Book: Extended Windows Memory Dump Analysis

Available in PDF format from Software Diagnostics Services.

The book contains the full transcript of Software Diagnostics Services training with 16 hands-on exercises. This training course extends pattern-oriented analysis introduced in Accelerated Windows Memory Dump Analysis, Accelerated .NET Core Memory Dump Analysis, and Advanced Windows Memory Dump Analysis with Data Structures courses with:

Surveying the current landscape of WinDbg extensions with analysis pattern mappings
Writing WinDbg extensions in C and C++
Connecting WinDbg to NoSQL databases
Connecting WinDbg to streaming and log processing platforms
Querying and visualizing WinDbg output data

Prerequisites: Working knowledge of WinDbg. Working knowledge of C or C++ is optional (required only for some exercises). Other concepts are explained when necessary.

Audience: Software developers, software maintenance engineers, escalation engineers, quality assurance engineers, security and vulnerability researchers, malware and memory forensics analysts who want to build memory analysis pipelines.

Title: Extended Windows Memory Dump Analysis: Using and Writing WinDbg Extensions, Database and Event Stream Processing, Visualization
Authors: Dmitry Vostokov, Software Diagnostics Services
Publisher: OpenTask (September 2022)
Language: English
Product Dimensions: 28.0 x 21.6
PDF: 274 pages
ISBN-13: 978-1912636686

Table of Contents and sample exercise
Slides from the training

Software Diagnostics Institute

Memory Analysis Patterns

Book: Extended Windows Memory Dump Analysis

Available in PDF format from Software Diagnostics Services.

Trace and Log Analysis Patterns

UI Problem Analysis Patterns

Structural Memory Patterns

Malware Analysis Patterns

Workaround Patterns

DebugWare Patterns

Dictionary of Debugging