Search
Memory Analysis Patterns
Multiple Exceptions (user mode) - Modeling Example
Multiple Exceptions (kernel mode)
Multiple Exceptions (managed space)
Dynamic Memory Corruption (process heap)
Dynamic Memory Corruption (kernel pool)- Dynamic Memory Corruption (managed heap)
False Positive Dump
Lateral Damage
Optimized Code
Invalid Pointer (general)
NULL Pointer (code)
NULL Pointer (data)
Inconsistent Dump
Hidden Exception (user space)- Hidden Exception (kernel space)
Deadlock (critical sections)
Deadlock (executive resources)
Deadlock (mixed objects, user space)
Deadlock (LPC)
Deadlock (mixed objects, kernel space)
Deadlock (self)- Deadlock (managed space)
Changed Environment
Incorrect Stack Trace
OMAP Code Optimization
No Component Symbols
Insufficient Memory (committed memory)
Insufficient Memory (handle leak)
Insufficient Memory (kernel pool)
Insufficient Memory (PTE)
Insufficient Memory (module fragmentation)
Insufficient Memory (physical memory)
Insufficient Memory (control blocks)- Insufficient Memory (reserved virtual memory)
- Insufficient Memory (session pool)
Spiking Thread
Module Variety
Stack Overflow (kernel mode)
Stack Overflow (user mode)
Stack Overflow (software implementation)
Managed Code Exception
Truncated Dump
Waiting Thread Time (kernel dumps)
Waiting Thread Time (user dumps)
Memory Leak (process heap) - Modeling Example
Memory Leak (.NET heap)- Memory Leak (page tables)
- Memory Leak (I/O completion packets)
Missing Thread
Unknown Component
Double Free (process heap)
Double Free (kernel pool)
Coincidental Symbolic Information
Stack Trace
Virtualized Process (WOW64)
Stack Trace Collection (unmanaged space)- Stack Trace Collection (managed space)
- Stack Trace Collection (predicate)
- Stack Trace Collection (I/O requests)
Coupled Processes (strong)
Coupled Processes (weak)
Coupled Processes (semantics)
High Contention (executive resources)
High Contention (critical sections)
High Contention (processors)- High Contention (.NET CLR monitors)
Accidental Lock
Passive Thread (user space)
Passive System Thread (kernel space)
Main Thread
Busy System
Historical Information
IRP Distribution Anomaly
Local Buffer Overflow
Early Crash Dump
Hooked Functions (user space)
Hooked Functions (kernel space)
Custom Exception Handler (user space)
Custom Exception Handler (kernel space)
Special Stack Trace
Manual Dump (kernel)
Manual Dump (process)
Wait Chain (general)
Wait Chain (critical sections)
Wait Chain (executive resources)
Wait Chain (thread objects)
Wait Chain (LPC/ALPC)
Wait Chain (process objects)
Wait Chain (RPC)
Wait Chain (window messaging)
Wait Chain (named pipes)- Wait Chain (mutex objects)
- Wait Chain (pushlocks)
Corrupt Dump
Dispatch Level Spin
No Process Dumps
No System Dumps
Suspended Thread
Special Process
Frame Pointer Omission
False Function Parameters
Message Box
Self-Dump
Blocked Thread (software)
Blocked Thread (hardware)- Blocked Thread (timeout)
Zombie Processes
Wild Pointer
Wild Code
Hardware Error
Handle Limit (GDI)
Missing Component (general)
Missing Component (static linking, user mode)
Execution Residue (unmanaged space)- Execution Residue (managed space)
Optimized VM Layout- Invalid Handle
- Overaged System
- Thread Starvation (realtime priority)
- Thread Starvation (normal priority)
- Duplicated Module
- Not My Version (software)
- Not My Version (hardware)
- Data Contents Locality
- Nested Exceptions (unmanaged code)
- Nested Exceptions (managed code)
- Affine Thread
- Self-Diagnosis (user mode)
- Self-Diagnosis (kernel mode)
- Self-Diagnosis (registry)
- Inline Function Optimization (unmanaged code)
- Inline Function Optimization (managed code)
- Critical Section Corruption
- Lost Opportunity
- Young System
- Last Error Collection
- Hidden Module
- Data Alignment (page boundary)
- C++ Exception
- Divide by Zero (user mode)
- Divide by Zero (kernel mode)
- Swarm of Shared Locks
- Process Factory
- Paged Out Data
- Semantic Split
- Pass Through Function
- JIT Code (.NET)
- Ubiquitous Component
- Nested Offender
- Virtualized System
- Effect Component
- Well-Tested Function
- Mixed Exception
- Random Object
- Missing Process
- Platform-Specific Debugger
- Value Deviation (stack trace)
- CLR Thread
- Coincidental Frames
- Fault Context
- Hardware Activity
- Incorrect Symbolic Information
- Message Hooks - Modeling Example
- Coupled Machines
- Abridged Dump
- Exception Stack Trace
- Distributed Spike
- Instrumentation Information
- Template Module
- Invalid Exception Information
- Shared Buffer Overwrite
- Pervasive System
- Problem Exception Handler
- Same Vendor
- Crash Signature
- Blocked Queue (LPC/ALPC)
- Fat Process Dump
- Invalid Parameter (process heap)
- String Parameter
- Well-Tested Module
- Embedded Comment
- Hooking Level
- Blocking Module
- Dual Stack Trace
- Environment Hint
- Top Module
- Livelock
- Technology-Specific Subtrace (COM interface invocation)
- Technology-Specific Subtrace (dynamic memory)
- Technology-Specific Subtrace (JIT .NET code)
- Dialog Box
- Instrumentation Side Effect
- Semantic Structure (PID.TID)
- Directing Module
- Least Common Frame
- Truncated Stack Trace
- Data Correlation (function parameters)
- Module Hint
- Version-Specific Extension
- Cloud Environment
- No Data Types
- Managed Stack Trace
- Coupled Modules
- Thread Age
- Unsynchronized Dumps
- Pleiades
- Quiet Dump
- Blocking File
- Problem Vocabulary
- Activation Context
- Stack Trace Set
- Double IRP Completion
- Caller-n-Callee
- Annotated Disassembly (JIT .NET code)
- Handled Exception (user space)
- Handled Exception (.NET CLR)
- Handled Exception (kernel space)
- Duplicate Extension
- Special Thread (.NET CLR)
- Hidden Parameter
- FPU Exception
- Module Variable
- System Object
- Value References
- Debugger Bug
- Empty Stack Trace
- Problem Module
- Disconnected Network Adapter
- Network Packet Buildup
- Unrecognizable Symbolic Information
- Translated Exception
- Regular Data
- Late Crash Dump
- Blocked DPC
- Coincidental Error Code
- Punctuated Memory Leak
- No Current Thread
- Value Adding Process
- Activity Resonance
- Stored Exception
- Spike Interval
- Stack Trace Change
- Unloaded Module
- Deviant Module
- Paratext
- Incomplete Session
- Error Reporting Fault
- First Fault Stack Trace
- Frozen Process
- Disk Packet Buildup
- Hidden Process
- Active Thread
- Critical Stack Trace
- Handle Leak
- Module Collection
- Deviant Token
- Step Dumps
- Broken Link
- Debugger Omission
- Glued Stack Trace
- Reduced Symbolic Information
- Injected Symbols
Memory Dump Analysis Anthology, Volume 1
The following direct links can be used to order the English edition now:
Buy Paperback
or Hardcover
from Amazon
Buy Paperback or Hardcover from Barnes & Noble
Available in PDF format from Software Diagnostics Services
Available for Safari Books Online subscribers
The Korean edition is available:
The following direct links can be used to order the Korean edition now:
Acorn (The Korean translation publisher) or Kyobo book or Yes24.com
This is a revised, edited, cross-referenced and thematically organized volume of selected DumpAnalysis.org blog posts about crash dump analysis and debugging written in 2006 - 2007 for software engineers developing and maintaining products on Windows platforms, quality assurance engineers testing software on Windows platforms, technical support and escalation engineers dealing with complex software issues and general Windows users.
- Title: Memory Dump Analysis Anthology, Volume 1
- Author: Dmitry Vostokov
- Publisher: OpenTask (15 Apr 2008)
- Language: English
- Product Dimensions: 22.86 x 15.24
- Paperback: 720 pages
- ISBN-13: 978-0-9558328-0-2
- Hardcover: 720 pages
- ISBN-13: 978-0-9558328-1-9
Table of Contents
Errata
Google Book Preview
The back cover image is the picture of TestDefaultDebugger crash dump generated by Dump2Picture
Book reviews:
Caloni.com.br Blog (in Portuguese)
Amazon reviews
Testimonials:
"This book is very good to startup on debugging. It really starts from the basics and it keeps going more in depth. Easy to read and very didactic." - Yuri Diogenes, ISA Server Support Team, Microsoft (Link)