Crash Dump Analysis

Following the meaning of DATA and memory dump world view via universal memory dumps I finally deciphered the acronym DUMP:

Digital Universal Memory Phase

This is the view from phase space perspective. From the point of phase space perspective we can also say:

Digital Universal Memory Point

It was the letter P that I was thinking hard about. Fortunately, when I opened Oxford Advanced Learner’s Dictionary on P section, it was “phase” word that grabbed my attention. Familiarity with classical physics and its Hamiltonian formulation provided the necessary glue.

- Dmitry Vostokov @ DumpAnalysis.org -

I was reading General Chemistry book on the way to my office today and found a nice basic chemical formula representation for processes in memory. In this nomenclature, the class of modules developed by a particular vendor constitutes an ”element”. For example, M is for Microsoft modules, C is for Citrix modules, etc. Individual modules of particular elements are similar to “atoms” and denoted as numbers in subscript. For example, net.exe command running in a typical Citrix terminal services environment has the following loaded modules where I highlighted Citrix modules in blue and Microsoft modules in red:

0:000> lm1m
net
wdmaudhook
tzhook
twnhook
scardhook
mmhook
mfaphook
cxinjime
CtxSbxHook
MPR
NETAPI32
Secur32
USER32
msvcrt
GDI32
RPCRT4
kernel32
ADVAPI32
MSVCR71
ntdll

Therefore the formula is this:

M₁₂C₈.

I put the element of the main process module first in such formulae.

The formula for IE process from the following case study:

M₁₂₆A₅U

where A is for Adobe modules and U is for an unknown module that needs identification, see Unknown Component pattern.  

These formulas can useful to highlight various hooksware components and distinguish memory dumps generated after eliminating modules for troubleshooting and debugging purposes. It also forms the basis for one of many classificatory schemes for the purposes of micro- and macro-taxonomy of software discussed in the forthcoming book: 

The Variety of Software: The Richness of Computation (ISBN: 978-1906717544) 

In the forthcoming parts I’m also going to discuss the structural formulas as well, similar to the ones used in organic chemistry. 

- Dmitry Vostokov @ DumpAnalysis.org -

Quantum computation, quantum memory and quantum information are hot topics today. Unfortunately quantum mechanics forbids perfect (ideal) memory dumps due to the so called no cloning theorem. Still it is possible to get inconsistent (imperfect) memory dumps and perfect memory dumps can be made from quantum computer simulators. The analysis of quantum memory snapshots is the domain of Quantum Memoretics.

- Dmitry Vostokov @ DumpAnalysis.org -

Universal memory dumps come from astronomical observations:

Dumps “are meaningless without” symbols “to interpret them.”

Raymond Arthur Lyttleton, Quoted in Astroparticle Physics, page 50

- Dmitry Vostokov @ DumpAnalysis.org -

On universal memory dumps:

“[…] the first man who noticed the analogy between a” dump “and” an observation “made a notable advance in the history of thought.”

Alfred North Whitehead, Science and the Modern World

- Dmitry Vostokov @ DumpAnalysis.org -

Urstoff of Anaximenes is Air much like Memory in memoidealism. How do concrete objects develop from invisible Air? Through the process of condensation and rarefaction, quality arises from quantity (reduction process). Eternity of Urstoff is one of the main features of Milesian philosophers and memory religion. No additional worlds are possible in their philosophies. They are “materialists” because of their material Urstoff. Memoidealists are “idealists” because of their ideal notion of Memory.

- Dmitry Vostokov @ DumpAnalysis.org -

Indeterminate infinite Urstoff, out of which emerges the plurality of worlds that come and go, is the foundation of Anaximander philosophy. In memoidealism, Memory is indeterminate in the sense that it doesn’t represent determinate material substance. It is actually infinite too. The crucial feature of memoidealistic notion of memory is the fact that coming into existence plurality doesn’t perish. It is saved. In some sense Memory is apeiron of memoidealism.

- Dmitry Vostokov @ DumpAnalysis.org -

Memoidealism is characterized by the unity of philosophy and (computer) science. It has deep roots in practical memory (dump) analysis. The interpretation of observations as memory snapshots (universal memory dumps) leads to the declaration of Memory to be the One (or the First Principle) like Water in Thales practical scientific philosophy. We also observe that processes are memory snapshots as well, through their observational data. We try to understand the plurality of experiences through the unity of memory (the so called Unity in Difference).

- Dmitry Vostokov @ DumpAnalysis.org -

If we assume the model-based definition of software defects we can easily see that any changes to an underlying model can surface the new unanticipated defects and hide the known ones. New and evolving disciplines like software security engineering can change our views about solid code and create defects by introducing non-functional constraints on models. Another aspect of this is the interaction of a human debugger with code, the very act of reading code can create defects. However the latter effect is controversial and belongs to the evolving quantum theory of software defects (see my previous post about bugtanglement).

- Dmitry Vostokov @ DumpAnalysis.org -

A number of Copernican revolutions occurred or announced in various branches of various sciences. Now its my turn to say that action-based ”earth-centric” debugging is replaced by memory (dump) analysis as a “heliocentric” foundation of debugging. Because even in live debugging we have memory snapshots and differential memory analysis. Traces in trace-based debugging is another example of universal memory dumps. Therefore memory (dump) analysis comes first.

- Dmitry Vostokov @ DumpAnalysis.org -