Dublin School of Security

We established the new school of security that includes general memory dump and software trace analysis as a foundation. Everyone is welcome to join! We decided to keep the same DA+TA Facebook group and affiliate it with the school to facilitate unification and one point of access.

We Detour for MARS Expedition!

Welcome to the project MARS (Malware Analysis Report System). It is based on years of research in pattern-driven memory dump and software trace analysis of abnormal software behaviour.

Forthcoming Book: Malware Analysis Patterns

As a practical example of applying behavioral and structural pattern analysis of computer memory and traces OpenTask plans to publish the following title:

  • Title: Malware Patterns: Structure and Behavior of Computer Adware, Crimeware, Rootkits, Scareware, Spyware, Trojans, Viruses, Victimware and Worms
  • Author: Dmitry Vostokov
  • Paperback: 1200 pages
  • Publisher: OpenTask (October 2011)
  • ISBN-13: 978-1-908043-01-6

CV as a Book

The 2nd edition is coming:

  • Title: Resume and CV: As a Book (2nd Edition)
  • Author: Dmitry Vostokov
  • Paperback: 32 pages
  • Publisher: OpenTask (December 2010)
  • ISBN-13: 978-1-908043-00-9

The following direct links can be used to order the first edition now:

Buy from Kindle or Paperback from Amazon

Buy from Paperback from Barnes & Noble

Buy Paperback from Book Depository

A book can serve the role of CV but a CV can serve the role of a book. This is an old CV (1987 - 2003) from the founder of DumpAnalysis.org as an example of a person with CV-writing obsession.

  • Title: Resume and CV: As a Book
  • Author: Dmitry Vostokov
  • Publisher: Opentask (01 December 2008)
  • Language: English
  • Product Dimensions: 28.0 x 21.6
  • ISBN-13: 978-1-906717-34-6
  • Paperback: 20 pages

Tool Objects: Unified Troubleshooting and Debugging

Memory Dump Analysis Services opens a subsidiary Tool Objects to promote an innovative solution for the complexity of software troubleshooting and debugging.

Forthcoming Webinars in Q4, 2010

- Systems Thinking in Memory Dump and Software Trace Analysis

- Software Troubleshooting and Debugging Tools: Objects, Components, Patterns and Frameworks with UML

  • UML basics
  • DebugWare patterns
  • Unified Troubleshooting Framework
  • RADII software development process
  • Hands-on exercise: designing and building a tool

- Blue Screen Of Death Analysis Done Right: Minidump Investigation for System Administrators

  • Making sense of !analyze –v output
  • Get extra troubleshooting information with additional WinDbg commands
  • Guessing culprits with raw stack analysis
  • Who’s responsible: hardware or software?
  • Checklist and patterns
  • Including hands-on exercises: send your own minidumps

Registration and pricing information will soon be available on Memory Dump Analysis Services website.

Winners of Tell Your Windows Debugging Story 2010 Annual Competition

The first annual competition was held between 7/7/2010 and 8/8/2010 and the following winners were selected (in alphabetical order):

- Tavis Ormandy
  nominated for "windows" story: https://docs.google.com/View?id=dfqd62nk_228h28szgz

- Andrey Permamedov
  selected entries from "Diary of war with bugs": http://bugswar.blogspot.com

- Sathish Venkataraman
  sent the tough enterprise debugging story: to be published in the next issue of Debugged! magazine

All winners will get 3 volumes of Memory Dump Analysis Anthology + Color Supplement all signed by the author.

Debugging Experts Magazine Online

The design of the former Debugging Experts Magazine Online (online version of Debugged! MZ/PE):

Webinar: Fundamentals of Complete Crash and Hang Memory Dump Analysis (Second Session)

Do to the attendee limit not all registered for the first session were able to attend. The second session is available:

Date: 23rd of August 2010
Time: 19:00 (BST) 14:00 (Eastern) 11:00 (Pacific)
Duration: 90 minutes

After the second session webinar slides will be published and later a Q&A page will be compiled.

Forthcoming Webinar: Fundamentals of Complete Crash and Hang Memory Dump Analysis

Complete Memory Dump Analysis Logo

Memory Dump Analysis Services (DumpAnalysis.com) organizes a free webinar


Date: 18th of August 2010
Time: 21:00 (BST) 16:00 (Eastern) 13:00 (Pacific)
Duration: 90 minutes

Topics include:

- User vs. kernel vs. physical (complete) memory space
- Challenges of complete memory dump analysis
- Common WinDbg commands
- Patterns
- Common mistakes
- Fiber bundles
- Hands-on exercise: a complete memory dump analysis
- A guide to DumpAnalysis.org case studies

Prerequisites: working knowledge of basic user process and kernel memory dump analysis or live debugging using WinDbg

If the number of attendees exceeds 100 there will be a link for the second session.

Welcome to Memory Dump Analysis Services!

Our future sponsor has been registered in Ireland and has its own independent website and logo: DumpAnalysis.com

Forthcoming Management Bits: An Anthology from Reductionist Manager

Being a software engineer, the author penetrated a software technical support department of a major software company rising to a management position. There he started collecting various management bits and tips promising everyone to write a management book. After moving back to engineering he became a director of several software research, education, publishing and software behavior analysis consultancy institutions including a museum. This book is an anthology of selected and edited blog posts from his Management Bits and Tips blog.

What this book has to do with the crash dump analysis then? Considering metaphorically an organization as a software machine, teams as processes and individuals as threads the author had applied his unique knowledge of software crashes and hangs to organizational project failures.

  • Title: Management Bits: An Anthology from Reductionist Manager
  • Author: Dmitry Vostokov
  • Publisher: OpenTask (September 2010)
  • Language: English
  • Product Dimensions: 19.8 x 12.9
  • Paperback: 100 pages
  • ISBN-13: 978-1906717131

International Memory Analysts and Debuggers Day

07.07 and/or 08.08 starting from The Year of Dump Analysis, 2010, 7DA at 7:00 and/or 8:00 (pm preferably for moderation purposes)

Art work for this day:

Museum of Debugging and Memory Dumps

This multi-dimensional museum shows exhibitions dedicated to the history of debugging, memory dump artifacts and art.

If you would like to donate an exhibit (for example, an old memory dump or a picture related to debugging) please use this page: http://www.dumpanalysis.org/contact. Any donations are greatly appreciated!

Memory Dump and Software Trace Analysis Training and Seminars

A problem has been detected and Windows has been shut down to prevent damage to your computer

Saving a complete dump file...


*** Complete Debugging and Crash Analysis for Windows ***


The First Webinar: Fundamentals of Complete Crash and Hang Memory Dump Analysis

The presentation materials from the first webinar are available for download: http://www.dumpanalysis.com/FCMDA-materials

More forthcoming webinars

If you are interested in training please answer these questions (use this form http://www.dumpanalysis.org/contact):

  • Are you interested in on-site training, prefer traveling or attending webinars?
  • Are you interested in software trace analysis as well?
  • What specific topics are you interested in?
  • What training level (beginner, intermediate, advanced) are you interested in? (please provide an example, if possible)

Additional topics of expertise that can be integrated into training include Source Code Reading and Analysis, Debugging, Windows Architecture, Device Drivers, Troubleshooting Tools Design and Implementation, Multithreading, Deep Down C and C++, x86 and x64 Assembly Language Reading.

Forthcoming CDF and ETW Software Trace Analysis: Practical Foundations

Modern pattern-driven software trace analysis on Microsoft and Citrix platforms requires a practical guide and OpenTask plans to publish this summer the following book in both Practical Foundations and Systematic Software Fault Analysis series:

  • Title: Citrix Common Diagnostic Facility (CDF) and Microsoft Event Tracing for Windows (ETW) Software Trace Analysis: Practical Foundations
  • Author: Dmitry Vostokov
  • Publisher: Opentask (August 2010)
  • Language: English
  • Product Dimensions: 22.86 x 15.24
  • ISBN: 1906717176
  • ISBN-13: 978-1906717179
  • Paperback: 200 pages

Forthcoming Crash Dump Analysis: Practical Foundations (Windows Edition, Systematic Software Fault Analysis Series)

This is the first book from Windows Crash Dump Analysis tetralogy. It introduces basic definitions, tools, memory dump collection and preliminary analysis methods for Windows platforms including legacy versions. This practical guide and reference book is a must have for system administrators of Windows server platforms and client workstations, technical support engineers and general Windows users. It builds foundation for the second tetralogy book Crash Dump Analysis for System Administrators and Support Engineers and the remaining tetralogy books Windows Crash Dump Analysis and Advanced Windows Crash Dump Analysis.

  • Title: Crash Dump Analysis: Practical Foundations (Windows Edition, Systematic Software Fault Analysis Series)
  • Authors: Dmitry Vostokov
  • Publisher: Opentask (May 2010)
  • Language: English
  • Product Dimensions: 22.86 x 15.24
  • ISBN-13: 978-1-906717-98-8
  • Paperback: 100 pages

Build your own Event Data Recorder for your Software

Create a black box inside your software to solve problems on their first occurrence. Don’t be with incomplete data at the time of your (software) crashes.

Read about solving problems on their FIRST occurrence while emphasizing software supportability and serviceability:

First Fault Software Problem Solving Book

Plans for The Year of Dump Analysis

Release the first beta version of EasyDbg

Release the first beta version of CARE (Crash Analysis Report Environment) for a pattern-driven debugger log analyzer with standards for structured audience-driven reports

Release the first beta version of STARE (Software Trace Analysis Report Environment) for a pattern-driven software trace analyzer with corresponding standards for structured audience-driven reports

Publish the following books on dump analysis that address different audiences (general users, system administrators, support and escalation engineers, testers, software engineers, security and software defect researchers):

- Windows Debugging Notebook
- Crash Dump Analysis for System Administrators and Support Engineers
- Memory Dump Analysis Anthology, Volume 4
- Memory Dump Analysis Anthology, Volume 5
- Memory Dump Analysis Anthology Color Supplement
- Principles of Memory Dump Analysis
- My Computer Crashes and Freezes: A Non-technical Guide to Software and Hardware Errors
- Linux, FreeBSD and Mac OS X Debugging: Practical Foundations
- Encyclopedia of Crash Dump Analysis Patterns
- WinDbg In Use: Debugging Exercises

Publish articles related to memory dump analysis in Debugged! magazine

Update WinDbg Poster and Cards

The Year of Debugging in Retrospection

The Year of Debugging, 0x7D9, was a remarkable year for DumpAnalysis.org. Here is the list of achievements to report:

- Software Trace Analysis as a new discipline with its own set of patterns

- Unification of Memory Dump Analysis with Software Trace Analysis (DA+TA)

- New computer memory dump-based art movements: Opcodism and Physicalist Art

- Discovery of 3D computer memory visualization techniques

- Establishing Software Maintenance Institute

- Broadening software fault injection as Software Defect Construction discipline

- Establishing a new profession of a Software Defect Researcher

- Starting ambitious Dictionary of Debugging

- Publishing Windows Debugging: Practical Foundations book

- Publishing the first x86-free Windows debugging book: x64 Windows Debugging: Practical Foundations

- Establishing the new debugging magazine: Debugged! MZ/PE

- Publishing Memory Dump Analysis Anthology, Volume 3

- Cooperation with OpenTask to promote First Fault Software Problem Solving book

- Establishing Debugging Expert(s) Magazine Online

- Creating the first development process for debugging and software troubleshooting tools: RADII

- Publishing the first pattern-driven memory dump analysis troubleshooting methodology as a foundation for software debugging

- Proposal for an International Memory Analysts and Debuggers Day

- Almost completed Windows Debugging Notebook to be published soon

- The founder of DumpAnalysis.org (Dr. DebugLove) becomes a member of Citrix Systems Tweetrix Support Team

DumpAnalysis.org Wishes Happy New Year 7DA!

2010 (7DA) is The Year of Dump Analysis!

Happy Memories in 2010 (0x7DA)

Try to find 2010 in the corrupt code after committing the greeting to memory:

0:000> u eip
ntdll!KiFastSystemCallRet:
7c90e514 c3 ret
7c90e515 8da42400000000 lea esp,[esp]
7c90e51c 8d642400 lea esp,[esp]
ntdll!KiIntSystemCall:
7c90e520 8d542408 lea edx,[esp+8]
7c90e524 cd2e int 2Eh
7c90e526 c3 ret
7c90e527 90 nop
ntdll!RtlRaiseException:
7c90e528 55 push ebp
0:000> u
ntdll!RtlRaiseException+0x1:
7c90e529 8bec mov ebp,esp
7c90e52b 9c pushfd
7c90e52c 81ecd0020000 sub esp,2D0h
7c90e532 8985dcfdffff mov dword ptr [ebp-224h],eax
7c90e538 898dd8fdffff mov dword ptr [ebp-228h],ecx
7c90e53e 8b4508 mov eax,dword ptr [ebp+8]
7c90e541 8b4d04 mov ecx,dword ptr [ebp+4]
7c90e544 89480c mov dword ptr [eax+0Ch],ecx
0:000> u
ntdll!RtlRaiseException+0x1f:
7c90e547 8d852cfdffff lea eax,[ebp-2D4h]
7c90e54d 8988b8000000 mov dword ptr [eax+0B8h],ecx
7c90e553 8998a4000000 mov dword ptr [eax+0A4h],ebx
7c90e559 8990a8000000 mov dword ptr [eax+0A8h],edx
7c90e55f 89b0a0000000 mov dword ptr [eax+0A0h],esi
7c90e565 89b89c000000 mov dword ptr [eax+9Ch],edi
7c90e56b 8d4d0c lea ecx,[ebp+0Ch]
7c90e56e 8988c4000000 mov dword ptr [eax+0C4h],ecx
0:000> u
ntdll!RtlRaiseException+0x4c:
7c90e574 8b4d00 mov ecx,dword ptr [ebp]
7c90e577 8988b4000000 mov dword ptr [eax+0B4h],ecx
7c90e57d 8b4dfc mov ecx,dword ptr [ebp-4]
7c90e580 48 dec eax
7c90e581 61 popad
7c90e582 7070 jo ntdll!_CIcos+0xe (7c90e5f4)
7c90e584 7920 jns ntdll!RtlRaiseException+0x7e (7c90e5a6)
7c90e586 4d dec ebp
0:000> u
ntdll!RtlRaiseException+0x5f:
7c90e587 656d ins dword ptr es:[edi],dx
7c90e589 6f outs dx,dword ptr [esi]
7c90e58a 7269 jb ntdll!_CIcos+0xf (7c90e5f5)
7c90e58c 657320 jae ntdll!RtlRaiseException+0x87 (7c90e5af)
7c90e58f 696e202020da07 imul ebp,dword ptr [esi+20h],7DA2020h
7c90e596 0000 add byte ptr [eax],al
7c90e598 2121 and dword ptr [ecx],esp
7c90e59a 2121 and dword ptr [ecx],esp
0:000> u
ntdll!RtlRaiseException+0x74:
7c90e59c 0000 add byte ptr [eax],al
7c90e59e 8ca88c000000 mov word ptr [eax+8Ch],gs
7c90e5a4 8c90c8000000 mov word ptr [eax+0C8h],ss
7c90e5aa c70007000100 mov dword ptr [eax],10007h
7c90e5b0 6a01 push 1
7c90e5b2 50 push eax
7c90e5b3 ff7508 push dword ptr [ebp+8]
7c90e5b6 e8f3f3ffff call ntdll!NtRaiseException (7c90d9ae)

Advanced .NET Debugging

Author:

Mario Hewardt

Review:

Buy from Amazon
I've just started reading this book (see my notes on Software Generalist blog) and this review is written from the perspective of an unmanaged and native software engineer (the last phrase sounds funny). Being a member of a software support of a large software company I analyze crash dumps that have mscorwks.dll on their stack traces. So if you see them too this book helps you to understand what this DLL is all about and how to dig inside the hidden world of .NET it manages. I'm on page 26 and will update this review as soon as I finish the book in a few months. Please also see my review of the previous Mario's (co-authored with Daniel Pravat) book: Advanced Windows Debugging. It is of great importance to know .NET world for Windows maintenance engineers and I originally planned a similar book Unmanaged Code: Escaping the Matrix of .NET but didn't have time to finish it yet.

Update: my book review submitted to slashdot: http://slashdot.org/~DumpAnalysis/

Gigabyte

We plan to open 2010 (7DA), The Year of Dump Analysis, with the publication of a gigabyte.

Product information is:

  • Title: Gigabyte
  • Author: Dmitry Vostokov
  • Language: English
  • Product Dimensions: 21.6 x 21.6
  • Paperback: 80 pages
  • Publisher: Opentask (01 Jan 2010)
  • ISBN-13: 978-1-906717-89-6

A New Profession of Software Defect Research

By analogy with a security researcher profession, DumpAnalysis.org, Memory Analysis and Debugging Institute and Software Maintenance Institute propose the new title of a software defect researcher as a unified profession combining relevant fields of security research, testing, debugging, memory dump analysis, software reverse engineering, construction and maintenance.

Interview Crashes and Hangs

As a dual to Resume and CV: As a Book OpenTask plans to publish the long time memories of the founder of DumpAnalysis.org in the following book next year:

My Failed Job Interviews: Reflections on 50 Percent (ISBN: 978-1906717889)

The recollections span East and West, small and giant software companies, full time and part time, office and remote job positions, direct and recruitment company hiring, phone and on-site, technical and business interviews.

Software Maintenance Institute

Memory Analysis and Debugging Institute (MA&DI), DA+TA Portal (DumpAnalysis.org + TraceAnalysis.org) and OpenTask establish R&D Institute of Software Maintenance:

Software Maintenance Institute (SMInstitute.com)

Hardware Reviews

DumpAnalysis.org accepts hardware such as laptops for reviewing in relation to their suitability for extreme debugging, virtualization, trace analysis, computer forensics, memory dump analysis, visualization and auralization. If you work for a H/W company like HP, Apple, Dell, Acer, Sony or any other respectable manufacturer please don't hesitate to forward this post to your management: it could be your company brand or laptop model that debugging and software technical support community chooses next time of upgrade or for T&D / R&D! H/W reviews will be posted on the main portal page which currently has an audience of more than 330,000 unique visitors per year from more than 45,000 network locations (*).

If your company is interested please don't hesitate to use this contact form:

http://www.dumpanalysis.org/contact

(*) From Google Analytics report.

Crash Dump Analysis for System Administrators and Support Engineers (Systematic Software Fault Analysis Series)

This is a must have book for system administrators of complex Windows server platforms and client workstations to understand and choose the best course of action to address system and application crashes, hangs, CPU spikes and memory leaks. It is also invaluable to general Windows users and technical support engineers.

  • Title: Crash Dump Analysis for System Administrators and Support Engineers (Windows Edition, Systematic Software Fault Analysis Series)
  • Authors: Thomas Monahan, Dmitry Vostokov
  • Publisher: Opentask (30 November 2009)
  • Language: English
  • Product Dimensions: 22.86 x 15.24
  • ISBN-13: 978-1-906717-02-5
  • Paperback: 180 pages

This book has been superseded by the second edition:

Crash and Hang Analysis: A Guide for System Administrators, DevOps, and Support Engineers (Windows Edition) (ISBN: 978-1908043917)

Syndicate content