Contents

Preface

Acknowledgements

PART 1: Professional Crash Dump Analysis and Debugging

Memory Dump Analysis Best Practices

Windows Debugging Expert System WinDbg Extension

Common Mistakes

Not Comparing to Reference Debugger Output

From Bugchecks to Patterns

Raw Stack from Laterally Damaged Memory Dumps

WinDbg Tips and Ricks: Getting the Bottom of a Stack Trace

PART 2: Crash Dump Analysis Patterns

Divide by Zero (Kernel Mode)

Fat Process Dump

Blocked Queue

Crash Signature

Invalid Parameter (Process Heap)

Hooking Level

Embedded Comments

Well-Tested Module

String Parameter

Environment Hint

Dual Stack Trace

Blocking Module

Wait Chain (Window Messaging)

Wait Chain (Named Pipes)

Top Module

Dialog Box

Technology-Specific Subtrace (COM Interface Invocation)

Livelock

Semantic Structure (PID.TID)

Instrumentation Side Effect

Directing Module

Stack Overflow (Software Implementation)

Data Correlation

Truncated Stack Trace

Least Common Frame

Self-Diagnosis (Kernel Mode)

Technology-Specific Subtrace (Dynamic Memory)

Module Hint

Custom Exception Handler (Kernel Space)

No Data Types

Cloud Environment

Version-Specific Extension

Multiple Exceptions (Managed Space)

Blocking File

Quiet Dump

Pleiades

Thread Age

Unsynchronized Dumps

Coupled Modules

Managed Stack Trace

Problem Vocabulary

Activation Context

Stack Trace Set

Special Thread (.NET CLR)

Dynamic Memory Corruption (Managed Heap)

Stack Trace Collection (Managed Space)

Duplicate Extension

Deadlock (Managed Space)

Caller-n-Callee

Handled Exception (User Space)

Handled Exception (.NET CLR)

Execution Residue (Managed Space)

Annotated Disassembly (JIT .NET code)

Wait Chain (Mutex Objects)

Inline Function Optimization (Managed Code)

Technology-Specific Subtrace (JIT .NET Code)

Double IRP Completion

PART 3: Pattern Interaction

Main Thread, Self-Diagnosis, Window Message Chain, Blocking Module, Ubiquitous Component, Dual Stack Trace, Pipe Wait Chain and Coupled Machines

Abridged Dump, Embedded Comment, Spiking Thread, Incorrect Stack Trace and Top Module

Stack Trace Collection, Message Box, Self-Diagnosis, Version-Specific Extension, Managed Stack Trace and Managed Code Exception

PART 4: Unified and Generative Debugging

A Periodic Table of Software Defects

Analysis, Architectural, Design, Implementation and Usage Debugging Patterns

Generative Debugging

Metadefect Template Library

PART 5: A Bit of Science and Philosophy

On Memory Perspectives

Orbifold Memory Space

Notes on Memoidealism

M->analysis

Memiosphere

On Memory-Time vs. Space-Time

The Will to Be Memorized

The Trinity of Memory Worldview

Uses of Memoretics

Crossdisciplinary Memoretics as Interdisciplinary Science

Private Property on Memory Spaces

Coarse vs. Fine Grained DNA of Software Behavior

PART 6: Fun with Crash Dumps

Music for Debugging

555 Binary Threads

Out of Memory and Losing My Data (Comment Impact)

Navigating the Long List

Debugging Joke

Memory Dump Barcodes

MessageBox at Dublin Zoo

CDB for Kids

Snow Spike Residue

Second Snowfall Spike in Dublin

MMXI

Happy New Year and Decade of Debugging 0×7DB - 0×7E4!

Do Security Professionals Dream?

Debugging Slang

Golden Bug

Beer Time

Finger Exercise

Resolution Rush

The Window of Opportunity

Dump

Pre-analysis

Tapping

Having Fun

Adult Debugging

Second Eye

Abscess

Finction

Mad OS and other Publishing Blunders

The Ultimate Debugger's Desk

Memceptions: Flags and Handles are Everywhere!

Computer Memory Monsters

On President's Daily Briefs (PDBs)

The First Evidence for Process Resurrection

Vacuum Pages

WinDbg Command on Certificate

Pleasing WinDbg SOS Extension

Airport Terminal Services Incident

Philosophical Self-Interview

PART 7: A Bit of Religion

Memory Creates God

Morality and Memorianity

On Natural Theology

PART 8: Software Trace Analysis

Pattern Interaction

Basic Facts, Periodic Error and Defamiliarizing Effect

Close and Deconstructive Readings of a Software Trace

Software Tracing Best Practices

No Longer Seeing Nothing: The Advantage of Patterns

PART 9: Software Trace Analysis Patterns

Focus of Tracing

Event Sequence Order

Implementation Discourse

News Value

Master Trace

Gossip

Impossible Trace

Glued Activity

Message Invariant

UI Message

Original Message

PART 10: Software Troubleshooting and Debugging

Debugware Patterns

System Description Snapshot

Debugging in 2021: Trends for the Next Decade

The Way of Philip Marlowe: Abductive Reasoning for Troubleshooting and Debugging

Workaround Patterns

Fake API

User Interface Problem Analysis Patterns

Message Box

PART 11: Software Victimology

Function Activity Theory

PART 12: Art

No E-numbers Software Product Sticker

Paleo-debugging: Excavated Minidump

Stack Trace Art

Debugger's Dream

Defect in Defect

Memorianity Cross

Memioart: The New Art Form

Clouded

Cloud Traces

What Is To Be Done?

PART 13: Miscellaneous

GI Index of Memory Dump Analysis

The New School of Debugging

TestWER Tool to Test Windows Error Reporting

Moving to ARM

The New School of Debugging: What's New

A.C.P. Root Cause Analysis Methodology

TestWAER Tool to Test Windows Azure Error Reporting

PART 14: Intelligence Analysis

Intelligence Analysis Patterns

The Birth of Memory Intelligence Agency

Appendix

Memory Analysis as a Service

Stack Overflow Patterns

.NET / CLR / Managed Space Patterns

Stack Trace Patterns

Symbol Patterns

Analysis Compass

Software Trace Analysis Checklist

Crash Dump Analysis Checklist

Index of WinDbg Commands

Cover Images