Software Diagnostics Certifications

The first software diagnostics certification in memory dump analysis starts this September and will be administered by Memory Dump Analysis Services:

http://www.dumpanalysis.com/memory-dump-analysis-certification-outline

We also plan a beta software trace analysis certification by the end of 2012.

For companies there is also available Software Diagnostics Maturity enterprise certification:

http://www.dumpanalysis.com/software-diagnostics-maturity

CARE: Crash Analysis Report Environment

Welcome to the project CARE!

New! We now also accept GDB logs and crash reports from Mac OS X and iOS.

CARE means Crash Analysis Report Environment. It includes a pattern-driven debugger log analyzer and standards for structured audience-driven reports. The system architecture is described here.

Please help to populate the database of stack traces by submitting your WinDbg and GDB output logs including Mac OS X and iOS crash reports. For Windows you can use VBScript / WinDbg script to process all .DMP files on your hard drives: DebuggerLogs.zip. The archive contains VBScript file for x64 WinDbg (DebuggerLogs64.vbs) and for x86 WinDbg (DebuggerLogs.vbs) plus the very simple mode-independent WinDbg script (DebuggerLogs.wds). The WinDbg output is stored in dbgeng.log file.

Note: Please do not submit your crash or core dumps because the file size is limited to 2 MB and CARE system is currently being designed to analyze debugger logs and crash reports only. If your log is bigger you can submit a zip file. If you have any problems please contact the administrator. Please do not expect any crash analysis response for your logs or reports. The submittal is currently for internal CARE database population only and not for the pattern analysis of your computer memory.

Contact name:

E-mail address:



Rosetta Stone for Debuggers

Under inscription...

The name for this table was suggested by Joshua J. Drake and first propagated to me by @jcran

Action                      | GDB                 | WinDbg
----------------------------------------------------------------
Start the process           | run                 | g
Exit                        | (q)uit              | q
Disassemble (forward)       | (disas)semble       | uf, u
Disassemble N instructions  | x/<N>i              | -
Disassemble (backward)      | disas <a-o> <a>     | ub
Stack trace                 | backtrace (bt)      | k
Full stack trace            | bt full             | kv
Stack trace with parameters | bt full             | kP
Partial trace (innermost)   | bt <N>              | k <N>
Partial trace (outermost)   | bt -<N>             | -
Stack trace for all threads | thread apply all bt | ~*k
Breakpoint                  | break               | bp
Frame numbers               | any bt command      | kn
Select frame                | frame               | .frame
Display parameters          | info args           | dv /t /i /V
Display locals              | info locals         | dv /t /i /V
Dump byte char array        | x/<N>bc             | db
Switch to thread            | thread <N>          | ~<N>s
Sections/regions            | maint info sections | !address
Load symbol file            | add-symbol-file     | .reload
CPU registers               | i(nfo) r            | r

The current version is from April 30th, 2012:
http://www.dumpanalysis.org/blog/index.php/2012/04/30/gdb-for-windbg-users-part-8/

To Do:

- Split rows by categories
- Add links to command descriptions, examples, relevant patterns

Introduction to Software Narratology

New! Now available for Kindle

The following direct links can be used to order the book now:

Buy Paperback from Amazon

Buy Paperback from Barnes & Noble

Available for Safari Books Online subscribers

This is a transcript of Memory Dump Analysis Services Webinar about Software Narratology: an exciting new discipline and a field of research founded by DumpAnalysis.org. When software executes it gives us its stories in the form of UI events, software traces and logs. Such stories can be analyzed for their structure and patterns for troubleshooting, debugging and problem resolution purposes. Topics also include software narremes and their types, anticipatory software construction and software diagnostics.

  • Title: Software Narratology: An Introduction to the Applied Science of Software Stories
  • Authors: Dmitry Vostokov, Memory Dump Analysis Services
  • Publisher: OpenTask (April 2012)
  • Language: English
  • Product Dimensions: 28.0 x 21.6
  • Paperback: 26 pages
  • ISBN-13: 978-1908043078

x86/x64 Assembly Language and Windows Debugging

Due to many questions on recommended books to learn assembly language for debugging purposes we provide these references:

Windows Debugging: Practical Foundations
x64 Windows Debugging: Practical Foundations

Each book can be read independently although some platform-independent content overlaps. x64 bit book focuses on 64-bit only.

We believe these books provide all necessary motivation, context and practical foundation for other in-depth assembly language textbooks on the market.

The similar book for x64 Mac OS X is in preparation.

Memoretics Helps Writing Fiction

One of sources of Memoretics is Narratology to which the former contributes back by providing structural and behavioral analysis patterns and frameworks.

For the full story please visit our blog: http://www.dumpanalysis.org/blog/index.php/2012/02/13/software-narratolo...

Software Problem Solving Tools as a Service

A software problem incident is described using software problem description language. Its program interpretation or compilation results in a published software problem solving tool. Tools can be reused, parameterized, aggregated and organized into hierarchical catalogs. Welcome to the TaaS of the future!

11-11-11 11:11:11 Initiatives for 2012 and Beyond

0. The design and development of SPDL (Software Problem Description Language) with a purpose to automatic generation of software troubleshooting tools based on the description of a problem. Please visit this archival link for more details: http://www.dumpanalysis.org/blog/index.php/category/spdl/

1. The design and development of memory-oriented operating system where memory is the foundation of the whole architecture from the ground up. Please visit this archival link for more details: http://www.dumpanalysis.org/blog/index.php/category/memory-os/

Analysis Productivity Now!

We have conducted research and our internal case studies show that pattern-driven approach to memory analysis significantly decreases learning time: up to 10 times faster than before if not more. Whereas in the past it could take several years to master crash and hang dump analysis - today it takes a few months.

Memory Dump Analysis Services provides the first accelerated pattern-driven analysis training to decrease learning time even more while simultaneously lowering the steep learning curve:

Accelerated Windows Memory Dump Analysis Training

Accelerated .NET Memory Dump Analysis Training


Also available:

Advanced Windows Memory Dump Analysis with Data Structures

Windows Debugging: Practical Foundations

The following direct links can be used to order the book now:

Buy Kindle version

Buy Paperback or Hardcover from Amazon

Buy Paperback or Hardcover from Barnes & Noble

Available for Safari Books Online subscribers

Written by the founder of DumpAnalysis.org this book is not about bugs or debugging techniques but about background knowledge everyone needs to start experimenting with WinDbg, learn from practical experience and read other advanced debugging books. Solid understanding of fundamentals like pointers is needed to analyze stack traces beyond !analyze -v and lmv WinDbg commands. This is the book to help technical support and escalation engineers and Windows software testers without the knowledge of assembly language to master necessary prerequisites to understand and start debugging and crash dump analysis on Windows platforms. It doesn't require any specific knowledge, fills the gap and lowers the learning curve. The book is also useful for software engineers coming from managed code or Java background, engineers coming from non-Wintel environments, Windows C/C++ software engineers without assembly language background, security researchers and beginners learning Windows software disassembling and reverse engineering techniques. This book can also be used as Intel assembly language and Windows debugging supplement for relevant undergraduate level courses.

Product details:

  • Title: Windows Debugging: Practical Foundations
  • Author: Dmitry Vostokov
  • Language: English
  • Product Dimensions: 22.86 x 15.24
  • Paperback: 200 pages
  • ISBN-13: 978-1-906717-10-0
  • Publisher: Opentask (01 February 2009)
  • Hardback: 200 pages
  • ISBN-13: 978-1-906717-67-4
  • Publisher: Opentask (23 March 2009)

Table of Contents
Errata

Praise for the book:

I am a C++/Windows developer and have been a Windows debugging enthusiast for quite a long time now. However, I have never been able to get a good and credible source of information with regards to the internals of debugging using WinDbg. Over the years, I have laid my hands on various sources that deal with Windows Debugging tools and debugging techniques. Every time I purchased a book or went through an online source, I was limited to confusing information that lead me to give up on this topic. Even reliable books that claimed to be the best in the market were nothing less than a colossal disappointment. However, recently when I came across "Windows Debugging: Practical Foundation" that was purchased by a friend of mine, I was sceptic but, nonetheless, decided to give it a chance. Trust me, although not perfect, the book has helped me a lot in learning more about windows internals and debugging techniques. I would like to extend my complements for writing a book that divulges details in a very concise yet clear manner.

Sriram Sarma

Book reviews:

Amazon reviews
Amazon UK reviews

CyberSpace and The Solution to CyberProblems

Memoretics views Cyber Space as Memory Space + Memory Data. Here Memory Space consists of many different memory spaces. Although data is private property memory space where it is located is not:

We propose private property on memory spaces and their partitions as a solution to various Cyber problems such as Cyber Crime and Cyber War:

Introduction to Pattern-Driven Software Problem Solving

New! Now available for Kindle

Also available for Safari Books Online subscribers

The following direct links can be used to order the book now:

Buy Paperback from Amazon

Buy Paperback from Barnes & Noble

The full transcript of Memory Dump Analysis Services Webinar on pattern-driven software troubleshooting, debugging and maintenance. Topics include: A Short History of DumpAnalysis.org; Memory Dump Analysis Patterns; Troubleshooting and Debugging Tools (Debugware) Patterns; Software Trace Analysis Patterns; From Software Defects to Software Behavior; Workaround Patterns; Structural Memory Patterns; Memory Analysis Domain Pattern Hierarchy; New Directions.

  • Title: Introduction to Pattern-Driven Software Problem Solving
  • Authors: Dmitry Vostokov, Memory Dump Analysis Services
  • Publisher: OpenTask (June 2011)
  • Language: English
  • Product Dimensions: 28.0 x 21.6
  • Paperback: 24 pages
  • ISBN-13: 978-1908043177

Uses of Memoretics as Cross- and Interdisciplinary Science

Memoretics as a science of memory snapshots borrows many ideas from the following disciplines (the list is not exhaustive):

  • Troubleshooting and Debugging
  • Intelligence Analysis
  • Critical Thinking
  • Forensics
  • Linguistics
  • Archaeology
  • Psychoanalysis
  • History
  • Mathematics: Sets and Categories
  • Literary Criticism and Narratology

It also contributes many ideas back. The following diagram depicts such an interaction:

Memoretics promotes pattern-driven memory dump and software trace analysis which has many uses but not limited to:

  • Software and site reliability
  • Software Debugging
  • QA and Software Testing
  • Computer Security
  • Software Troubleshooting
  • Malware Research and Analysis
  • Tools as a Service (TaaS)
  • Supportability
  • Software Diagnostics

The founding text of Memoretics is Memory Dump Analysis Anthology.

DNA of Software Behavior

We consider memory dump and software trace analysis patterns as units of software behavioral genome. This work started in 2006 and we plan to continue with the publication of volumes 6 - 10 of Memory Dump Analysis Anthology. The release of volume 6 is planned for November-December, 2011.

DNA of Software Behaviour

The image was generated using 3D memory visualization techniques.

Debugging Today

We have started a newspaper: Debugging Today

Memory Dump Analysis Anthology: Color Supplement for Volumes 4-5

The following direct links can be used to order the book now:

Buy Paperback from Amazon

Buy Paperback from Barnes & Noble

This is a supplemental volume of selected articles with 170 full color illustrations from Memory Dump Analysis Anthology: revised, edited, cross-referenced and thematically organized volumes of selected DumpAnalysis.org blog posts about debugging, modern crash dump and software trace analysis, conceptual physicalist and memory space art, speculative metaphysics of memory dump worldview (memoidealism) written in July 2009 - October 2010 for software engineers developing and maintaining products on Windows platforms, quality assurance engineers testing software on Windows platforms, technical support and escalation engineers dealing with complex software issues, security and defect researchers, reverse engineers and malware analysts, computer security and cyber warfare intelligence professionals, computer scientists, conceptual digital artists and philosophers. Unique in its breadth, depth, and scope it offers unprecedented insight into the world of software behavior and draws profound engineering, scientific, artistic and metaphysical implications.

  • Title: Memory Dump Analysis Anthology: Color Supplement for Volumes 4-5
  • Author: Dmitry Vostokov
  • Publisher: OpenTask (June 2011)
  • Language: English
  • Product Dimensions: 21.6 x 14.0
  • Paperback: 232 pages
  • ISBN-13: 978-1908043047

Table of Contents

Memory Dump Analysis Anthology, Volume 5

The following direct links can be used to order the book now:

Buy Kindle version

Buy Paperback or Hardcover from Amazon

Buy Paperback or Hardcover from Barnes & Noble

Available for Safari Books Online subscribers

Also available in PDF format from Software Diagnostics Services

Five volumes of cross-disciplinary Anthology (dubbed by the author "The Summa Memorianica") lay the foundation of the scientific discipline of Memoretics (study of computer memory snapshots and their evolution in time) that is also called Memory Dump and Software Trace Analysis.

The 5th volume contains revised, edited, cross-referenced, and thematically organized selected DumpAnalysis.org blog posts about crash dump, software trace analysis and debugging written in February 2010 - October 2010 for software engineers developing and maintaining products on Windows platforms, quality assurance engineers testing software on Windows platforms, technical support and escalation engineers dealing with complex software issues, and security researchers, malware analysts and reverse engineers. The fifth volume features:

- 25 new crash dump analysis patterns
- 11 new pattern interaction case studies (including software tracing)
- 16 new trace analysis patterns
- 7 structural memory patterns
- 4 modeling case studies for memory dump analysis patterns
- Discussion of 3 common analysis mistakes
- Malware analysis case study
- Computer independent architecture of crash analysis report service
- Expanded coverage of software narratology
- Metaphysical and theological implications of memory dump worldview
- More pictures of memory space and physicalist art
- Classification of memory visualization tools
- Memory visualization case studies
- Close reading of the stories of Sherlock Holmes: Dr. Watson’s observational patterns
- Fully cross-referenced with Volume 1, Volume 2, Volume 3, and Volume 4

Product information:

  • Title: Memory Dump Analysis Anthology, Volume 5
  • Author: Dmitry Vostokov
  • Language: English
  • Product Dimensions: 22.86 x 15.24
  • Paperback: 432 pages
  • Publisher: Opentask (17 April 2011)
  • ISBN-13: 978-1-906717-96-4
  • Hardcover: 432 pages
  • Publisher: Opentask (21 June 2011)
  • ISBN-13: 978-1-906717-97-1

Table of Contents
Errata

Back cover features memory space art image Hot Computation: Memory on Fire.

Tell Your Windows Debugging Story or Nominate Someone

Mad about debugging? Join the annual competition by telling your Windows debugging story (*) or nominating a person after 7/7/2011 and before 8/8/2011 (**). This year main prize is 5 volumes of Memory Dump Analysis Anthology + Color Supplement for Volumes 1-3 + Color Supplement for Volumes 4-5 with supplements signed by the author.

Please send your story or nominate someone using this page: http://www.dumpanalysis.org/contact or dmitry dot vostokov at dumpanalysis dot org (if your story is formatted with pictures)

(*) DumpAnalysis.org reserves the right to publish your story (in a modified form if necessary) in OpenTask magazines and books with full credit.

(**) 7/7 and 8/8 are originally proposed Memory Analysts and Debuggers Days.

Cartoon from Narasimha Vedala

Winners of 2010 Competition: http://www.dumpanalysis.org/debugging-competition-2010

The Debugging Community Project: The Anthology of Debugging

Useful debugging information, techniques, examples, best practices, tool tips and tricks are scattered across many blogs and websites. It is often hard to find what one is needed for problem resolution. OpenTask publisher plans a multi-volume project tentatively called The Anthology of Debugging to compile the best of independent articles and blog posts into printed and digital volumes. Additional topics of interest to debuggers will include but not limited to internals, disassembling and reverse engineering, source and binary code analysis.

The first volume is projected to be published after this summer (ISBN: 978-1908043276). All potential authors will be contacted for their permission, will retain their copyright and their included articles will point to the original source. Additionally, the participants will have an opportunity to include a short bio and other relevant information.

Windows Debugging Notebook: Essential User Space WinDbg Commands

The following direct links can be used to order the book now:

Buy Paperback from Amazon

Buy Paperback from Barnes & Noble

Available for Safari Books Online subscribers

This is a reference book for technical support and escalation engineers troubleshooting and debugging complex software issues. The book is also invaluable for software maintenance and development engineers debugging Windows applications and services.

  • ISBN-13: 978-1-906717-00-1
  • Publisher: OpenTask (15 May 2011)
  • Paperback: 256 pages

Table of Contents
Book review
Errata

First Fault Software Problem Solving Book

The following direct links can be used to order the book now:

Buy Paperback or Kindle Edition from Amazon

Buy Paperback from Barnes & Noble

Available for Safari Books Online subscribers

Written by a veteran in mission-critical computer system problem resolution, problem prevention, and system recovery, this book discusses solving problems on their FIRST occurrence while emphasizing software supportability and serviceability.

  • Title: First Fault Software Problem Solving: A Guide for Engineers, Managers and Users
  • Author: Dan Skwire
  • Publisher: Opentask (1 December 2009)
  • Language: English
  • Product Dimensions: 22.86 x 15.24
  • ISBN: 1906717427
  • ISBN-13: 978-1906717421
  • Paperback: 180 pages

Table of Contents
Amazon reviews
c’t – Magazin für Computertechnik review
Alan Radding's DancingDinosaur and bottomlineIT reviews

Who should read this book?

  • Software professional engineers and managers
  • End-users, system administrators and their managers
  • Software engineering students

What will the readers of this book learn?

  • How to optimize use of pre-existing software problem solving features
  • How to choose the best products to improve first fault problem-solving
  • How to get the best results when problems occur on outsourced and cloud-placed work
  • How to choose amongst first-fault tools, second-fault tools, and manual problem solving methods to best advantage for difficult problems
  • How to be an educated consumer or creator of future problem-solving software

What is the business value of reading this book?

  • Saving money on problem solving resources (servers, storage, network, software, power, space, cooling, personnel)
  • Keeping customers happier since their issues are resolved sooner
  • Reducing the durations of computer service outages that affect external clients
  • Decreasing operational overhead and encouraging sustainable, higher-performing organizations and enterprises through best problem-solving practices

What else is special about this book?

  • 21 original illustrations to feed the soul and tickle the funny-bone
  • 21 thought-provoking quotes to feed the intellect and the spirit
  • An extensive bibliography to aid in clarification and personal growth

Join Facebook DA+TA Group

This specially designed logo explores the concept of a face as a combination of dump and trace artifacts:

Join Facebook DATA (Dump Analysis + Trace Analysis) group: http://www.facebook.com/group.php?gid=95282722070

360-Degree Memory Analysis

DumpAnalysis.org portal is looking for a sponsor for the ultimate malware, memory analyst and debugger's desk: monitors joined together to form 360-degree surveillance ring with an analyst in the center.

If you or your company would like to become the sponsor: please use this contact form: http://www.dumpanalysis.org/contact

The New School of Debugging

The new founded school integrates traditional multidisciplinary debugging approaches and methodologies with:

- multiplatform pattern-driven software problem solving
- unified debugging patterns
- generative debugging
- best practices in memory dump analysis and software tracing
- computer security
- humanities and social sciences including archaeology and economics
- new emerging trends

Debugging in 2021: Trends for the Next Decade

  • Increased complexity of software will bring more methods from biological, social sciences and humanities in addition to existing methods of automated debugging and computer science techniques
  • Focus on first fault software problem solving (when aspect)
  • Focus on pattern-driven software problem solving (how aspect)
  • Fusion of debugging and malware analysis into a unified structural and behavioral pattern framework
  • Visual debugging, memory and software trace visualization techniques
  • Software maintenance certification
  • Focus on domain-driven troubleshooting and debugging tools as a service (debugware TaaS)
  • Focus on security issues related to memory dumps and software traces
  • New scripting languages and programming language extensions for debugging
  • The maturation of the science of memory snapshots and software traces (memoretics)

Follow the Twitter Trace

This specially designed logo explores the concept of Twitter message stream as a software (t)race:

Follow DumpAnalysis @ Twitter: http://twitter.com/DumpAnalysis

Memory Analysis as a Service

MAaaS includes 2 complementary DA+TA services:

1. Dump Analysis as a Service (DAaaS)
2. Trace Analysis as a Service (TAaaS)

Memory Dump Analysis Services is the first organization to provide such a service at an audit and certification levels.

Crash and Hang Analysis Audit Service

Problem: You are not satisfied with a crash report.

Problem: Your critical issue is escalated to the VP level. Engineers analyze memory dumps and software traces. No definite conclusion so far. You want to be sure that nothing has been omitted from the analysis.

Problem: You analyze a system dump or a software trace. You need a second pair of eyes but don't want to send your memory dump due to your company security policies.

Problem: You are a novice and need expert pattern-driven analysis of your crash and hang memory dump files or debugger logs.

Resolution: DumpAnalysis.com analyzes your analysis and provides recommendations.

Prices and service level agreements

/*** Adding AI. Analysis Improvement. ***/

Memory Dump Analysis Anthology, Volume 4

New! Now available for Kindle

The following direct links can be used to order the book now:

Buy Paperback or Hardcover from Amazon

Buy Paperback or Hardcover from Barnes & Noble

Available for Safari Books Online subscribers

Also available in PDF format from Software Diagnostics Services

This is a revised, edited, cross-referenced and thematically organized volume of selected DumpAnalysis.org blog posts about crash dump analysis and debugging written in July 2009 - January 2010 for software engineers developing and maintaining products on Windows platforms, quality assurance engineers testing software on Windows platforms, technical support and escalation engineers dealing with complex software issues, and security researchers, malware analysts and reverse engineers. The fourth volume features:

- 15 new crash dump analysis patterns
- 13 new pattern interaction case studies
- 10 new trace analysis patterns
- 6 new Debugware patterns and case study
- Workaround patterns
- Updated checklist
- Fully cross-referenced with Volume 1, Volume 2 and Volume 3
- Memory visualization tutorials
- Memory space art

Product information:

  • Title: Memory Dump Analysis Anthology, Volume 4
  • Author: Dmitry Vostokov
  • Language: English
  • Product Dimensions: 22.86 x 15.24
  • Paperback: 424 pages
  • Publisher: Opentask (15 November 2010)
  • ISBN-13: 978-1-906717-86-5
  • Hardcover: 424 pages
  • Publisher: Opentask (15 November 2010)
  • ISBN-13: 978-1-906717-87-2

Table of Contents
Errata

Back cover features memory space art image: Internal Process Combustion.

Syndicate content