Accelerated Windows Memory Dump Analysis training is recommended to take (or purchase a corresponding book) before attending this course.

Audience: Software developers, security professionals, software technical support and escalation engineers.

At this time available only in a PDF book format with $100 discount.

Syndicate content