Build your own Event Data Recorder for your Software

Create a black box inside your software to solve problems on their first occurrence. Don’t be with incomplete data at the time of your (software) crashes.

Read about solving problems on their FIRST occurrence while emphasizing software supportability and serviceability:

First Fault Software Problem Solving Book

Plans for The Year of Dump Analysis

Release the first beta version of EasyDbg

Release the first beta version of CARE (Crash Analysis Report Environment) for a pattern-driven debugger log analyzer with standards for structured audience-driven reports

Release the first beta version of STARE (Software Trace Analysis Report Environment) for a pattern-driven software trace analyzer with corresponding standards for structured audience-driven reports

Publish the following books on dump analysis that address different audiences (general users, system administrators, support and escalation engineers, testers, software engineers, security and software defect researchers):

- Windows Debugging Notebook
- Crash Dump Analysis for System Administrators and Support Engineers
- Memory Dump Analysis Anthology, Volume 4
- Memory Dump Analysis Anthology, Volume 5
- Memory Dump Analysis Anthology Color Supplement
- Principles of Memory Dump Analysis
- My Computer Crashes and Freezes: A Non-technical Guide to Software and Hardware Errors
- Linux, FreeBSD and Mac OS X Debugging: Practical Foundations
- Encyclopedia of Crash Dump Analysis Patterns
- WinDbg In Use: Debugging Exercises

Publish articles related to memory dump analysis in Debugged! magazine

Update WinDbg Poster and Cards

The Year of Debugging in Retrospection

The Year of Debugging, 0x7D9, was a remarkable year for DumpAnalysis.org. Here is the list of achievements to report:

- Software Trace Analysis as a new discipline with its own set of patterns

- Unification of Memory Dump Analysis with Software Trace Analysis (DA+TA)

- New computer memory dump-based art movements: Opcodism and Physicalist Art

- Discovery of 3D computer memory visualization techniques

- Establishing Software Maintenance Institute

- Broadening software fault injection as Software Defect Construction discipline

- Establishing a new profession of a Software Defect Researcher

- Starting ambitious Dictionary of Debugging

- Publishing Windows Debugging: Practical Foundations book

- Publishing the first x86-free Windows debugging book: x64 Windows Debugging: Practical Foundations

- Establishing the new debugging magazine: Debugged! MZ/PE

- Publishing Memory Dump Analysis Anthology, Volume 3

- Cooperation with OpenTask to promote First Fault Software Problem Solving book

- Establishing Debugging Expert(s) Magazine Online

- Creating the first development process for debugging and software troubleshooting tools: RADII

- Publishing the first pattern-driven memory dump analysis troubleshooting methodology as a foundation for software debugging

- Proposal for an International Memory Analysts and Debuggers Day

- Almost completed Windows Debugging Notebook to be published soon

- The founder of DumpAnalysis.org (Dr. DebugLove) becomes a member of Citrix Systems Tweetrix Support Team

DumpAnalysis.org Wishes Happy New Year 7DA!

2010 (7DA) is The Year of Dump Analysis!

Happy Memories in 2010 (0x7DA)

Try to find 2010 in the corrupt code after committing the greeting to memory:

0:000> u eip
ntdll!KiFastSystemCallRet:
7c90e514 c3 ret
7c90e515 8da42400000000 lea esp,[esp]
7c90e51c 8d642400 lea esp,[esp]
ntdll!KiIntSystemCall:
7c90e520 8d542408 lea edx,[esp+8]
7c90e524 cd2e int 2Eh
7c90e526 c3 ret
7c90e527 90 nop
ntdll!RtlRaiseException:
7c90e528 55 push ebp
0:000> u
ntdll!RtlRaiseException+0x1:
7c90e529 8bec mov ebp,esp
7c90e52b 9c pushfd
7c90e52c 81ecd0020000 sub esp,2D0h
7c90e532 8985dcfdffff mov dword ptr [ebp-224h],eax
7c90e538 898dd8fdffff mov dword ptr [ebp-228h],ecx
7c90e53e 8b4508 mov eax,dword ptr [ebp+8]
7c90e541 8b4d04 mov ecx,dword ptr [ebp+4]
7c90e544 89480c mov dword ptr [eax+0Ch],ecx
0:000> u
ntdll!RtlRaiseException+0x1f:
7c90e547 8d852cfdffff lea eax,[ebp-2D4h]
7c90e54d 8988b8000000 mov dword ptr [eax+0B8h],ecx
7c90e553 8998a4000000 mov dword ptr [eax+0A4h],ebx
7c90e559 8990a8000000 mov dword ptr [eax+0A8h],edx
7c90e55f 89b0a0000000 mov dword ptr [eax+0A0h],esi
7c90e565 89b89c000000 mov dword ptr [eax+9Ch],edi
7c90e56b 8d4d0c lea ecx,[ebp+0Ch]
7c90e56e 8988c4000000 mov dword ptr [eax+0C4h],ecx
0:000> u
ntdll!RtlRaiseException+0x4c:
7c90e574 8b4d00 mov ecx,dword ptr [ebp]
7c90e577 8988b4000000 mov dword ptr [eax+0B4h],ecx
7c90e57d 8b4dfc mov ecx,dword ptr [ebp-4]
7c90e580 48 dec eax
7c90e581 61 popad
7c90e582 7070 jo ntdll!_CIcos+0xe (7c90e5f4)
7c90e584 7920 jns ntdll!RtlRaiseException+0x7e (7c90e5a6)
7c90e586 4d dec ebp
0:000> u
ntdll!RtlRaiseException+0x5f:
7c90e587 656d ins dword ptr es:[edi],dx
7c90e589 6f outs dx,dword ptr [esi]
7c90e58a 7269 jb ntdll!_CIcos+0xf (7c90e5f5)
7c90e58c 657320 jae ntdll!RtlRaiseException+0x87 (7c90e5af)
7c90e58f 696e202020da07 imul ebp,dword ptr [esi+20h],7DA2020h
7c90e596 0000 add byte ptr [eax],al
7c90e598 2121 and dword ptr [ecx],esp
7c90e59a 2121 and dword ptr [ecx],esp
0:000> u
ntdll!RtlRaiseException+0x74:
7c90e59c 0000 add byte ptr [eax],al
7c90e59e 8ca88c000000 mov word ptr [eax+8Ch],gs
7c90e5a4 8c90c8000000 mov word ptr [eax+0C8h],ss
7c90e5aa c70007000100 mov dword ptr [eax],10007h
7c90e5b0 6a01 push 1
7c90e5b2 50 push eax
7c90e5b3 ff7508 push dword ptr [ebp+8]
7c90e5b6 e8f3f3ffff call ntdll!NtRaiseException (7c90d9ae)

Advanced .NET Debugging

Author:

Mario Hewardt

Review:

Buy from Amazon
I've just started reading this book (see my notes on Software Generalist blog) and this review is written from the perspective of an unmanaged and native software engineer (the last phrase sounds funny). Being a member of a software support of a large software company I analyze crash dumps that have mscorwks.dll on their stack traces. So if you see them too this book helps you to understand what this DLL is all about and how to dig inside the hidden world of .NET it manages. I'm on page 26 and will update this review as soon as I finish the book in a few months. Please also see my review of the previous Mario's (co-authored with Daniel Pravat) book: Advanced Windows Debugging. It is of great importance to know .NET world for Windows maintenance engineers and I originally planned a similar book Unmanaged Code: Escaping the Matrix of .NET but didn't have time to finish it yet.

Update: my book review submitted to slashdot: http://slashdot.org/~DumpAnalysis/

Gigabyte

We plan to open 2010 (7DA), The Year of Dump Analysis, with the publication of a gigabyte.

Product information is:

  • Title: Gigabyte
  • Author: Dmitry Vostokov
  • Language: English
  • Product Dimensions: 21.6 x 21.6
  • Paperback: 80 pages
  • Publisher: Opentask (01 Jan 2010)
  • ISBN-13: 978-1-906717-89-6

A New Profession of Software Defect Research

By analogy with a security researcher profession, DumpAnalysis.org, Memory Analysis and Debugging Institute and Software Maintenance Institute propose the new title of a software defect researcher as a unified profession combining relevant fields of security research, testing, debugging, memory dump analysis, software reverse engineering, construction and maintenance.

Interview Crashes and Hangs

As a dual to Resume and CV: As a Book OpenTask plans to publish the long time memories of the founder of DumpAnalysis.org in the following book next year:

My Failed Job Interviews: Reflections on 50 Percent (ISBN: 978-1906717889)

The recollections span East and West, small and giant software companies, full time and part time, office and remote job positions, direct and recruitment company hiring, phone and on-site, technical and business interviews.

Software Maintenance Institute

Memory Analysis and Debugging Institute (MA&DI), DA+TA Portal (DumpAnalysis.org + TraceAnalysis.org) and OpenTask establish R&D Institute of Software Maintenance:

Software Maintenance Institute (SMInstitute.com)

Hardware Reviews

DumpAnalysis.org accepts hardware such as laptops for reviewing in relation to their suitability for extreme debugging, virtualization, trace analysis, computer forensics, memory dump analysis, visualization and auralization. If you work for a H/W company like HP, Apple, Dell, Acer, Sony or any other respectable manufacturer please don't hesitate to forward this post to your management: it could be your company brand or laptop model that debugging and software technical support community chooses next time of upgrade or for T&D / R&D! H/W reviews will be posted on the main portal page which currently has an audience of more than 330,000 unique visitors per year from more than 45,000 network locations (*).

If your company is interested please don't hesitate to use this contact form:

http://www.dumpanalysis.org/contact

(*) From Google Analytics report.

Crash Dump Analysis for System Administrators and Support Engineers (Systematic Software Fault Analysis Series)

This is a must have book for system administrators of complex Windows server platforms and client workstations to understand and choose the best course of action to address system and application crashes, hangs, CPU spikes and memory leaks. It is also invaluable to general Windows users and technical support engineers.

  • Title: Crash Dump Analysis for System Administrators and Support Engineers (Windows Edition, Systematic Software Fault Analysis Series)
  • Authors: Thomas Monahan, Dmitry Vostokov
  • Publisher: Opentask (30 November 2009)
  • Language: English
  • Product Dimensions: 22.86 x 15.24
  • ISBN-13: 978-1-906717-02-5
  • Paperback: 180 pages

This book has been superseded by the second edition:

Crash and Hang Analysis: A Guide for System Administrators, DevOps, and Support Engineers (Windows Edition) (ISBN: 978-1908043917)

Windows® Internals: Including Windows Server 2008 and Windows Vista, Fifth Edition

Author:

David Solomon and Mark Russinovich with Alex Ionescu

Review:

Buy from Amazon

The book shows the big picture of Windows architecture and collaboration of various system components. Contains various examples of WinDbg commands for exploring OS internals and even has a short chapter on crash dump analysis. However you need to read device driver books to fill the gaps and be confident in kernel space. Highly recommended for Win32 and kernel developers, maintenance software engineers and technical support.

Twitter @ DumpAnalysis

You can now follow portal and blog news at DumpAnalysis on Twitter.

DATA (Dump Analysis + Trace Analysis) Facebook Group

Please join the community of memory (dump) and trace analysis engineers. This group promotes scientific methods and memory dump-based world view.

DATA (Dump Analysis + Trace Analysis) Facebook group

Software Engineering for Real-Time Systems

Author:

Jim Cooling

Review:

Sometimes I'm asked about a broad software engineering book to recommend for general memory dump analysis that covers software architecture, design methods and diagramming languages like UML, programming languages, concurrency, real-time issues and many other topics you need to know to have systems understanding that helps in problem identification and debugging. Here's the book that I was fortunate to buy 4-5 years ago in a book shop and is a sheer pleasure to read:

Software Engineering for Real-Time Systems

Buy from Amazon

There even exists an OMG certification based on it:

http://www.omg.org/ocres/exam-info.htm

Memory Dump Analysis Certification

Memory Analysis and Debugging Institute develops x86/x64-based certification tracks for Windows and Unix (including Linux / FreeBSD / Mac OS X).
Each track consists of 3 exams, each having its own set of requirements and scope:

  • Fundamentals of Memory Dump Analysis
  • Intermediate Memory Dump Analysis
  • Advanced Memory Dump Analysis

The initiative is supported by OpenTask.

Programming Language Pragmatics, Third Edition

Author:

Michael L. Scott

Review:

Buy from Amazon
Every debugging engineer needs to know how the code is interpreted or compiled. Debugging complex problems or doing memory analysis on general-purpose operating systems often requires understanding the syntax and semantics of several programming languages and their run-time support. The knowledge of optimization techniques is also important for low-level debugging when the source code is not available. The following book provides an overview of all important concepts and discusses almost 50 languages. I read the first edition 6 years ago and I liked it so much that I'm now reading the third edition from cover to cover.

The Developer's Guide to Debugging

Author:

Thorsten Grötker, Ulrich Holtmann, Holger Keding, Markus Wloka

Review:

I finally read this book from cover to cover and I must say it is the very sound book and presents a consistent approach to debugging real-life problems with user-land C and C++ code on Linux environments.

The Developer's Guide to Debugging

Buy from Amazon

Although it uses mainly GDB for illustrations and provides Visual C++ equivalents when possible it doesn't cover Debugging Tools for Windows and its main GUI debugger, WinDbg.

Additional reader audience for this book might include a Windows engineer who needs to debug software on Linux or FreeBSD so a quick GDB crash course is needed. It would also serve as an excellent debugging course or as a supplemental course to any C or C++ course. Highly recommended if you are a Linux C/C++ software engineer. Even if you are an experienced one, you will find something new or make your debugging more consistent. If you need to teach or mentor juniors, this book helps too.

The Debugging Decade!

DumpAnalysis.org announces forthcoming 2011 - 2020 as

2011 (0x7DB) - 2020 (0x7E4) The Debugging Decade

OpenTask Announces Restructuring

OpenTask, the publisher of memory dump analysis and debugging books, announces restructuring:

http://www.opentask.com/restructuring-2009

The Year of Dump Analysis!

DumpAnalysis.org announces forthcoming 2010 as

2010 (0x7DA) - The Year of Dump Analysis

Forthcoming Computer Memory Visualization Book

This is a full color book about postmortem, static and dynamic memory visualization and its current and emerging applications:

  • Authors: Jamie Fenton, Dmitry Vostokov
  • Paperback: 64 pages
  • ISBN-13: 978-1-906717-06-3
  • Publisher: Opentask (2010)
  • Language: English
  • Product Dimensions: 28 x 21.6

Book cover features a journey to the center of pagefile theme and the discovery of cosmic rays in memory:

Core Memory: A Visual Survey of Vintage Computers

Author:

John Alderman and Mark Richards

Review:

While working on "Computer Memory Visualization" book I noticed this recent title and immediately bought it:

Buy from Amazon

This is not only a wonderful hardcover coffee table book with stunning photographs of old computers and their memory hardware but also has numerous historical notes. It nicely complements my own DLL List Landscape: The Art from Computer Memory Space book that features virtual memory visual images.

Memory Analysis and Debugging Institute

DumpAnalysis.org jointly with OpenTask establishes Memory Analysis & Debugging Institute (MA&DI)

Forthcoming Book WinDbg In Use: Debugging Exercises

Includes 60 programmed exercises from real life debugging and crash dump analysis scenarios and multiple-choice questions with full answers, comments and suggestions for further reading.

  • Title: WinDbg In Use: Debugging Exercises (Elementary and Intermediate Level)
  • Author: Dmitry Vostokov
  • Publisher: Opentask (15 March 2009)
  • Language: English
  • Product Dimensions: 23.5 x 19.1
  • ISBN-13: 978-1-906717-50-6
  • Paperback: 200 pages

The Year of Debugging!

DumpAnalysis.org jointly with OpenTask publisher announces forthcoming 2009 as

2009 (0x7D9) - The Year of Debugging

Santa bug from Narasimha Vedala

Concurrent Programming on Windows

Author:

Joe Duffy

Review:

Buy from Amazon

Table of contents is amazing for its practical depth and breadth. If you want me to provide a review in a language of concurrency (I'm reading many books in parallel) I would simply say one word:

Priority!

It simply means priority reading for any Windows software developer and maintainer. Invaluable for any engineer debugging complex software problems and analyzing Windows crash dumps. Simply because Microsoft OS and CLR developers use all this concurrent stuff and best practices described in the book so it is vital to be able recognize them in memory dumps. After reading this book you also get priority boost in your understanding of process and thread dynamics and your ability to plan, architect, design and implement concurrent applications and services.

Syndicate content