Extended Windows Memory Dump Analysis: Using and Writing WinDbg Extensions, Database and Event Stream Processing, Visualization

Available in PDF format from Software Diagnostics Services.

The book contains the full transcript of Software Diagnostics Services training with 16 hands-on exercises. This training course extends pattern-oriented analysis introduced in Accelerated Windows Memory Dump Analysis, Accelerated .NET Core Memory Dump Analysis, and Advanced Windows Memory Dump Analysis with Data Structures courses with:

  • Surveying the current landscape of WinDbg extensions with analysis pattern mappings
  • Writing WinDbg extensions in C and C++
  • Connecting WinDbg to NoSQL databases
  • Connecting WinDbg to streaming and log processing platforms
  • Querying and visualizing WinDbg output data

Prerequisites: Working knowledge of WinDbg. Working knowledge of C or C++ is optional (required only for some exercises). Other concepts are explained when necessary.

Audience: Software developers, software maintenance engineers, escalation engineers, quality assurance engineers, security and vulnerability researchers, malware and memory forensics analysts who want to build memory analysis pipelines.

  • Title: Extended Windows Memory Dump Analysis: Using and Writing WinDbg Extensions, Database and Event Stream Processing, Visualization
  • Authors: Dmitry Vostokov, Software Diagnostics Services
  • Publisher: OpenTask (September 2022)
  • Language: English
  • Product Dimensions: 28.0 x 21.6
  • PDF: 274 pages
  • ISBN-13: 978-1912636686

Table of Contents and sample exercise
Slides from the training