Windows® Internals: Including Windows Server 2008 and Windows Vista, Fifth Edition

Author:

David Solomon and Mark Russinovich with Alex Ionescu

Review:

Buy from Amazon

The book shows the big picture of Windows architecture and collaboration of various system components. Contains various examples of WinDbg commands for exploring OS internals and even has a short chapter on crash dump analysis. However you need to read device driver books to fill the gaps and be confident in kernel space. Highly recommended for Win32 and kernel developers, maintenance software engineers and technical support.

Twitter @ DumpAnalysis

You can now follow portal and blog news at DumpAnalysis on Twitter.

DATA (Dump Analysis + Trace Analysis) Facebook Group

Please join the community of memory (dump) and trace analysis engineers. This group promotes scientific methods and memory dump-based world view.

DATA (Dump Analysis + Trace Analysis) Facebook group

Software Engineering for Real-Time Systems

Author:

Jim Cooling

Review:

Sometimes I'm asked about a broad software engineering book to recommend for general memory dump analysis that covers software architecture, design methods and diagramming languages like UML, programming languages, concurrency, real-time issues and many other topics you need to know to have systems understanding that helps in problem identification and debugging. Here's the book that I was fortunate to buy 4-5 years ago in a book shop and is a sheer pleasure to read:

Software Engineering for Real-Time Systems

Buy from Amazon

There even exists an OMG certification based on it:

http://www.omg.org/ocres/exam-info.htm

Memory Dump Analysis Certification

Memory Analysis and Debugging Institute develops x86/x64-based certification tracks for Windows and Unix (including Linux / FreeBSD / Mac OS X).
Each track consists of 3 exams, each having its own set of requirements and scope:

  • Fundamentals of Memory Dump Analysis
  • Intermediate Memory Dump Analysis
  • Advanced Memory Dump Analysis

The initiative is supported by OpenTask.

Programming Language Pragmatics, Third Edition

Author:

Michael L. Scott

Review:

Buy from Amazon
Every debugging engineer needs to know how the code is interpreted or compiled. Debugging complex problems or doing memory analysis on general-purpose operating systems often requires understanding the syntax and semantics of several programming languages and their run-time support. The knowledge of optimization techniques is also important for low-level debugging when the source code is not available. The following book provides an overview of all important concepts and discusses almost 50 languages. I read the first edition 6 years ago and I liked it so much that I'm now reading the third edition from cover to cover.

The Developer's Guide to Debugging

Author:

Thorsten Grötker, Ulrich Holtmann, Holger Keding, Markus Wloka

Review:

I finally read this book from cover to cover and I must say it is the very sound book and presents a consistent approach to debugging real-life problems with user-land C and C++ code on Linux environments.

The Developer's Guide to Debugging

Buy from Amazon

Although it uses mainly GDB for illustrations and provides Visual C++ equivalents when possible it doesn't cover Debugging Tools for Windows and its main GUI debugger, WinDbg.

Additional reader audience for this book might include a Windows engineer who needs to debug software on Linux or FreeBSD so a quick GDB crash course is needed. It would also serve as an excellent debugging course or as a supplemental course to any C or C++ course. Highly recommended if you are a Linux C/C++ software engineer. Even if you are an experienced one, you will find something new or make your debugging more consistent. If you need to teach or mentor juniors, this book helps too.

The Debugging Decade!

DumpAnalysis.org announces forthcoming 2011 - 2020 as

2011 (0x7DB) - 2020 (0x7E4) The Debugging Decade

OpenTask Announces Restructuring

OpenTask, the publisher of memory dump analysis and debugging books, announces restructuring:

http://www.opentask.com/restructuring-2009

The Year of Dump Analysis!

DumpAnalysis.org announces forthcoming 2010 as

2010 (0x7DA) - The Year of Dump Analysis

Forthcoming Computer Memory Visualization Book

This is a full color book about postmortem, static and dynamic memory visualization and its current and emerging applications:

  • Authors: Jamie Fenton, Dmitry Vostokov
  • Paperback: 64 pages
  • ISBN-13: 978-1-906717-06-3
  • Publisher: Opentask (2010)
  • Language: English
  • Product Dimensions: 28 x 21.6

Book cover features a journey to the center of pagefile theme and the discovery of cosmic rays in memory:

Core Memory: A Visual Survey of Vintage Computers

Author:

John Alderman and Mark Richards

Review:

While working on "Computer Memory Visualization" book I noticed this recent title and immediately bought it:

Buy from Amazon

This is not only a wonderful hardcover coffee table book with stunning photographs of old computers and their memory hardware but also has numerous historical notes. It nicely complements my own DLL List Landscape: The Art from Computer Memory Space book that features virtual memory visual images.

Memory Analysis and Debugging Institute

DumpAnalysis.org jointly with OpenTask establishes Memory Analysis & Debugging Institute (MA&DI)

Forthcoming Book WinDbg In Use: Debugging Exercises

Includes 60 programmed exercises from real life debugging and crash dump analysis scenarios and multiple-choice questions with full answers, comments and suggestions for further reading.

  • Title: WinDbg In Use: Debugging Exercises (Elementary and Intermediate Level)
  • Author: Dmitry Vostokov
  • Publisher: Opentask (15 March 2009)
  • Language: English
  • Product Dimensions: 23.5 x 19.1
  • ISBN-13: 978-1-906717-50-6
  • Paperback: 200 pages

The Year of Debugging!

DumpAnalysis.org jointly with OpenTask publisher announces forthcoming 2009 as

2009 (0x7D9) - The Year of Debugging

Santa bug from Narasimha Vedala

Concurrent Programming on Windows

Author:

Joe Duffy

Review:

Buy from Amazon

Table of contents is amazing for its practical depth and breadth. If you want me to provide a review in a language of concurrency (I'm reading many books in parallel) I would simply say one word:

Priority!

It simply means priority reading for any Windows software developer and maintainer. Invaluable for any engineer debugging complex software problems and analyzing Windows crash dumps. Simply because Microsoft OS and CLR developers use all this concurrent stuff and best practices described in the book so it is vital to be able recognize them in memory dumps. After reading this book you also get priority boost in your understanding of process and thread dynamics and your ability to plan, architect, design and implement concurrent applications and services.

Baby Turing

The perfect binary gift for your family and friends.

Buy Baby Turing from Amazon

Buy Baby Turing from Barnes & Noble

Buy Paperback from Book Depository

The genius of Albert Einstein was revolutionary in understanding reality of hardware (semantics of nature) but the genius of Alan Turing was revolutionary in understanding virtuality of software (syntax of computation). This book fills the gap in children’s literature and introduces binary arithmetic to babies.

  • Title: Baby Turing
  • Authors: Alexandra Vostokova, Dmitry Vostokov
  • Publisher: Opentask (01 November 2008)
  • Language: English
  • Product Dimensions: 21.6 x 21.6
  • ISBN-13: 978-1-906717-26-1
  • Paperback: 16 pages

Arts & Photography section

The new link "Arts & Photography" has been added to the top panel featuring cartoons from Narasimha Vedala.

http://www.dumpanalysis.org/arts-photography-links

Windows Device Drivers: Practical Foundations

Forthcoming introductory book for software engineers transitioning to kernel-mode development or expanding their knowledge and skills. Can also useful for technical support and escalation engineers troubleshooting and debugging complex software issues. Preliminary information is:

  • Author: Dmitry Vostokov
  • Paperback: 128 pages
  • ISBN-13: 978-0-9558328-4-0
  • Publisher: Opentask (15 Apr 2009)
  • Language: English
  • Product Dimensions: 22.86 x 15.24

Unmanaged Code: Escaping the Matrix of .NET

This is a forthcoming book about .NET debugging seen in a wider context than CLR. Preliminary information is:

Inside the C++ Object Model

Author:

Stanley B. Lippman

Review:

Buy from Amazon

Although Windows user space and kernel interfaces are based on C language huge amount of code present in crash dumps especially in user space was written in C++ and compiled by C++ compilers. Therefore it is absolutely necessary to understand how C++ constructs need to be translated to C in order to implement various OO concepts like inheritance and polymorphism because from there you can see familiar straightforward mapping between C language constructs and assembly language. This book gives software maintenance and support engineers such solid foundation necessary to understand possible variants of C++ object layout and method dispatch that you might encounter during crash dump analysis.

Reference Stack Traces (Volume 3)

Author:

Dmitry Vostokov

Review:

The reference contains normal thread stacks and other information from Windows Server 2003 x86 complete memory dump. Useful when trying to spot anomalies in crash dumps from problem servers.

Printed versions are available for purchase at the nominal price to cover manufacturing costs:

Large print (paperback)

Buy

Small print (paperback)

Buy

Small print (hardcover)

Buy

Reference Stack Traces (Volume 2)

Author:

Dmitry Vostokov

Review:

The reference contains normal thread stacks and other information from Windows Vista x64 complete memory dump. Useful when trying to spot anomalies in crash dumps from problem workstations.

Printed version is available for purchase at the nominal price to cover manufacturing costs.

Buy

Reference Stack Traces (Volume 1)

Author:

Dmitry Vostokov

Review:

The reference contains normal thread stacks and other information from Windows Vista x86 complete memory dump. Useful when trying to spot anomalies in crash dumps from problem workstations.

Printed versions are available for purchase at the nominal price to cover manufacturing costs:

Large print (paperback)

Buy

Small print (paperback)

Buy

Small print (hardcover)

Buy

Windows via C/C++

Author:

Jeffrey Richter, Christophe Nasarre

Review:

Buy from Amazon

Just got this nice hardcover book: 5th edition of "Programming Applications for Microsoft Windows". It has 200 pages less but more material covered because of smaller font and line spacing. What's new:

C++ classes throughout - I guess writing .NET books influenced this decision
x64 Windows specifics
New Vista and Windows Server 2008 API
New tools
Updated classes for API hooking

and the most important for me - updated SEH material and Windows Error Reporting (WER) coverage with very nice diagrams.
Bearing in mind that the previous 4th edition is 8 years old it should be read by everyone using Win32 API, debugging user mode applications (knowledge of Win32 subsystem helps greatly), extending or maintaining legacy Windows software. Highly recommended. 5 starts for 5th edition :-)

Advanced Windows Debugging

Author:

Mario Hewardt and Daniel Pravat

Review:

Buy from Amazon

This is the book I wanted to read when I started doing Windows crash dump analysis more than 4 years ago. Although other excellent Windows debugging books existed at that time including "Debugging Applications" written by John Robbins and "Debugging Windows Programs: Strategies, Tools, and Techniques for Visual C++ Programmers" written by Everett N. McKay and Mike Woodring I needed a book that discusses debugging in the context of WinDbg and other tools from Debugging Tools for Windows package. So I had to learn from day-to-day experience and WinDbg help. Now WinDbg is a de facto standard in debugging and troubleshooting on Windows platforms and the book comes at the right time to teach the best practices and techniques. I'm reading it sequentially and I'm on the page 106 at the moment reading Chapter 2 "Basic Debugging Tasks" and I have already learnt techniques and debugging strategies I missed due to certain habits in using WinDbg. Even if you do mostly memory dump analysis and not live debugging of your product you also will learn a lot to apply in your day-to-day problem identification and troubleshooting. I'll write more about this wonderful book as soon as I finish reading it. Absolutely must have for any Windows software engineers, escalation engineers and technical support engineers willing to advance their debugging skills.

Syndicate content