Due to demand from people that prefer ebooks I published Memory Dump Analysis Anthology, Volume 1 in a digital format that can be purchased in Crash Dump Analysis Store. This format has color pictures inside.
- Dmitry Vostokov @ DumpAnalysis.org -
I’m very proud to announce that it is finally available in both paperback and hardback. Why have I made available both editions? Because I personally prefer hardcover books. You can order the book today and it will be printed in 3-5 days (paperback) or 5-10 days (hardcover) and sent to you:
Memory Dump Analysis Anthology, Volume 1
Note: although listed on Amazon and other online bookstores it is not immediately available at these stores at the moment due to the late submission. I apologize for this. However, I expect that in a few weeks pre-orders taken there will be eventually fulfilled. In the mean time, if you want the book now, you can use the link above.
- Dmitry Vostokov @ DumpAnalysis.org -
Although the first volume has not been published yet (scheduled for 15th of April, 2008) the planning for the second volume has already begun. Preliminary information is:
Hardcover version is also planned. PDF version will be available for download too.
(*) subject to change
- Dmitry Vostokov @ DumpAnalysis.org -
They know buzzwords like heap corruption, buffer overflow and multi-threading, talk about designing maintainable software but unable to cope with real-life debugging scenarios. I remember old days in one company where the executable Rational Rose Real-Time model with IDebug interface crashed and the whole team of software designers couldn’t find the defect in code and when I pointed them to the problem source code line after loading and running the executable under the Visual Studio debugger I was nominated as an expert in implementation.
- Dmitry Vostokov @ DumpAnalysis.org -
Q. Every time you open the specific Microsoft Word 2007 document on Vista WER error message box appears on the screen (click on the picture to enlarge):
What might be the cause of it?
You can find the correct answer in the comments to this post.
- Dmitry Vostokov @ DumpAnalysis.org -
It is very easy to become a publisher nowadays. Much easier than I thought. I registered myself as a publisher under the name of OpenTask which is my registered business name in Ireland. I also got the list of ISBN numbers and therefore can announce product details for the first volume of Memory Dump Analysis Anthology series:
Memory Dump Analysis Anthology, Volume 1
(*) subject to change
PDF file will be available for download too.
- Dmitry Vostokov @ DumpAnalysis.org -
There are many X-Driven motivations out there but I prefer expertise-driven individuals, motivated by the desire to become experts. It is not bullshit as you might think. It is more like a persistent psychological state found in researchers and scientists and the best results are guaranteed when it is supplemented by money-driven positive feedback loop. I’ve seen such people in both software engineering and software technical support environments. It is very interesting topic and I might come back to it later.
- Dmitry Vostokov @ DumpAnalysis.org -
What are these? These are names of the number of possible unique complete memory dumps when address space is 32 bit and 64-bit correspondingly:
256232 and 256264
The first of them can be approximated by 101010
This idea came to me after I learnt about the so called “immense number” proposed by Walter Elsasser. This number is so big that its digits cannot be listed because there is not enough particles in observable Universe to write them.
Certainly one memorillion is more than one googol 10100 but it requires only approx. 1010 particles in ideal case to list its digits and therefore not an immense number. It is however far less than one googolplex 1010100.
Consider a complete memory dump with bytes written in hexadecimal notation:
0x50414745554d500f000000ce0e00000090...
This number has more than 8 billion digits… And it is one possible number out of memorillion of them. So one memorillion in hexadecimal notation is just
0xFFFFFFFFFFFFFFFFFFFFF... + 1
where we have 2*232 ‘F’ symbols written sequentially. One quadrimemorillion has 2*264 ‘F’ symbols.
Also the question about the number of possible crash dumps can be considered as Microsoft interview style question when you have possible candidates and you want to assess their ability to think out of the box and handle large numbers.
- Dmitry Vostokov @ DumpAnalysis.org -
The following interview questions might be useful to assess the skill level in crash dump analysis on Windows platforms. These could be useful for debugging interviews as well.
What is FPO?
How many exceptions can be found in a crash dump?
You see the message from WinDbg:
WARNING: Stack unwind information not available. Following frames may be wrong.
What would you do?
How would you find spinlock implementation if you have a kernel dump?
What is OMAP?
What is full page heap?
Company name is missing from module information. How would you try to find it?
What is IDT?
How does a postmortem debugger work?
You’ve got a mini dump of your application. How would you disassemble the code?
Memory consumption is growing for an application. How would you discover the leaking component?
What is IRQL?
When do you use TEB?
You’ve got 200 process dumps from a server. You need to find a deadlock. How would you do it?
You’ve got a complete memory dump from a server. You need to find a deadlock. How would you do it?
What is GC heap?
Your customer is reluctant to send a dump due to security policies. What is your next step?
What is a first chance exception?
I’ve created a permanent page and will add more questions there in the future:
Memory Dump Analysis Interview Questions
- Dmitry Vostokov @ DumpAnalysis.org -
The Jobs section was created on Crash Dump Analysis Portal to assist companies in finding engineers skilled in crash/core dump analysis. Please read guidelines at:
http://www.dumpanalysis.org/index.php?q=jobs
- Dmitry Vostokov @ DumpAnalysis.org -