Diagnostics Science

Diagnostics is the mother of problem solving.

All areas of human activity involve the use of diagnostics. Proper diagnostics identifies the right problems to solve. We are now a part of a non-profit organization dedicated to the developing and promoting the application of such diagnostics: systemic and pattern-oriented (pattern-driven and pattern-based).

Pattern-Oriented Software Diagnostics and Anomaly Detection Reference

Click on an individual book to see its description and table of contents:

Pattern-oriented software diagnostics, uniquely systematic and multidisciplinary, is the new approach in a long time. Described as the unified field theory of software diagnostics, It encompasses and expands the whole field, offers a wider range of software diagnostic possibilities, gives the novel lens to software diagnosis including specific guidelines for the dauntingly complex world of software problems. This 2,500-page reference set should be on a desk of every software engineer and software support problem solver. It includes:

  1. Encyclopedia of Crash Dump Analysis Patterns, Third Edition
  2. Trace, Log, Text, Narrative: An Analysis Pattern Reference for Data Mining, Diagnostics, Anomaly Detection, Fourth Edition
  3. Theoretical Software Diagnostics: Collected Articles, Third Edition
  4. Software Diagnostics: The Collected Seminars
  5. Fundamentals of Physical Memory Analysis: Anniversary Edition
  6. Principles of Memory Dump Analysis: The Collected Seminars

You can buy this reference set from Software Diagnostics Services with a discount.

Theoretical Software Diagnostics, Third Edition

The following direct links can be used to order the third edition of the book:

Buy PDF from Leanpub

Also available in PDF format from Software Diagnostics Technology and Services

Contains reprinted articles in full color (including 200 figures) from 13 volumes of Memory Dump Analysis Anthology related to pattern-oriented software diagnostics with additional comments showing the historical development of this autonomous and distinctive discipline over the last 14 years. In addition to 10 new articles, the third edition includes updated threads of thinking, the list of mathematical concepts, and notes’ references.

Product information:

  • Title: Theoretical Software Diagnostics: Collected Articles, Third Edition
  • Authors: Dmitry Vostokov, Software Diagnostics Institute
  • Language: English
  • Product Dimensions: 21.6 x 14.0
  • Paperback: 357 pages
  • Publisher: OpenTask (October 2020)
  • ISBN-13: 978-1912636334

Table of Contents

Trace, Log, Text, Narrative: An Analysis Pattern Reference for Data Mining, Diagnostics, Anomaly Detection, Fourth Edition

New! The Fourth Edition is now available in PDF format from Software Diagnostics Services.

The fourth edition links:

Buy PDF from Leanpub

The first edition is also available for SkillSoft Books24x7 subscribers

General trace and log analysis patterns allow the application of uniform diagnostics and anomaly detection across diverse software environments. This pattern language covers any execution artifact from a small debugging trace to a distributed log with billions of messages from hundreds of computers, thousands of software components, threads, and processes. Pattern-oriented trace and log analysis is applicable to troubleshooting and debugging Windows, Mac OS X, Linux, FreeBSD, Android, iOS, z/OS, and any other possible computer platform, including networking and IoT. Its pattern catalog is a part of pattern-oriented software data analysis, diagnostics, anomaly detection, forensics, prognostics, root cause analysis, and debugging developed by Software Diagnostics Institute<. Also, the scope of applicability of such analysis patterns is much wider than just software execution artifacts or temporal data and now includes general data, narratives, text, and image analysis (space-like narratology). This reference reprints with corrections almost 200 patterns originally published in Memory Dump Analysis Anthology volumes 3 - 13 and Software Diagnostics Library. It also includes additional 5 analysis patterns from the forthcoming volume 14 bringing the total analysis pattern count to 201. Full-color diagrams accompany almost all pattern descriptions. The fourth edition includes 24 more patterns, updated classification, the bibliography, and the list of narratological and mathematical influences.

Product information:

  • Title: Trace, Log, Text, Narrative: An Analysis Pattern Reference for Data Mining, Diagnostics, Anomaly Detection, Fourth Edition
  • Authors: Dmitry Vostokov, Software Diagnostics Institute
  • Language: English
  • Product Dimensions: 21.6 x 14.0
  • Paperback: 348 pages
  • Publisher: OpenTask (September 2020)
  • ISBN-13: 978-1912636327

Table of Contents
Bird's-eye View of Pages

Streaming Architecture of Pattern-Oriented Software Diagnostics Publications

1. Producers: Software Diagnostics Institute, Library, and various artifacts from humans and software.
2. The one-thread writer to the distributed append-only log of analysis patterns and other topics: Memory Dump Analysis Anthology Volumes.
3. Consumers: Encyclopedia of Crash Dump Analysis Patterns, Trace and Log Analysis, Theoretical Software Diagnostics.

Encyclopedia of Crash Dump Analysis Patterns, Third Edition

The following direct links can be used to order the book now:

Available in PDF format from Software Diagnostics Services

The first edition is available for SkillSoft Books24x7 subscribers

This reference reprints with corrections, additional comments, and classification more than 370 alphabetically arranged and cross-referenced memory analysis patterns originally published in Memory Dump Analysis Anthology volumes 1 – 13. This pattern catalog is a part of pattern-oriented software diagnostics, forensics, prognostics, root cause analysis, and debugging developed by Software Diagnostics Institute. Most of the analysis patterns are illustrated with examples for WinDbg from Debugging Tools for Windows with a few examples from Mac OS X and Linux for GDB. The third edition includes more than 40 new analysis patterns, more than 30 new examples and comments for analysis patterns published in the previous editions, updated bibliography and links, improved illustrations and debugger output snippets with extra visual highlighting.

Product information:

  • Title: Encyclopedia of Crash Dump Analysis Patterns: Detecting Abnormal Software Structure and Behavior in Computer Memory, Third Edition
  • Authors: Dmitry Vostokov, Software Diagnostics Institute
  • Language: English
  • Product Dimensions: 24.6 x 18.9
  • PDF: 1,326 pages
  • Publisher: OpenTask (September 2020)
  • ISBN-13: 978-1-912636303

Table of Contents

Mathematical Concepts in Software Diagnostics and Software Data Analysis

Various mathematical analogies and metaphors inspired memory and log analysis patterns and some concepts of software diagnostics and software data analysis. We list them in alphabetical order:

Adjoints, see also
Braid groups
Braids, see also
Cartesian Product
Categories
Causal sets, see also, and also
Coalgebras, functors, 2-categories
Cones
Continuous and discontinuous functions
Cover
Critical points, Morse theory
Curves
Defect group of a block
Derivatives, partial derivatives, see also
Dessin d’enfant
Direct sums and products of sets, see also
Divergence
Dual categories
Dynamical systems
Equivalence relation
Fiber bundles, see also
Fibrations
Fixed points
Flag, filtration
Foliation
Fourier series
Galois connections
Graphs
Hasse diagrams
Homotopy, see also
Injections, surjections, bijections
Intervals
Jaccard index
Lattices
Manifolds, gluing
Maps, see also
Minimal surface
Moduli space
Motives, see also
Motivic integration
Open and closed sets
Operads
Orbifolds
Order duality
Ordinals
Phase
Piecewise linear functions
Poincaré map, Poincaré section
Posets
Powerset
Presheaves
Projective spaces
Quotient groups
Quotient space
Riemann surfaces, multivalued functions
Rough sets
Scalar field
Sheaves
Significant digits
Step functions
Surfaces
Tensors
Topology
Ultrametric spaces, p-adic numbers
Variadic functions

The links to their definitions and examples can be found in the corresponding references. We give the original references to Memory Dump Analysis Anthology where possible, but most of them can also be found in Pattern-Oriented Software Diagnostics Reference books.

Memory Dump Analysis Anthology, Volume 13

Available in PDF format from Software Diagnostics Services

This reference volume consists of revised, edited, cross-referenced, and thematically organized selected articles from Software Diagnostics Institute (DumpAnalysis.org + TraceAnalysis.org) and Software Diagnostics Library (former Crash Dump Analysis blog, DumpAnalysis.org/blog) about software diagnostics, root cause analysis, debugging, crash and hang dump analysis, software trace and log analysis written in December 2019 - July 2020 for software engineers developing and maintaining products on Windows and Linux platforms, quality assurance engineers testing software, technical support, escalation and site reliability engineers dealing with complex software issues, security and vulnerability researchers, reverse engineers, malware and memory forensics analysts. This volume is fully cross-referenced with volumes 1 – 12 and features:

- 9 new crash dump analysis patterns with selected downloadable example memory dumps
- 15 new software trace and log analysis patterns
- Introduction to diagnostic analysis gestures
- Introduction to the category-theoretic view of debugging
- Lists of recommended category theory, number theory, and cybersecurity books

Product information:

  • Title: Memory Dump Analysis Anthology, Volume 13
  • Authors: Dmitry Vostokov, Software Diagnostics Institute
  • Language: English
  • Product Dimensions: 22.86 x 15.24
  • Paperback: 197 pages
  • Publisher: OpenTask (August 2020)
  • ISBN-13: 978-1-912636-13-6

Table of Contents

Programming Paradigms and Software Execution Artifacts

Imperative vs. functional programming:

Memory Dump Analysis Anthology, Volume 3, Revised Edition

The new Revised Edition is available!

Available in PDF and EPUB formats from Software Diagnostics Services

This reference volume consists of revised, edited, cross-referenced, and thematically organized articles from Software Diagnostics Institute and Software Diagnostics Library (former Crash Dump Analysis blog) written in October 2008 - June 2009. In addition to various corrections, this major revision updates relevant links and removes obsolete references. Some articles are preserved for historical reasons. Most of the content, especially memory analysis and trace and log analysis pattern languages, is still relevant today and for the foreseeable future. The output of WinDbg commands is also remastered to include color highlighting. Crash dump analysis pattern names are also corrected to reflect the continued expansion of the catalog.

Compared to the second revised volume, the third revised volume features:

  • 15 new crash dump analysis patterns
  • 29 new pattern interaction case studies
  • Trace analysis patterns
  • Fully cross-referenced with Volume 1 and Volume 2
  • New appendixes

The primary audience for Memory Dump Analysis Anthology reference volumes is: software engineers developing and maintaining products on Windows platforms, technical support, escalation, and site reliability engineers dealing with complex software issues, quality assurance engineers testing software on Windows platforms, security and vulnerability researchers, reverse engineers, malware and memory forensics analysts. Trace and log analysis articles may be of interest to users of other platforms.

  • Title: Memory Dump Analysis Anthology, Volume 3, Revised Edition
  • Authors: Dmitry Vostokov, Software Diagnostics Institute
  • Publisher: OpenTask (July 2020)
  • Language: English
  • Product Dimensions: 22.86 x 15.24
  • PDF + EPUB: 394 pages
  • ISBN-13: 978-1912636235

Table of Contents

Introducing Diags: Diagnostic Analysis Gestures and Logues


First, we introduce some definitions:

A diagnostic analysis action is a user interface action, a command, a technique, a diagnostic algorithm, a diagnostic analysis pattern.

A space of tools is a collection of physical and virtual (mental, imaginary) tools at some physical or virtual (mathematical) distance from each other.

A configuration of diagnostic analysis actions is a directed graph (digraph) in a topological space of tools or a diagram in a category theory sense (Visual Category Theory Brick by Brick, Part 3).

A diagnostic analysis gesture (diag) is a configuration of diagnostic actions across the space of tools and time, resulting in a workflow of diagnostic analysis actions.

A diagnostic analysis hypergesture is a gesture of diagnostic analysis gestures, a transformation of one gesture into another, between sets of tools, similar to porting diagnostic analysis patterns from one platform to another, for example, from Windows to Linux, or from one domain to another, for example, from logs to texts. We can view diagnostic hypergestures as diagnostic gesture patterns.

The “gesture” metaphor stems from the fact that despite recent automation efforts, the diagnostic analysis process is still manual when it requires substantial domain expertise. We still use various tools, graphical and command line (hand movements), and move in cyberspace. So, it is natural to combine all these physical and virtual movements into some abstract space path. There’s also a question of diagnostic performance (in terms of achieving diagnostic goals) and repertoire. Diagnostic gestures also include tool improvisation, data exploration, action experimentation, and aesthetics as well (coolness, for example). Some gestures can be used to discover analysis patterns.

Different mathematical approaches can be used to formalize Diags and HyperDiags; for example, category theory like it was done for musical gestures and homotopy theory for hypergestures (see The Topos of Music III: Gestures: Musical Multiverse Ontologies, Second Edition). For various perspectives on general gestures, please also refer to the opening chapters of The Topos of Music III.

Initially, years ago, we proposed thinking of diagnostic tools as arrows in a category of troubleshooting where objects are diagnostic artifact states (Category Theory and Troubleshooting, Theoretical Software Diagnostics, Second Edition, p. 105). Diags approach considers tools as objects.

Second, diagnostic gestures (and gestures in general) may be described using narrative forms, and we propose some new terminology here.

A logue is a narrative of diagnostic actions which that can be viewed as a langue from theoretical linguistics. It is similar to logs in their structure and allows the application of the whole apparatus of software narratology and trace analysis patterns similar to higher-order pattern narratives.

The idea stems from viewing catalogs of analysis patterns as cat-a-logs, a category of logs (and other categories of diagnostic artifacts and their analysis patterns in general), and the difference in catalog and catalogue spellings.

Finally, we also have dia-logs (dia-logues), dialogic actions between diagnostic analysis actors and logs (logues).

Fundamentals of Physical Memory Analysis

New Anniversary Edition is now available.

The following direct links can be used to order the book now:

Buy Kindle Print Replica from Amazon

Buy PDF and EPUB from Leanpub

The previous edition is also available for SkillSoft Books24x7 subscribers

This short book is a full transcript of the Software Diagnostics Services seminar about physical memory analysis on desktop and server Windows platforms (a revised version of the previous seminars on complete crash and hang memory dump analysis). Topics include memory acquisition and its tricks, user vs. kernel vs. physical memory space, fiber bundle space, challenges of physical memory analysis, common WinDbg commands, memory analysis patterns and their classification, common mistakes, a hands-on WinDbg analysis example with logs, and a guide to further study. For this new edition, slides and their transcript text have been significantly revised, links and references have been checked and updated, and the whole WinDbg analysis session has been redone for Windows 10.

  • Title: Fundamentals of Physical Memory Analysis: Anniversary Edition
  • Author: Dmitry Vostokov, Software Diagnostics Services
  • Publisher: OpenTask (June 2020)
  • Language: English
  • Product Dimensions: 28.0 x 21.6
  • Paperback: 58 pages
  • ISBN-13: 978-1912636808


Slides

Advanced Software Diagnostics and Debugging Reference

New Volume 13 brings the total number of books to 15.

Now includes the new Revised Edition of Volume 1, Revised Edition of Volume 2, and Revised Edition of Volume 3.

Memory Dump Analysis Anthology contains revised, edited, cross-referenced, and thematically organized selected articles from Software Diagnostics Institute and Software Diagnostics Library (former Crash Dump Analysis blog) about software diagnostics, debugging, crash dump analysis, software trace and log analysis, malware analysis, and memory forensics. Its thirteen volumes in 14 books have more than 4,700 pages and, among many topics, include more than 370 memory analysis patterns (mostly for WinDbg Windows debugger with selected Mac OS X and Linux GDB variants), more than 70 WinDbg case studies, and more than 190 general trace and log analysis patterns. In addition, there are three supplemental volumes with articles reprinted in full color.

Tables of Contents and Indexes of WinDbg Commands from all volumes

Click on an individual volume to see its description and table of contents:

You can buy the 13-volume set from Software Diagnostics Services with a discount and also get free access to Software Diagnostics Library.

Praise for the series:

I have been working with reversing, dumps, IAT, unpacking, etc. and I am one of the few at my workplace that like analyzing hangs and crashes. I always knew that I had more to learn. So I continuously look for more info. Many links directed me to dumpanalysis.org. Frankly speaking, its spartan/simple design made me question its seriousness. But after reading some articles, I immediately decided to order "Memory Dump Analysis Anthology". I have only read 100 pages so far. But I am stunned. It is such an amazing book. How the author refines/reconstructs the call stack, and finds useful information in the stack is incredible. I am enormously thankful for the effort that the author has put into making these books. They are very didactic even though the topic is a bit hard. It is a real treasure.

Mattias Hogstrom

Memory Dump Analysis Anthology, Volume 2, Revised Edition

The new Revised Edition is available!

The following direct links can be used to order the English edition now:

Buy PDF and EPUB from Leanpub

Buy Kindle Print Replica from Amazon

Also available in PDF and EPUB formats from Software Diagnostics Services.

This reference volume consists of revised, edited, cross-referenced, and thematically organized articles from Software Diagnostics Institute and Software Diagnostics Library (former Crash Dump Analysis blog) written in January - September 2008. In addition to various corrections, this major revision updates relevant links and removes obsolete references. Some articles are preserved for historical reasons. Most of the content, especially memory analysis pattern language, is still relevant today and for the foreseeable future. The output of WinDbg commands is also remastered to include color highlighting. Crash dump analysis pattern names are also corrected to reflect the continued expansion of the catalog.

Compared to the first revised volume, the second revised volume features:

  • 44 more crash dump analysis patterns
  • Pattern interaction and case studies
  • Fully cross-referenced with Volume 1
  • New appendixes

The primary audience for Memory Dump Analysis Anthology reference volumes is: software engineers developing and maintaining products on Windows platforms, technical support, escalation, and site reliability engineers dealing with complex software issues, quality assurance engineers testing software on Windows platforms, security and vulnerability researchers, reverse engineers, malware and memory forensics analysts.

  • Title: Memory Dump Analysis Anthology, Volume 2, Revised Edition
  • Authors: Dmitry Vostokov, Software Diagnostics Institute
  • Publisher: OpenTask (May 2020)
  • Language: English
  • Product Dimensions: 22.86 x 15.24
  • PDF: 463 pages
  • ISBN-13: 978-1912636228

Table of Contents

Debugging and Category Theory

What is debugging? There are many definitions out there, including analogies with forensic science, victimology, and criminology. There are also definitions involving set theory. They focus on the content of debugging artifacts such as source code and its execution paths and values. We give a different definition based on debugging actions and using category theory. We also do not use mathematical notation in what follows.

What is the category theory? We do not give a precise mathematical definition based on axioms but provide a conceptual one as a worldview while omitting many details. A category is a collection of objects and associated arrows between them. Every pair of objects has a collection of arrows between them, which can be empty. So an arrow must have a source and a target object. Several sequential arrows can be composed into one arrow. We can even consider arrows as objects themselves, but this is another category with its new arrows between arrows as objects. If we consider categories as objects and arrows between these categories as objects, we have another category. So we can quickly build complex models out of that.

Can we build a conceptual model of debugging using objects and arrows? Yes, and it even has a particular name in category theory: a presheaf. So, debugging is a presheaf. To answer a question, what is a presheaf, we start constructing our debugging model focusing on objects and arrows. To avoid using mathematical language that may obscure debugging concepts, we use LEGO® bricks because we can feel the objects and arrows, and most importantly, arrows as objects (see visual category theory for more details). This hands-on activity also reminds us that debugging is a construction process.

Debugging activity involves time. We, therefore, construct a time arrow that represents software execution:



We pick two Time objects representing different execution times:



In our Time category, an arrow means the flow of time. It can also be some indexing scheme for time events or other objects (a different category) that represents some repeated activity. Please note that an arrow has specific object indicators assigned to it. Different object pairs have different arrows. It is not apparent when we use black and white mathematical notation and diagrams.



We can associate with Time objects some external objects, for example, memory snapshots, or some other software execution states, variables, execution artifacts, or even parts of the same artifact:



Therefore, we have a possible mapping from the Time category to a possible category of software execution artifacts that we name DA+TA (abbreviated [memory] dump artifacts + trace [log] artifacts). DA+TA objects are simply some sets useful for debugging. The mapping between different categories is usually called a functor in category theory. It maps objects from the source category to objects in the target category. It is itself an arrow in the category that includes source and target categories as objects:

However, we forgot to designate arrows in the target DA+TA category. Of course, a different choice of arrows makes different categories. We choose arrows that represent debugging activities such as going back in time when trying to find the root cause, such as walking a stack trace. It is a reverse activity:



A functor that maps arrows to reversed arrows is called a contravariant functor in category theory:



Such a contravariant functor from a category to the category of some sets is called a presheaf. Now we look at debugging using software traces and logs as another target category of sets. With our Time category objects, we associate different log messages:

When we use log and trace files for debugging we also go back in time trying to find the root cause message (or a set of messages) or some other clues:



Again, we have a presheaf, a contravariant functor that maps our Time category objects to sets of messages:



So, we see again, that debugging is a presheaf, a contravariant functor that maps software execution categories such as a category of time instants to sets of software execution artifacts.
Trace and log analysis pattern catalog includes another example of the source and target categories candidates for a debugging presheaf, Trace Presheaf analysis pattern that maps trace messages to memory snapshots (sets of memory cells or some other state information).

Presheaves can be mapped to each other, for example, from a presheaf of logs to a presheaf of associated source code fragments or stack traces, and this is called a natural transformation in category theory. It also fits with natural debugging when we go back in logs and, at the same time, browse source code or some other associated information sets.

This article is also available in PDF format.

Software Construction Brick by Brick

In the past, we used LEGO® bricks to represent some simple data structures and software logs, and recently, more complex data structures and algorithms, so all that transformed into a series of manageable short books (increments) to facilitate earlier adoption and feedback. Software diagnostics is an integral part of software construction and software post-construction problem-solving, and we aim to provide real hands-on training from general concepts and architecture to low-level details.

Increment 1 (ISBN-13: 978-1912636709) is currently available on Leanpub and Amazon Kindle Store. It covers memory, memory addresses, pointers, program loading, kernel and user spaces, virtual process space, memory isolation, virtual and physical memory, memory paging, memory dump types.


Book Sample
Pointers (previously unpublished)

Machine Learning Brick by Brick

In the past, we used LEGO® bricks to represent some simple data structures and software logs, so all that transformed into a series of manageable short books (epochs) to facilitate earlier adoption and feedback. Machine learning is now an integral part of pattern-oriented software diagnostics, and we aim to provide real hands-on training from general concepts and architecture to low-level details and mathematics.

Epoch 1 (ISBN-13: 978-1912636501) is currently available on Leanpub and Amazon Kindle Store. It covers the simplest linear associative network, proposes a brick notation for algebraic expressions, shows required calculus derivations, and illustrates gradient descent.


Book Sample

Memory Dump Analysis Anthology, Volume 1, Revised Edition

The new Revised Edition is available!

The following direct links can be used to order the English edition now:

Buy PDF and EPUB from Leanpub

Buy Kindle Print Replica from Amazon

Also available in PDF and EPUB formats from Software Diagnostics Services.

This reference volume consists of revised, edited, cross-referenced, and thematically organized articles from Software Diagnostics Institute and Software Diagnostics Library (former Crash Dump Analysis blog) written in August 2006 - December 2007. This major revision updates tool information and links with ones relevant for Windows 10 and removes obsolete references. Some articles are preserved for historical reasons, and some are updated to reflect the debugger engine changes. The output of WinDbg commands is also remastered to include color highlighting. Most of the content, especially memory analysis pattern language, is still relevant today and for the foreseeable future. Crash dump analysis pattern names are also corrected to reflect the continued expansion of the catalog.

The primary audience for Memory Dump Analysis Anthology reference volumes is: software engineers developing and maintaining products on Windows platforms, technical support, escalation, and site reliability engineers dealing with complex software issues, quality assurance engineers testing software on Windows platforms, security and vulnerability researchers, reverse engineers, malware and memory forensics analysts.

  • Title: Memory Dump Analysis Anthology, Volume 1, Revised Edition
  • Authors: Dmitry Vostokov, Software Diagnostics Institute
  • Publisher: OpenTask (April 2020)
  • Language: English
  • Product Dimensions: 22.86 x 15.24
  • PDF: 713 pages
  • ISBN-13: 978-1912636211

Table of Contents

The original Korean edition is also available:


The following direct links can be used to order the Korean edition now:

Acorn (The Korean translation publisher) or Kyobo book or Yes24.com

Accelerated Disassembly, Reconstruction and Reversing, Revised Edition

The new Revised Edition is available!

The following direct links can be used to order the book now:

Buy Kindle print replica edition from Amazon

Buy PDF and EPUB from Leanpub

Also available in PDF and EPUB formats from Software Diagnostics Services.

The original edition is available for SkillSoft Books24x7 subscribers

The book contains the full transcript of Software Diagnostics Services training. Learn disassembly, execution history reconstruction and binary reversing techniques for better software diagnostics, troubleshooting and debugging on x64 Windows platforms. The course uses a unique and innovative pattern-oriented analysis approach to speed up the learning curve. The training consists of practical step-by-step hands-on exercises using WinDbg and memory dumps. Covered more than 25 ADDR patterns, and many concepts are illustrated with Memory Cell Diagrams. The prerequisites for this training are working knowledge of C and C++ programming languages. Operating system internals and assembly language concepts are explained when necessary. The primary audience for this training is software technical support and escalation engineers who analyze memory dumps from complex software environments and need to go deeper in their analysis of abnormal software structure and behavior. The course is also useful for software engineers, quality assurance and software maintenance engineers who debug software running on diverse computer environments, security researchers, malware and memory forensics analysts who have never used WinDbg for analysis of computer memory. The revised edition uses the latest WinDbg 10 version, has three exercises completely redone with Windows 10 memory dumps, improved formatting, and also includes reprinted memory analysis patterns and techniques from Memory Dump Analysis Anthology referenced in the book.

  • Title: Accelerated Disassembly, Reconstruction and Reversing: Training Course Transcript and WinDbg Practice Exercises with Memory Cell Diagrams, Revised Edition
  • Authors: Dmitry Vostokov, Software Diagnostics Services
  • Publisher: OpenTask (March 2020)
  • Language: English
  • Product Dimensions: 28.0 x 21.6
  • PDF + EPUB: 211 pages
  • ISBN-13: 978-1908043757

Table of Contents and sample exercise
Slides from the training

Visual Category Theory

Concepts from category theory were used as metaphors for some trace and log analysis patterns (see Mathematical Concepts in Software Diagnostics and Software Data Analysis) and also as a foundation of software diagnostics (see Categorical Foundations of Software Diagnostics) as a part of Theoretical Software Diagnostics. However, category theory abstractions are very challenging to apprehend correctly, require a steep learning curve for non-mathematicians, and, for people with traditional naïve set theory education, a paradigm shift in thinking. The book utilizes a novel approach to teach category theory and abstract mathematics in general by using LEGO® bricks. This method was discovered when applying the same technique to teach machine learning, its data structures and algorithms, particularly directed graphs.

In order to facilitate earlier adoption and feedback, the book was split into small manageable parts. Part 1 (ISBN-13: 978-1912636402) is currently available on Leanpub and Amazon Kindle Store. It covers the definition of categories, arrows, the composition and associativity of arrows, retracts, equivalence, covariant and contravariant functors, natural transformations, and 2-categories.


Book Sample

Part 2 (ISBN-13: 978-1912636419) is currently available on Leanpub and Amazon Kindle Store. It covers duality, products, coproducts, biproducts, initial and terminal objects, pointed categories, matrix representation of morphisms, and monoids.


Book Sample

Part 3 (ISBN-13: 978-1912636426) is currently available on Leanpub and Amazon Kindle Store. It covers adjoint functors, diagram shapes and categories, cones and cocones, limits and colimits, pullbacks and pushouts.


Book Sample

Part 4 (ISBN-13: 978-1912636433) is currently available on Leanpub and Amazon Kindle Store. It covers non-concrete categories, group objects, monoid, group, opposite, arrow, slice, and coslice categories, forgetful functors, monomorphisms, epimorphisms, and isomorphisms.


Book Sample

Part 5 (ISBN-13: 978-1912636440) is currently available on Leanpub and Amazon Kindle Store. It covers exponentials and evaluation in sets and categories, subobjects, equalizers, equivalence classes and quotients, coequalizers, congruence categories, morphism functors, and presheaves.


Book Sample

Part 6 (ISBN-13: 978-1912636457) is currently available on Leanpub and Amazon Kindle Store. It covers ideas that require a leap of abstraction: vertical and whisker compositions of natural transformations, identity and isomorphism of functors, equivalence, isomorphism, and adjoint equivalence of categories, functor and morphism categories, natural transformations as functors, representable functors, category of presheaves, Yoneda embedding and lemma. It also includes an index for parts 1 - 6.


Book Sample

The first 5 parts are available as Visual Category Theory bundle on Leanpub.

Applications of category theory to software diagnostics also include Software Codiagnostics and Diagnostic Operads.

Accelerated Software Trace Analysis, Revised Edition, Part 1: Fundamentals and Basic Patterns

The following direct links can be used to order the book:

Buy PDF and EPUB from Leanpub

Also available in PDF and EPUB formats from Software Diagnostics Technology and Services

This book is a revised edition of the original Accelerated Windows Software Trace Analysis training course. General trace and log analysis pattern language covers any execution artifact from a small debugging trace to a distributed log with billions of messages from hundreds of computers, thousands of software components, threads, and processes. It also allows the application of uniform diagnostics and anomaly detection across diverse software environments, troubleshooting and debugging Windows, Mac OS X, Linux, Android, iOS, and any other possible computer platform including networking and IoT. Part 1 covers fundamentals and explains more than 60 basic trace and log analysis patterns, which are now cross-referenced in this improved and less Windows-centric edition. It can also serve as a reference.

  • Title: Accelerated Software Trace Analysis, Revised Edition, Part 1: Fundamentals and Basic Patterns
  • Authors: Dmitry Vostokov, Software Diagnostics Services
  • Publisher: OpenTask (February 2020)
  • Language: English
  • Product Dimensions: 28.0 x 21.6
  • Paperback: 110 pages
  • ISBN-13: 978-1912636310

Revised slides from the book

Accelerated Windows Memory Dump Analysis, Fifth Edition, Part 1: Process User Space

The following direct links can be used to order the book:

Buy Kindle print replica edition from Amazon

Buy PDF and EPUB from Leanpub

Also available in PDF and EPUB formats from Software Diagnostics Services

The full color transcript of Software Diagnostics Services training sessions with 20 step-by-step exercises, notes, source code of specially created modeling applications and more than 60 questions and answers. Covers more than 50 crash dump analysis patterns from x86 and x64 process memory dumps. Learn how to analyse application and service crashes and freezes, navigate through process user space and diagnose heap corruption, memory and handle leaks, CPU spikes, blocked threads, deadlocks, wait chains, and much more. The training uses a unique and innovative pattern-oriented analysis approach developed by Software Diagnostics Institute to speed up the learning curve. Prerequisites: Basic Windows troubleshooting. Audience: Software technical support and escalation engineers, system administrators, security researchers, reverse engineers, malware and memory forensics analysts, software developers and quality assurance engineers, site reliability engineers. The 5th edition was fully reworked with additional slides, exercises, and analysis patterns.

  • Title: Accelerated Windows Memory Dump Analysis, Fifth Edition, Part 1, Process User Space: Training Course Transcript and WinDbg Practice Exercises with Notes
  • Authors: Dmitry Vostokov, Software Diagnostics Services
  • Publisher: OpenTask (November 2019)
  • Language: English
  • Paperback: 387 pages
  • ISBN-13: 978-1912636051

Table of Contents

Memory Dump Analysis Anthology, Volume 12

The following direct links can be used to order the book:

Buy Kindle print replica edition from Amazon

Also available in PDF format from Software Diagnostics Services

This reference volume consists of revised, edited, cross-referenced, and thematically organized selected articles from Software Diagnostics Institute (DumpAnalysis.org + TraceAnalysis.org) and Software Diagnostics Library (former Crash Dump Analysis blog, DumpAnalysis.org/blog) about software diagnostics, root cause analysis, debugging, crash and hang dump analysis, software trace and log analysis written in December 2018 - November 2019 for software engineers developing and maintaining products on Windows and Linux platforms, quality assurance engineers testing software, technical support, escalation and site reliability engineers dealing with complex software issues, security researchers, reverse engineers, malware and memory forensics analysts. This volume is fully cross-referenced with volumes 1 – 11 and features:

- 6 new crash dump analysis patterns with selected downloadable example memory dumps
- 2 pattern interaction case studies including Python crash dump analysis
- 16 new software trace and log analysis patterns
- Introduction to software pathology
- Introduction to graphical representation of software traces and logs
- Introduction to space-like narratology as application of trace and log analysis patterns to image analysis
- Introduction to analysis pattern duality
- Introduction to machine learning square and its relationship with the state of the art of pattern-oriented diagnostics
- Historical reminiscences on 10 years of trace and log analysis patterns and software narratology
- Introduction to baseplate representation of chemical structures
- WinDbg notes
- Using C++ as a scripting tool
- List of recommended Linux kernel space books
- Volume index of memory dump analysis patterns
- Volume index of trace and log analysis patterns

Product information:

  • Title: Memory Dump Analysis Anthology, Volume 12
  • Authors: Dmitry Vostokov, Software Diagnostics Institute
  • Language: English
  • Product Dimensions: 22.86 x 15.24
  • Paperback: 179 pages
  • Publisher: OpenTask (December 2019)
  • ISBN-13: 978-1-912636-12-9

Table of Contents

Software Internals for Machine Learning


This book is planned for 2020 (ISBN: 978-1912636099).

Syndicate content