Archive for the ‘Science of Memory Dump Analysis’ Category

« Older Entries

Opentask publishing plans

Thursday, June 26th, 2008

In July-August Opentask publisher plans to have its own website. In the mean time here is the additional list of books to be published in the next 5-7 years starting from 2009 onwards:

- Memiotics (ISBN-13: 978-1906717087)

- Voice Recognition: Command and Control (ISBN-13: 978-1906717094)

- Memory Analysis: An Interdisciplinary Approach (ISBN-13: 978-1906717117)

- Deep Down C++ (ISBN-13: 978-1906717124)

- Management Bits: An Anthology from Reductionist Manager (ISBN-13: 978-1906717131)

- Classical, Quantum and Nonlinear Memoretics (ISBN-13: 978-1906717186)

- Crash Dump: A Software Engineering Autobiography (ISBN-13: 978-1906717193)

- Memoidealism: A New Kind of Philosophy (ISBN-13: 978-1906717209)

including 10-volume edition of Software Engineering Notebooks (4 volumes are planned for the next 2 years):

- Software Engineering Notebooks, Volume 1 (ISBN-13: 978-1906717148)

- Software Engineering Notebooks, Volume 2 (ISBN-13: 978-1906717155)

- Software Engineering Notebooks, Volume 3 (ISBN-13: 978-1906717162)

- Software Engineering Notebooks, Volume 4 (ISBN-13: 978-1906717179)

Details will be announced later on the publisher’s website.

Note: the book about voice recognition stands apart from the others. This is actually the title of the first book I wanted to write 5 years ago.

- Dmitry Vostokov @ DumpAnalysis.org -

Posted in Announcements, Books, Crash Dump Analysis, Debugging, Management Bits and Tips, Memory Analysis Forensics and Intelligence, Philosophy, Publishing, Science of Memory Dump Analysis | No Comments »

Forthcoming CDAP Encyclopedia

Wednesday, June 25th, 2008

I’m thinking big for a full-color book to celebrate the forthcoming anniversary of Memory Dump Analysis Anthology. Preliminary details:

  • Title: Encyclopedia of Crash Dump Analysis Patterns
  • Author: Dmitry Vostokov
  • Publisher: Opentask (15 April 2009)
  • Language: English
  • Product Dimensions: 21.6 x 14.0
  • ISBN-13: 978-1-906717-21-6
  • Paperback: 400 pages

- Dmitry Vostokov @ DumpAnalysis.org -

Posted in Announcements, Books, Crash Dump Analysis, Crash Dump Patterns, Debugging, Memory Analysis Forensics and Intelligence, Minidump Analysis, Publishing, Science of Memory Dump Analysis, Software Technical Support, Tools, Troubleshooting Methodology, Vista, Windows Server 2008 | No Comments »

Forthcoming CDA pattern classification

Wednesday, June 25th, 2008

There are currently 86 patterns in 67 groups and more are coming. I’m working the first two weeks in July to classify them. The classification scheme(s) should appear around 15th of July.

- Dmitry Vostokov @ DumpAnalysis.org -

Posted in Announcements, Crash Dump Analysis, Crash Dump Patterns, Debugging, Memory Analysis Forensics and Intelligence, Science of Memory Dump Analysis | No Comments »

Memiotics: a definition

Wednesday, June 18th, 2008

Analysis of computer memory snapshots (memory dumps) and their evolution is the domain of memoretics. Computer memory semiotics (memiotics) is the branch of memoretics that studies the interpretation of computer memory, its meaning, signs and symbols.

- Dmitry Vostokov @ DumpAnalysis.org -     

Posted in Announcements, Crash Dump Analysis, Crash Dump Patterns, Crash Dumps for Dummies, Debugging, Fun with Crash Dumps, Memory Analysis Forensics and Intelligence, Memory Visualization, Philosophy, Science of Memory Dump Analysis | No Comments »

Memoidealism

Monday, June 9th, 2008

Looking at memory dumps every day and writing about them has an unfortunate implication: every state of the world looks like a gigantic memory dump to me. Everything is memory and every state is memory dump. The current state of the world is an infinite (or an immense) number of memuons*. Infinite can be any cardinal number greater or equal to that of natural numbers. In any case we can say it is N bits where this number is either finite or ∞. Therefore we have 2N possible memory states (S). The set of possible transitions between them (S -> S) has the number of 2N ^ 2N elements. Which is the memory itself and we have transitions between its states too. Ad infinitum we have a limiting process from which arises the perceived flow of events. Anyway there is much to elaborate here. I’ll come back to this later.

(*) Memuon is an indivisible entity similar to a bit of information.

This is my current philosophy :-) I’m dead serious.

- Dmitry Vostokov @ DumpAnalysis.org -

Posted in Fun with Crash Dumps, Philosophy, Science of Memory Dump Analysis | No Comments »

The Science of Dr. Watson

Tuesday, June 3rd, 2008

Motivated by The Science of Sherlock Holmes I plan to write a book about the history of debugging with the following preliminary product details and tentative release date (which may come earlier if I have enough time):

  • Title: The Science of Dr. Watson: An Illustrated History of Debugging
  • Author: Dmitry Vostokov
  • Publisher: Opentask (01 September 2010)
  • Language: English
  • Product Dimensions: 22.86 x 15.24
  • ISBN-13: 978-1-906717-07-0
  • Paperback: 256 pages

- Dmitry Vostokov @ DumpAnalysis.org -

Posted in Announcements, Books, Crash Dump Analysis, Debugging, Publishing, Science of Memory Dump Analysis | No Comments »

Integral Memory Analysis

Friday, May 30th, 2008

Following the introductory division of memory analysis into two broad categories I decided to plan yet another book with the following title and preliminary product details:

  • Title: Memory Analysis Forensics and Intelligence: An Integral Approach
  • Author: Dmitry Vostokov
  • Publisher: Opentask (01 September 2009)
  • Language: English
  • Product Dimensions: 22.86 x 15.24
  • ISBN-13: 978-1-906717-05-6
  • Paperback: 256 pages

As you might have noticed, I prefer to put 128, 256 or 512 pages in my book announcements. What that would say about the author’s background? :-) I would like to set 1024 pages for my memory dump analysis anthology series but 740 or 800 pages is the limit for POD technology I use.

- Dmitry Vostokov @ DumpAnalysis.org

Posted in Announcements, Books, Crash Dump Analysis, Crash Dump Patterns, Memory Analysis Forensics and Intelligence, Science of Memory Dump Analysis, Security, Software Technical Support, Troubleshooting Methodology | No Comments »

Memory Analysis (Part 1)

Friday, May 23rd, 2008

Recently being interested in forensic science and intelligence I decided to elaborate on memory analysis classification and came up with the following division:

- Memory Analysis Forensics

Answering questions related to a committed computer crime. The suspect may be a human or a software / hardware component. Incident response, troubleshooting and debugging belong to this category. Postmortem memory analysis is usually analysis of dump files saved and detached from the original system or operating conditions.

- Memory Analysis Intelligence

Monitoring memory state for behavioural and structural patterns to prevent certain events from occurring. Usually done in situ. However digital dumpster divers and spies may also collect and analyze memory data that was detached from the original computer system.

Each category can be further subdivided into:

– Functional Memory Analysis

Tracing of events.

Memoretics 

Analysis of memory states and their evolution.

The latter can be subdivided into: 

Static Memory Analysis

Traditional memory dump analysis.

Dynamic Memory Analysis

Live debugging.

- Dmitry Vostokov @ DumpAnalysis.org -

Posted in Crash Dump Analysis, Crash Dump Patterns, Debugging, Memory Analysis Forensics and Intelligence, Science of Memory Dump Analysis, Security | 1 Comment »

Win32 Exception Frequencies

Tuesday, May 20th, 2008

After Bug Check Frequencies post I was curious enough to do the same Google counting procedure for exceptions. Here are my results for exceptions listed in Visual C++ Debug \ Exceptions dialog:

Control-C

40010005

43

Control-Break

40010008

7

Datatype misalignment

80000002

27300

Breakpoint

80000003

36400

Access violation

C0000005

164000

In page error

C0000006

1210

Invalid handle

C0000008

1670

Not enough quota

C0000017

176

Illigal instruction

C000001D

3400

Cannot continue

C0000025

804

Invalid exception disposition

C0000026

121

Array bounds exceeded

C000008C

100

Floating-point denormal operand

C000008D

84

Floating-point division by zero

C000008E

523

Floating-point inexact result

C000008F

401

Floating-point invalid operation

C0000090

509

Floating-point overflow

C0000091

121

Floating-point stack check

C0000092

102

Floating-point underflow

C0000093

138

Integer division by zero

C0000094

1610

Integer overflow

C0000095

99

Stack overflow

C00000FD

3110

Unable to locate component

C0000135

3970

Ordinal not found

C0000138

43

Entry point not found

C0000139

724

DLL initialization failed

C0000142

918

Module not found

C06D007E

171

Procedure not found

C06D007F

248

The corresponding graph:

- Dmitry Vostokov @ DumpAnalysis.org -

Posted in Crash Dump Analysis, Crash Dump Patterns, Debugging, Science of Memory Dump Analysis | No Comments »

MDAA Volume One Goes Digital

Friday, April 25th, 2008

Due to demand from people that prefer ebooks I published Memory Dump Analysis Anthology, Volume 1 in a digital format that can be purchased in Crash Dump Analysis Store. This format has color pictures inside.

- Dmitry Vostokov @ DumpAnalysis.org -

Posted in Announcements, Assembly Language, Books, Bugchecks Depicted, Citrix, Crash Dump Analysis, Crash Dump Patterns, Crash Dumps for Dummies, Debugging, Fun with Crash Dumps, GDB for WinDbg Users, Hardware, Kernel Development, Memory Dump Analysis Jobs, Memory Visualization, Minidump Analysis, Publishing, Science of Memory Dump Analysis, Security, Software Architecture, Software Technical Support, Stack Trace Collection, Tools, Troubleshooting Methodology, Vista, WinDbg Scripts, WinDbg Tips and Tricks, WinDbg for GDB Users, Windows Server 2008 | No Comments »

« Older Entries