Windows Debugging: Practical Foundations

The following direct links can be used to order the book now:

Buy Kindle version

Buy Paperback or Hardcover from Amazon

Buy Paperback or Hardcover from Barnes & Noble

Buy Paperback or Hardcover from Book Depository

Written by the founder of DumpAnalysis.org this book is not about bugs or debugging techniques but about background knowledge everyone needs to start experimenting with WinDbg, learn from practical experience and read other advanced debugging books. Solid understanding of fundamentals like pointers is needed to analyze stack traces beyond !analyze -v and lmv WinDbg commands. This is the book to help technical support and escalation engineers and Windows software testers without the knowledge of assembly language to master necessary prerequisites to understand and start debugging and crash dump analysis on Windows platforms. It doesn't require any specific knowledge, fills the gap and lowers the learning curve. The book is also useful for software engineers coming from managed code or Java background, engineers coming from non-Wintel environments, Windows C/C++ software engineers without assembly language background, security researchers and beginners learning Windows software disassembling and reverse engineering techniques. This book can also be used as Intel assembly language and Windows debugging supplement for relevant undergraduate level courses.

Product details:

  • Title: Windows Debugging: Practical Foundations
  • Author: Dmitry Vostokov
  • Language: English
  • Product Dimensions: 22.86 x 15.24
  • Paperback: 200 pages
  • ISBN-13: 978-1-906717-10-0
  • Publisher: Opentask (01 February 2009)
  • Hardback: 200 pages
  • ISBN-13: 978-1-906717-67-4
  • Publisher: Opentask (23 March 2009)

Table of Contents
Errata

Praise for the book:

I am a C++/Windows developer and have been a Windows debugging enthusiast for quite a long time now. However, I have never been able to get a good and credible source of information with regards to the internals of debugging using WinDbg. Over the years, I have laid my hands on various sources that deal with Windows Debugging tools and debugging techniques. Every time I purchased a book or went through an online source, I was limited to confusing information that lead me to give up on this topic. Even reliable books that claimed to be the best in the market were nothing less than a colossal disappointment. However, recently when I came across "Windows Debugging: Practical Foundation" that was purchased by a friend of mine, I was sceptic but, nonetheless, decided to give it a chance. Trust me, although not perfect, the book has helped me a lot in learning more about windows internals and debugging techniques. I would like to extend my complements for writing a book that divulges details in a very concise yet clear manner.

Sriram Sarma

Book reviews:

Amazon reviews
Amazon UK reviews

CyberSpace and The Solution to CyberProblems

Memoretics views Cyber Space as Memory Space + Memory Data. Here Memory Space consists of many different memory spaces. Although data is private property memory space where it is located is not:

We propose private property on memory spaces and their partitions as a solution to various Cyber problems such as Cyber Crime and Cyber War:

Introduction to Pattern-Driven Software Problem Solving

The following direct links can be used to order the book now:

Buy Kindle or Paperback from Amazon

Buy Paperback from Barnes & Noble

Buy Paperback from Book Depository

The full transcript of Memory Dump Analysis Services seminar on pattern-driven software troubleshooting, debugging and maintenance. Topics include: A Short History of DumpAnalysis.org; Memory Dump Analysis Patterns; Troubleshooting and Debugging Tools (Debugware) Patterns; Software Trace Analysis Patterns; From Software Defects to Software Behavior; Workaround Patterns; Structural Memory Patterns; Memory Analysis Domain Pattern Hierarchy; New Directions.

  • Title: Introduction to Pattern-Driven Software Problem Solving
  • Authors: Dmitry Vostokov, Memory Dump Analysis Services
  • Publisher: OpenTask (June 2011)
  • Language: English
  • Product Dimensions: 28.0 x 21.6
  • Paperback: 24 pages
  • ISBN-13: 978-1908043177

Uses of Memoretics as Cross- and Interdisciplinary Science

Memoretics as a science of memory snapshots borrows many ideas from the following disciplines (the list is not exhaustive):

  • Troubleshooting and Debugging
  • Intelligence Analysis
  • Critical Thinking
  • Forensics
  • Linguistics
  • Archaeology
  • Psychoanalysis
  • History
  • Mathematics: Sets and Categories
  • Literary Criticism and Narratology

It also contributes many ideas back. The following diagram depicts such an interaction:

Memoretics promotes pattern-driven memory dump and software trace analysis which has many uses but not limited to:

  • Software and site reliability
  • Software Debugging
  • QA and Software Testing
  • Computer Security
  • Software Troubleshooting
  • Malware Research and Analysis
  • Tools as a Service (TaaS)
  • Supportability
  • Software Diagnostics

The founding text of Memoretics is Memory Dump Analysis Anthology.

DNA of Software Behavior

We consider memory dump and software trace analysis patterns as units of software behavioral genome. This work started in 2006 and we plan to continue with the publication of volumes 6 - 10 of Memory Dump Analysis Anthology. The release of volume 6 is planned for November-December, 2011.

DNA of Software Behaviour

The image was generated using 3D memory visualization techniques.

Memory Dump Analysis Anthology: Color Supplement for Volumes 4-5

The following direct links can be used to order the book now:

Buy Paperback from Amazon

Buy Paperback from Barnes & Noble

Buy Paperback from Book Depository

This is a supplemental volume of selected articles with 170 full color illustrations from Memory Dump Analysis Anthology: revised, edited, cross-referenced and thematically organized volumes of selected DumpAnalysis.org blog posts about debugging, modern crash dump and software trace analysis, conceptual physicalist and memory space art, speculative metaphysics of memory dump worldview (memoidealism) written in July 2009 - October 2010 for software engineers developing and maintaining products on Windows platforms, quality assurance engineers testing software on Windows platforms, technical support and escalation engineers dealing with complex software issues, security and defect researchers, reverse engineers and malware analysts, computer security and cyber warfare intelligence professionals, computer scientists, conceptual digital artists and philosophers. Unique in its breadth, depth, and scope it offers unprecedented insight into the world of software behavior and draws profound engineering, scientific, artistic and metaphysical implications.

  • Title: Memory Dump Analysis Anthology: Color Supplement for Volumes 4-5
  • Author: Dmitry Vostokov
  • Publisher: OpenTask (June 2011)
  • Language: English
  • Product Dimensions: 21.6 x 14.0
  • Paperback: 232 pages
  • ISBN-13: 978-1908043047

Table of Contents

Windows Debugging Notebook: Essential User Space WinDbg Commands

The following direct links can be used to order the book now:

Buy Paperback from Amazon

Buy Paperback from Barnes & Noble

Buy Paperback from Book Depository

This is a reference book for technical support and escalation engineers troubleshooting and debugging complex software issues. The book is also invaluable for software maintenance and development engineers debugging Windows applications and services.

  • ISBN-13: 978-1-906717-00-1
  • Publisher: OpenTask (15 May 2011)
  • Paperback: 256 pages

Table of Contents
Book review
Errata

First Fault Software Problem Solving Book

The following direct links can be used to order the book now:

Buy Paperback or Kindle Edition from Amazon

Buy Paperback from Barnes & Noble

Buy Paperback from Book Depository

Written by a veteran in mission-critical computer system problem resolution, problem prevention, and system recovery, this book discusses solving problems on their FIRST occurrence while emphasizing software supportability and serviceability.

  • Title: First Fault Software Problem Solving: A Guide for Engineers, Managers and Users
  • Author: Dan Skwire
  • Publisher: Opentask (1 December 2009)
  • Language: English
  • Product Dimensions: 22.86 x 15.24
  • ISBN: 1906717427
  • ISBN-13: 978-1906717421
  • Paperback: 180 pages

Table of Contents
Amazon reviews
c’t – Magazin für Computertechnik review
Alan Radding's DancingDinosaur and bottomlineIT reviews

Who should read this book?

  • Software professional engineers and managers
  • End-users, system administrators and their managers
  • Software engineering students

What will the readers of this book learn?

  • How to optimize use of pre-existing software problem solving features
  • How to choose the best products to improve first fault problem-solving
  • How to get the best results when problems occur on outsourced and cloud-placed work
  • How to choose amongst first-fault tools, second-fault tools, and manual problem solving methods to best advantage for difficult problems
  • How to be an educated consumer or creator of future problem-solving software

What is the business value of reading this book?

  • Saving money on problem solving resources (servers, storage, network, software, power, space, cooling, personnel)
  • Keeping customers happier since their issues are resolved sooner
  • Reducing the durations of computer service outages that affect external clients
  • Decreasing operational overhead and encouraging sustainable, higher-performing organizations and enterprises through best problem-solving practices

What else is special about this book?

  • 21 original illustrations to feed the soul and tickle the funny-bone
  • 21 thought-provoking quotes to feed the intellect and the spirit
  • An extensive bibliography to aid in clarification and personal growth

The New School of Debugging

The new founded school integrates traditional multidisciplinary debugging approaches and methodologies with:

- multiplatform pattern-driven software problem solving
- unified debugging patterns
- generative debugging
- best practices in memory dump analysis and software tracing
- computer security
- humanities and social sciences including archaeology and economics
- new emerging trends

Debugging in 2021: Trends for the Next Decade

  • Increased complexity of software will bring more methods from biological, social sciences and humanities in addition to existing methods of automated debugging and computer science techniques
  • Focus on first fault software problem solving (when aspect)
  • Focus on pattern-driven software problem solving (how aspect)
  • Fusion of debugging and malware analysis into a unified structural and behavioral pattern framework
  • Visual debugging, memory and software trace visualization techniques
  • Software maintenance certification
  • Focus on domain-driven troubleshooting and debugging tools as a service (debugware TaaS)
  • Focus on security issues related to memory dumps and software traces
  • New scripting languages and programming language extensions for debugging
  • The maturation of the science of memory snapshots and software traces (memoretics)

Memory Dump Analysis Anthology: Color Supplement for Volumes 1-3

The following direct links can be used to order the book now:

Buy Paperback from Amazon

Buy Paperback from Barnes & Noble

Buy Paperback from Book Depository

This is a supplemental volume of selected articles with 68 full color illustrations from Memory Dump Analysis Anthology: revised, edited, cross-referenced and thematically organized volumes of selected DumpAnalysis.org blog posts about modern crash dump analysis and debugging written in August 2006 - June 2009 for software engineers developing and maintaining products on Windows platforms, quality assurance engineers testing software on Windows platforms, technical support and escalation engineers dealing with complex software issues, security and defect researchers, computer scientists and philosophers. Unique in its breadth, depth, and scope it offers unprecedented insight into the world of Windows software and draws profound scientific and metaphysical implications.

  • Title: Memory Dump Analysis Anthology: Color Supplement for Volumes 1-3
  • Author: Dmitry Vostokov
  • Publisher: OpenTask (May 2010)
  • Language: English
  • Product Dimensions: 21.6 x 14.0
  • Paperback: 110 pages
  • ISBN-13: 978-1906717698

Table of Contents

x64 Windows Debugging: Practical Foundations

The following direct links can be used to order the book now:

Buy Kindle version

Buy Paperback or Hardcover from Amazon

Buy Paperback or Hardcover from Barnes & Noble

Buy Paperback or Hardcover from Book Depository

Written by the founder of DumpAnalysis.org this book is not about bugs or debugging techniques but about background knowledge everyone needs to start experimenting with x64 WinDbg, learn from practical experience and read other advanced debugging books. Solid understanding of fundamentals like pointers is needed to analyze stack traces beyond !analyze -v and lmv WinDbg commands. This is the book to help technical support and escalation engineers and Windows software testers without the knowledge of assembly language to master necessary prerequisites to understand and start debugging and crash dump analysis on x64 Windows platforms. It doesn't require any specific knowledge, fills the gap and lowers the learning curve. The book is also useful for software engineers coming from managed code or Java background, engineers coming from non-Wintel environments, Windows C/C++ software engineers without assembly language background, security researchers and beginners learning x64 Windows software disassembling and reverse engineering techniques. This book can also be used as AMD64 and Intel EM64T assembly language and x64 Windows debugging supplement for relevant undergraduate level courses. For someone, who wants to learn these foundations in the context of 32-bit Windows environments there is a separate x86 book (ISBN: 978-1-906717-10-0). However, this book is completely independent from that earlier book and almost every illustration was recreated to reflect x64 architecture and x64 Windows ILP 32-32-64 model (Integer-Long-Pointer).

Product details:

  • Title: x64 Windows Debugging: Practical Foundations
  • Author: Dmitry Vostokov
  • Language: English
  • Product Dimensions: 22.86 x 15.24
  • Paperback: 194 pages
  • Publisher: Opentask (17 August 2009)
  • ISBN-13: 978-1-906717-56-8
  • Hardcover: 194 pages
  • Publisher: Opentask (15 March 2010)
  • ISBN-13: 978-1-906717-92-6

Table of Contents

Memory Dump Analysis Anthology, Volume 3

The following direct links can be used to order the book now:

Buy Kindle or Paperback or Hardcover from Amazon

Buy Paperback or Hardcover from Barnes & Noble

Buy Paperback or Hardcover from Book Depository

Also available in PDF format from Software Diagnostics Services

This is a revised, edited, cross-referenced and thematically organized volume of selected DumpAnalysis.org blog posts about crash dump analysis and debugging written in October 2008 - June 2009 for software engineers developing and maintaining products on Windows platforms, quality assurance engineers testing software on Windows platforms and technical support and escalation engineers dealing with complex software issues. The third volume features:

- 15 new crash dump analysis patterns
- 29 new pattern interaction case studies
- Trace analysis patterns
- Updated checklist
- Fully cross-referenced with Volume 1 and Volume 2
- New appendixes

Product information:

  • Title: Memory Dump Analysis Anthology, Volume 3
  • Author: Dmitry Vostokov
  • Language: English
  • Product Dimensions: 22.86 x 15.24
  • Paperback: 404 pages
  • Publisher: Opentask (20 December 2009)
  • ISBN-13: 978-1-906717-43-8
  • Hardcover: 404 pages
  • Publisher: Opentask (15 March 2010)
  • ISBN-13: 978-1-906717-44-5

Table of Contents
Errata

Back cover features 3D computer memory visualization image.

Debugged! MZ/PE: MagaZine for/from Practicing Engineers

As one of the new initiatives for the Year of Debugging (2009, 0x7D9) OpenTask starts publishing full color variable page periodical publication called:

Debugged! MZ/PE: MagaZine for/from Practicing Engineers

The only serial publication dedicated entirely to Windows® debugging

The following direct links can be used to order issues now:

Order March, 2009 issue from Amazon or Barnes & Noble

New! Now available for Kindle

Order June, 2009 issue from Amazon or Barnes & Noble

Order September, 2009 issue from Amazon or Barnes & Noble

Order March, 2010 issue from Amazon or Barnes & Noble


Free version: Debugging Expert(s) Magazine Online





























Sample magazine back covers featuring debugging, crash dump and software trace analysis tips:

RADII Software Support Tools Development Process

Requirements, Architecture, Design, Implementation and Improvement



Featured in the forthcoming book: DebugWare: The Art and Craft of Writing Troubleshooting and Debugging Tools

DLL List Landscape: The Art from Computer Memory Space

The following direct links can be used to order the book now:

Buy Paperback from Amazon

Buy Paperback from Barnes & Noble

Buy Paperback from Book Depository

DLL is also a recursive acronym for DLL List Landscape. This full color book features magnificent images from process user space generated by Dump2Picture:

  • Title: DLL List Landscape: The Art from Computer Memory Space
  • Author: Dmitry Vostokov
  • Publisher: Opentask (15 December 2008)
  • Language: English
  • Product Dimensions: 21.6 x 21.6
  • ISBN-13: 978-1-906717-36-0
  • Paperback: 16 pages

Dumps, Bugs and Debugging Forensics

Finally Dr. Debugalov adventures are imprinted with bugs inside. The full-color book also features never published before cartoons and a few surprises. It sets a new standard for entertainment in software engineering.

The following direct links can be used to order the book now:

Buy Paperback from Amazon

Buy Paperback from Barnes & Noble

Buy Paperback from Book Depository

  • Title: Dumps, Bugs and Debugging Forensics: The Adventures of Dr. Debugalov
  • Author: Narasimha Vedala
  • Editor: Dmitry Vostokov
  • Publisher: Opentask (1 December 2008)
  • Language: English
  • Product Dimensions: 21.6 x 14.0
  • ISBN-13: 978-1-906717-25-4
  • Paperback: 64 pages

Table of Contents

WinDbg: A Reference Poster and Learning Cards

The following direct links can be used to order the book now:

Buy Paperback from Amazon

Buy Paperback from Barnes & Noble

Buy Paperback from Book Depository

WinDbg is a powerful debugger from Microsoft Debugging Tools for Windows. It has more than 350 commands that can be used in different debugging scenarios. The cover of this book is a poster featuring crash dump analysis checklist and common patterns seen in memory dumps and live debugging sessions. Inside the book you can find ready to cut learning cards with commands and their descriptions coloured according to their use for crash dump or live debugging sessions and user, kernel or complete memory dumps. Tossing cards can create unexpected connections between commands and help to learn them more quickly. Uncut pages can also serve as birds eye view to WinDbg debugging capabilities. More than 350 WinDbg commands including meta-commands and extensions are included.

  • Title: WinDbg: A Reference Poster and Learning Cards
  • Author: Dmitry Vostokov
  • Publisher: Opentask (20 November 2008)
  • Language: English
  • Product Dimensions: 28.0 x 21.6
  • ISBN-13: 978-1-906717-29-2
  • Paperback: 20 pages

Book Excerpt

Managed Code Exception (Python) and Managed Stack Trace (Python)

We also extend our memory analysis pattern language to managed (interpreted) and native Python platforms in addition to Scala managed platform. The first analysis patterns we choose to extend are Managed Code Exception and Managed Stack Trace which are exceptions and stack traces from some virtual machine execution, not native platform exceptions and stack traces. To model it we created the following Python code:

def main():
    foo()

def foo():
    bar()

def bar():
    ref = []
    ref[0]

if __name__ == "__main__":
    main()

Its execution produces an exception and its stack trace (traceback):

Traceback (most recent call last):
  File ".\helloCrash.py", line 12, in 
    main()
  File ".\helloCrash.py", line 2, in main
    foo()
  File ".\helloCrash.py", line 5, in foo
    bar()
  File ".\helloCrash.py", line 9, in bar
    ref[0]
IndexError: list index out of range

Happy New Year 2021!

From Meta Trace, Message Invariant, and Counter Value trace and log analysis patterns:

Happy New Year 2020!

We resume our seasonal greetings in a memory dump analysis style. The new year number resembles Regular Data analysis pattern seen in corrupt structures, heap, and pool entries. In our greeting case, this means that 2020 is everywhere. To model this abnormal or anomaly condition, we created a simple C++ program that overwrites a structure which has a function pointer with a new year value in a hexadecimal format:

#include <vector>
#include <string>

using Execute = int (*)();

int ExecutePlans()
{
	return 0;
}

struct Plans 
{
	std::vector<std::wstring> readingList;
	Execute func{ ExecutePlans };
	wchar_t notes[256];
} newYearPlans{};

int wmain()
{
	short y2020{ 0x2020 };

	for (int i{ 0 }; i < sizeof(newYearPlans) / sizeof(y2020);
	   ++i)
	{
		*(reinterpret_cast<decltype(&y2020)>
		    (&newYearPlans) + i) = y2020;
	}

	return newYearPlans.func();
}

When we launch the application, it crashes:

Since we enabled LocalDumps, we got a crash dump which we open in WinDbg:

Microsoft (R) Windows Debugger Version 10.0.18362.1 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.


Loading Dump File [C:\MemoryDumps\2020.exe.9512.dmp]
User Mini Dump File with Full Memory: 
Only application data is available

Symbol search path is: srv*
Executable search path is: 
Windows 10 Version 18362 MP (8 procs) Free x64
Product: WinNt, suite: SingleUserTS
18362.1.amd64fre.19h1_release.190318-1202
Machine Name:
Debug session time: Sun Dec 29 22:54:00.000 2019 (UTC + 4:00)
System Uptime: 0 days 22:33:17.949
Process Uptime: 0 days 0:00:05.000
....
This dump file has an exception of interest stored in it.
The stored exception information can be accessed via .ecxr.
(2528.2024): Access violation - code c0000005 
(first/second chance not available)
For analysis of this file, run !analyze -v
ntdll!NtWaitForMultipleObjects+0x14:
00007fff`be27cc14 c3              ret

When looking at Stored Exception we see Invalid Pointer code pointer having Regular Data values:

0:000> dx newYearPlans
newYearPlans                 [Type: Plans]
    [+0x000] readingList      : { size=0 } 
        [Type: std::vector...]
    [+0x018] func             : 0x2020202020202020 
        [Type: int (__cdecl*)()]
    [+0x020] notes            :
"†††††††††††††††††††††††††††††††††††††††††
†††††††††††††††††††††††††††††††††††††††††††
†††††††††††††††††††††††††††††††††††††††††††
†††††††††††††††††††††††††††††††††††††††††††
†††††††††††††††††††††††††††††††††††††††††††
†††††††††††††††††††††††††††††††††††††††††††???" [Type: wchar_t [256]]

0:000> du newYearPlans
00007ff7`88355a10  "††††††††††††††††††††††††††††††††"
00007ff7`88355a50  "††††††††††††††††††††††††††††††††"
00007ff7`88355a90  "††††††††††††††††††††††††††††††††"
00007ff7`88355ad0  "††††††††††††††††††††††††††††††††"
00007ff7`88355b10  "††††††††††††††††††††††††††††††††"
00007ff7`88355b50  "††††††††††††††††††††††††††††††††"
00007ff7`88355b90  "††††††††††††††††††††††††††††††††"
00007ff7`88355bd0  "††††††††††††††††††††††††††††††††"
00007ff7`88355c10  "††††††††††††††††."

0:000> da newYearPlans
00007ff7`88355a10  "                                "
00007ff7`88355a30  "                                "
00007ff7`88355a50  "                                "
00007ff7`88355a70  "                                "
00007ff7`88355a90  "                                "
00007ff7`88355ab0  "                                "
00007ff7`88355ad0  "                                "
00007ff7`88355af0  "                                "
00007ff7`88355b10  "                                "
00007ff7`88355b30  "                                "
00007ff7`88355b50  "                                "
00007ff7`88355b70  "                                "

0:000> dw newYearPlans
00007ff7`88355a10  2020 2020 2020 2020 2020 2020 2020 2020
00007ff7`88355a20  2020 2020 2020 2020 2020 2020 2020 2020
00007ff7`88355a30  2020 2020 2020 2020 2020 2020 2020 2020
00007ff7`88355a40  2020 2020 2020 2020 2020 2020 2020 2020
00007ff7`88355a50  2020 2020 2020 2020 2020 2020 2020 2020
00007ff7`88355a60  2020 2020 2020 2020 2020 2020 2020 2020
00007ff7`88355a70  2020 2020 2020 2020 2020 2020 2020 2020
00007ff7`88355a80  2020 2020 2020 2020 2020 2020 2020 2020

What caught our attention during exploratory dump analysis (EDA) is UNICODE interpretation of the new year value cast in a hexadecimal format. This doesn’t look good for software behavior. We hope this just means RIP 2019. As a New Year gift, we include a collection of memory analysis patterns from the Encyclopedia of Crash Dump Analysis Patterns that mention Regular Data.

2018 – The Year of Software Diagnostics Engineering

2017 was again a pivotal year for pattern-oriented software diagnostics with its software development turn, the birth of Software Diagnostics Engineering discipline and Diagnostics-Driven Development methodology. We look ahead to 2018 with more software engineering articles, descriptions of new DebugWare and DiagWare patterns, new projects, tools, training and reference books. The decade of 2010 – 2020 is the most prolific in software variety* during the short course of software evolution, an analog of the Cambrian explosion with emerging new forms of AI machines capable of learning. These are the most exciting times for software diagnostics.

Happy New Year!
Software Diagnostics Institute

* The Variety of Software: The Richness of Computation (ISBN: 978-1906717544, not yet published)

2017 – The Year of Theoretical Software Diagnostics

2016 was a pivotal year for pattern-oriented software diagnostics with its mathematical turn and the birth of theoretical software diagnostics discipline. We look ahead to 2017 with more theoretical articles, descriptions of diagnostic analysis patterns, and books already in the pipeline.

Happy New Year!
Software Diagnostics Institute

10 years!

On the 26th of March 2006, 10 years ago, dumpanalysis.org was registered! It was still a long way towards pattern-oriented software diagnostics. The main product of our activity, Memory Dump Analysis Anthology, is now in 10 books.

DebugWare: The Art and Craft of Writing Troubleshooting and Debugging Tools, Second Edition

This is a forthcoming book about architecture, design, and implementation of troubleshooting and debugging tools for software technical support. Preliminary information is:

  • Authors: Dmitry Vostokov, Software Diagnostics Institute
  • Paperback: 256 pages
  • ISBN-13: 978-1-908043-95-5
  • Publisher: Opentask (January 2016)
  • Language: English
  • Product Dimensions: 22.86 x 15.24

Front cover:

Draft Table of Contents

Happy New Year 2015!

Because 2015 is the true year of RAM we greet you again in memory dump analysis style:

; random analysis of memory / reversing analysis of memory

0:001> g o a t 2015
Bp expression 'o ' could not be resolved, adding deferred bp
*** Bp expression 'o ' contains symbols not qualified with module name.
Bp expression 't ' could not be resolved, adding deferred bp
*** Bp expression 't ' contains symbols not qualified with module name.
Unable to insert breakpoint 10001 at 00000000`0000000a, Win32 error 0n299
    "Only part of a ReadProcessMemory or WriteProcessMemory request was completed."
The breakpoint was set with BP.  If you want breakpoints
to track module load/unload state you must use BU.
go bp10001 at 00000000`0000000a failed
Unable to insert breakpoint 10003 at 00000000`00002015, Win32 error 0n299
    "Only part of a ReadProcessMemory or WriteProcessMemory request was completed."
The breakpoint was set with BP.  If you want breakpoints
to track module load/unload state you must use BU.
go bp10003 at 00000000`00002015 failed
WaitForEvent failed
ntdll!DbgBreakPoint+0x1:
00000000`77280591 c3              ret

Forthcoming Windows Debugging Notebook: Essential Concepts and Tools

This is a reference book for technical support and escalation engineers troubleshooting and debugging complex software issues. The book is also invaluable for software maintenance and development engineers debugging Windows applications and services.

  • Title: Windows Debugging Notebook: Essential Concepts and Tools
  • Authors: Malcolm McCaffery, Dmitry Vostokov
  • Language: English
  • Product Dimensions: 19.8 x 12.9 cm
  • ISBN-13: 978-1-908043-16-0
  • Publisher: OpenTask (November 2014)
  • Paperback: 256 pages

The Timeless Way of Diagnostics

Paraphrasing 2 classical books of architecture written by Christopher Alexander, et al. "The Timeless Way of Building" and "A Pattern Language: Towns, Buildings, Construction" we would like to introduce the complete restructuring of multivolume Memory Dump Analysis Anthology into the projected 10 volume "A Pattern Language for Software Diagnostics, Forensics, and Prognostics: Memory, Traces, Deconstruction". The first volume is planned for the beginning of October (ISBN: 978-1908043818) and then we plan to release additional volume every month until next Summer. The reference will have better browsing and cross-referencing format, additional examples and case studies. It will incorporate comments and new pattern knowledge acquired since the first patterns were described 8 years ago. The new edition will cover only patterns and will not include additional content found in Memory Dump Analysis Anthology such as philosophy and art. Here's the preliminary front cover based on Software Diagnostics Institute logo:

Memory Dump Analysis Anthology will continue to be released with Volume 8 planned for 2015 and include up to date research from Software Diagnostics Institute and additional topics not included in "A Pattern Language for Software Diagnostics, ...".

Happy New Year 2014!

We break our tradition to greet in memory dump analysis style. This New Year we post a software trace diagram similar to what we use to illustrate trace and log analysis patterns:

Syndicate content