Contents
Preface
Acknowledgements
PART 1: Professional Crash Dump Analysis and Debugging
WinDbg Shortcuts
.ecxr
!heap -x -v
!sw and !k
Two WinDbg Scripts That Changed the World
Raw Stack Dump of All Threads (Kernel Space)
The Design of Memory Dump Analysis: 7 Steps of Highly Successful Analysts
Postmortem Effects of -g
Event Owners
Improbable Occurrence
Pattern Cooperation
Page Heap Implementation
More Common Mistakes in Memory Analysis
Memory Dump Analysis Best Practices
PART 2: Crash Dump Analysis Patterns
FPU Exception
Hidden Parameter
Memory Leak (Page Tables)
Unrecognizable Symbolic Information
Network Packet Buildup
Disconnected Network Adapter
Problem Module
Empty Stack Trace
Debugger Bug
Value References
Self-Diagnosis (Registry)
System Object
Module Variable
Stack Trace Collection (Predicate)
Stack Trace Collection (I/O Requests)
Regular Data
Translated Exception
Blocked DPC
Late Crash Dump
Blocked Thread (Timeout)
Punctuated Memory Leak
Insufficient Memory (Reserved Virtual Memory)
Coincidental Error Code
Stored Exception
Activity Resonance
Value Adding Process
Memory Leak (I/O Completion Packets)
No Current Thread
Unloaded Module
Stack Trace Change
Spike Interval
Deviant Module
Hidden Exception (Kernel Space)
Handled Exception (Kernel Space)
High Contention (.NET CLR Monitors)
Frozen Process
Incomplete Session
Error Reporting Fault
First Fault Stack Trace
Hidden Process
Disk Packet Buildup
Deviant Token
Module Collection
Handle Leak
Critical Stack Trace
Debugger Omission
Broken Link
Wait Chain (Pushlocks)
Insufficient Memory (Session Pool)
Step Dumps
Reduced Symbolic Information
Injected Symbols
Glued Stack Trace
Distributed Wait Chain
Ubiquitous Component (Kernel Space)
One-Thread Process
Module Product Process
Crash Signature Invariant
Small Values
Shared Structure
Wait Chain (CLR Monitors)
Thread Cluster
Module Collection (Predicate)
False Effective Address
Screwbolt Wait Chain
PART 3: Core Dump Analysis Patterns (Mac OS X)
GDB for WinDbg Users
Stack Trace
GDB Annoyances: Incomplete Stack Trace
NULL Pointer (Data)
Shared Buffer Overwrite
Multiple Exceptions
Double Free (Process Heap)
Dynamic Memory Corruption (Process Heap)
Spiking Thread
NULL Pointer (Code)
Execution Residue
Coincidental Symbolic Information
Paratext
Truncated Dump
C++ Exception
Local Buffer Overflow
Divide by Zero (User Mode)
Stack Overflow (User Mode)
Active Thread
PART 4: Malware Analysis Patterns
Malware: A Definition
Fake Module
RIP Stack Trace
Driver Device Collection
Pre-Obfuscation Residue
Packed Code
Raw Pointer
Out-of-Module Pointer
Patched Code
String Hint
Namespace
PART 5: A Bit of Science and Philosophy
On Matter
Commodities as Memories
Software as Means of Production
Notes on Memoidealism
The Confluence of Computers, Philosophy, and Religion
Analytic Memory Dump - A Mathematical Definition
Sorting and Early Greek Philosophers
General Abnormal Patterns of Structure and Behavior
On Matter and Substances
M-Memory
Ontology of Memoidealism
Philosophies of Persistence
Information as Arrow
Dialectical Triad in Memoidealism
PART 6: Software Trace Analysis Patterns
Software Trace Diagrams (STDiagrams)
Macrofunction
Linked Messages
Marked Message
Trace Frames
Counter Value
Message Context
Error Distribution
Break-in Activity
Resume Activity
Fiber Bundle
Data Flow
Empty Trace
Error Message
Periodic Message Block
Visibility Limit
Relative Density
Sparse Trace
Opposition Messages
Split Trace
Message Interleave
Sheaf of Activities
Indexical Trace
Abnormal Value
Dominant Event Sequence
Pivot Message
Traces of Individuality
Indirect Facts
Hidden Error
Last Activity
State and Event
Dialogue
Motif
Exception Stack Trace (Java)
Correlated Discontinuity
Piecewise Activity
Density Distribution
Factor Group
Silent Messages
Shared Point
Meta Trace
Data Association
State Dump
Message Cover
Message Set
Error Thread
Activity Divergence
PART 7: Fun with Crash Dumps
Debugging Slang
LoL
Watching a Movie
PonOS
Typology, Typological
Memorandum
HELL
FBI
poo
STaMPs
A NoSQL Problem
Matrix
Fool
B2B, B2C, H2H
New Year Eve Debugging
Happy New Spiking Year of Software Trace Analysis
Happy New Year (from Windows 8)
Music for Debugging
Going Romantic
Make It through This Trace
Fiction for Debugging
The Problem and The Solution
Pilgrimage to Harvard University
Welcome to Ki* and Ke*
I Memory Dump
A Blue Screen Watch
Poetry
Surfaces in Nature
PART 8: Software Narratology
Software Anti-Narrative
Software Narratology Helps Fiction Writers
Narremes in Software Narratology
Narralog - A Software Trace Modeling Language
What is a Software Narrative?
Software Narrative Planes
Software Narratology Square
Writing and Validation of Historical Narratives
Software Trace Analysis Patterns Domain Hierarchy
Process Monitor as Modeling Tool
Generalized Software Narrative and Trace
Unified Computer Diagnostics: Incorporating Hardware Narratology
Introducing Software Narratology of Things (Software NT)
PART 9: Software Diagnostics, Troubleshooting and Debugging
Unified and Generative Debugging
Analysis, Architectural, Design, Implementation and Usage Debugging Patterns
Software Problem Description Language
What are Software Trace and Memory Dump Analysis? A One Sentence Definition
Software Problem Solving Tools as a Service
Software Problem Description Patterns
Software Behavior Pattern Prediction
Patterns of Software Diagnostics
First Fault
Highly Effective Diagnostics
Network Trace Analysis Patterns
Software Diagnostics Services
Architecture of Process Memory Dump Capture Done Right
An Introduction to General Systems Thinking (Book Review)
Software Diagnostics Institute Logo
User Interface Problem Analysis Patterns
Unresponsive Window
Pattern-Based Software Diagnostics
Software Diagnostics Discipline
Architecture of memCPU
Phenomenology of Software Diagnostics: A First Sketch
Software Diagnostics Report Schemes
Missing Cause Trace
Software Diagnostics Training: Two Approaches
Software Disruption Patterns
Space Precondition
Static Code Analysis Patterns
Loop Construct
The Structure of Software Problem Solving Organization
Bridging the Great Divide
Elementary Software Diagnostics Patterns
Zero Fault Software Diagnostics
Agile Software Diagnostics
ADDR Pattern Catalogue
Thinking-Based Software Diagnostics
Memory Acquisition Pattern Catalogue
Trace Acquisition Pattern Catalogue
Patterns of Software Diagnostics Architecture
Detecting and Predicting the Unknown
Software Diagnostics Metaphors
Software Diagnostics as Psychology
Software Diagnostics as Literary Criticism
Rapid Software Diagnostics Process (RSDP)
Right First Time Software Diagnosis
Software Diagnosis Codes
Vulnerability Analysis Patterns (VAP)
Versioned Namespace
PART 10: Art and Visualization
2012 (Pessimistic)
2012 (Optimistic)
A Bug in a Bag (Collections, Ex-hi-bit 1)
A Bug Meets a Bug (The Clash of Civilizations)
A Bug Catcher
The Second Generation of CARE System (Trademark)
RawStackGram
A Memory Window
Liquid Memory
Computer Brain
Computer Evolution
M Spaces
Happy Hellowin!
Pointers in Nature
Drink Sensibly Before The End Of The World!
MM=DD=YY
Process Monitor Log Visualized
Holes Infinity (HI OS)
Cyber Vostok Missions
A Dump Machine
The Power of Simplicity
Happy St. Patrick's Screen
Happy New Year 2014!
I Love Software Diagnostics
Puree Windows Cooking
Salad Winterminal
Kernel Soup
Neolithic Soup
Food Subsystems
An Accident of Creation
So Chi Salad, 2014
Self-Organized Window-ed soup
Political Computicarts
Needs Non-Invasive Debugging!
Russian Spaces
The Day I Quit
Hero of Dump Analysis, a Medal for Labor Day
Diagnosed by Vostokov®TM
Stack Trace Shapes
The Art of Internals
Threadinking
PART 11: Miscellaneous
C and C++ Programming Books That Made a Great Impression on the Author
Outside
After Debugging
Crash Dumps, Acquisitions and Layoffs
Cadaver Worm: An Exercise in Malware Fiction
WinDbg as UNICODE to ASCII Converter
Appendix
Falsity and Coincidence Patterns
Process Patterns
Thread Patterns
Optimization Patterns
Exception Patterns
Module Patterns
RPC, LPC and ALPC Patterns and Case Studies
ERESOURCE Patterns and Case Studies
Meta-Memory Dump Patterns
Crash Dump Analysis Checklist
Index of WinDbg Commands
Notes
Cover Images
