While working on "Computer Memory Visualization" book I noticed this recent title and immediately bought it:
This is not only a wonderful hardcover coffee table book with stunning photographs of old computers and their memory hardware but also has numerous historical notes. It nicely complements my own DLL List Landscape: The Art from Computer Memory Space book that features virtual memory visual images.
DumpAnalysis.org jointly with OpenTask establishes Memory Analysis & Debugging Institute (MA&DI)
Includes 60 programmed exercises from real life debugging and crash dump analysis scenarios and multiple-choice questions with full answers, comments and suggestions for further reading.
DumpAnalysis.org jointly with OpenTask publisher announces forthcoming 2009 as
Table of contents is amazing for its practical depth and breadth. If you want me to provide a review in a language of concurrency (I'm reading many books in parallel) I would simply say one word:
It simply means priority reading for any Windows software developer and maintainer. Invaluable for any engineer debugging complex software problems and analyzing Windows crash dumps. Simply because Microsoft OS and CLR developers use all this concurrent stuff and best practices described in the book so it is vital to be able recognize them in memory dumps. After reading this book you also get priority boost in your understanding of process and thread dynamics and your ability to plan, architect, design and implement concurrent applications and services.
The new link "Arts & Photography" has been added to the top panel featuring cartoons from Narasimha Vedala.
Full-color reference book of crash dump analysis patterns. Should be on the desk of every software technical support, escalation, and maintenance software engineer and tester. Preliminary details:
Crash Dump Analysis and Debugging Forum has been upgraded and reopened again. In order to prevent spammers gaining access any new registration has to be approved by the forum administrator (usually in less than 24 hours).
This is planned for publication after Windows Crash Dump Analysis book. Preliminary information is:
Forthcoming introductory book for software engineers transitioning to kernel-mode development or expanding their knowledge and skills. Can also useful for technical support and escalation engineers troubleshooting and debugging complex software issues. Preliminary information is:
This is a forthcoming book about .NET debugging seen in a wider context than CLR. Preliminary information is:
Although Windows user space and kernel interfaces are based on C language huge amount of code present in crash dumps especially in user space was written in C++ and compiled by C++ compilers. Therefore it is absolutely necessary to understand how C++ constructs need to be translated to C in order to implement various OO concepts like inheritance and polymorphism because from there you can see familiar straightforward mapping between C language constructs and assembly language. This book gives software maintenance and support engineers such solid foundation necessary to understand possible variants of C++ object layout and method dispatch that you might encounter during crash dump analysis.
The reference contains normal thread stacks and other information from Windows Server 2003 x86 complete memory dump. Useful when trying to spot anomalies in crash dumps from problem servers.
Printed versions are available for purchase at the nominal price to cover manufacturing costs:
The reference contains normal thread stacks and other information from Windows Vista x64 complete memory dump. Useful when trying to spot anomalies in crash dumps from problem workstations.
Printed version is available for purchase at the nominal price to cover manufacturing costs.
The reference contains normal thread stacks and other information from Windows Vista x86 complete memory dump. Useful when trying to spot anomalies in crash dumps from problem workstations.
Printed versions are available for purchase at the nominal price to cover manufacturing costs:
PDF file can be downloaded from this link:
Just got this nice hardcover book: 5th edition of "Programming Applications for Microsoft Windows". It has 200 pages less but more material covered because of smaller font and line spacing. What's new:
C++ classes throughout - I guess writing .NET books influenced this decision
x64 Windows specifics
New Vista and Windows Server 2008 API
Updated classes for API hooking
and the most important for me - updated SEH material and Windows Error Reporting (WER) coverage with very nice diagrams.
Bearing in mind that the previous 4th edition is 8 years old it should be read by everyone using Win32 API, debugging user mode applications (knowledge of Win32 subsystem helps greatly), extending or maintaining legacy Windows software. Highly recommended. 5 starts for 5th edition :-)
This is the book I wanted to read when I started doing Windows crash dump analysis more than 4 years ago. Although other excellent Windows debugging books existed at that time including "Debugging Applications" written by John Robbins and "Debugging Windows Programs: Strategies, Tools, and Techniques for Visual C++ Programmers" written by Everett N. McKay and Mike Woodring I needed a book that discusses debugging in the context of WinDbg and other tools from Debugging Tools for Windows package. So I had to learn from day-to-day experience and WinDbg help. Now WinDbg is a de facto standard in debugging and troubleshooting on Windows platforms and the book comes at the right time to teach the best practices and techniques. I'm reading it sequentially and I'm on the page 106 at the moment reading Chapter 2 "Basic Debugging Tasks" and I have already learnt techniques and debugging strategies I missed due to certain habits in using WinDbg. Even if you do mostly memory dump analysis and not live debugging of your product you also will learn a lot to apply in your day-to-day problem identification and troubleshooting. I'll write more about this wonderful book as soon as I finish reading it. Absolutely must have for any Windows software engineers, escalation engineers and technical support engineers willing to advance their debugging skills.
When you write programs in C or C++ it is good to know how these languages are represented in assembly language code. When you analyze crash dumps or do low level debugging involving assembly language code it is good to know how CPU abstractions are implemented in hardware. I read this book during summer and was impressed by its clarity and visual presentation. Instruction latency, pipelining, caching, locality, micro-ops fusion and memory aliasing are explained very well on color pictures without complication and all recent Intel CPU architectures including their history and motivation behind there development are covered. I particularly like data/code streams as a general computer architecture model. Highly recommended.
The reader will master crash and hang memory dump analysis for process, minidump, kernel and complete memory dumps from Windows XP/Vista/7 and Windows Server 2003/2008/R2.
Almost finished reading the book and I would never look at any source code again without security in mind. The first chapters describe how static analysis tools work. Later chapters on buffer overflows are excellent although with some minor typos. Web programming chapters on HTTP, XML, services, privacy and privilege were very illuminating. I was very eager to buy this book because I had been developing parts of C++ static code analysis tool for Programming Research (PRQA C++) 5 years ago although at that time the company didn't anticipate this market segment. Highly recommended for software engineers developing new or maintaining old software and security engineers performing code reviews.
If you are interested in modern BIOS internals, disassembling, accessing it from user or kernel mode, BIOS security and rootkits this book is a must read and as far as I know this is the only book available in the market. Reading x86 assembly language skill is a prerequisite because the book provides many BIOS code snippets. How to use IDA Pro and its freeware version for reverse engineering BIOS code is also covered. Highly recommended.
Chapter 1: PC BIOS Technology
Chapter 2: Preliminary Reverse Code Engineering
Chapter 3: BIOS-Related Software Development Preliminary
Chapter 4: Getting Acquainted with the System
Chapter 5: Implementation of Motherboard BIOS
Chapter 6: BIOS Modification
Chapter 7: PCI Expansion ROM Software Development
Chapter 8: PCI Expansion ROM Reverse Engineering
Chapter 9: Accessing BIOS within the Operating System
Chapter 10: Low-Level Remote Server Management
Chapter 11: BIOS Security Measures
Chapter 12: BIOS Rootkit Engineering
Chapter 13: BIOS Defense Techniques
Chapter 14: Embedded x86 BIOS Technology
Chapter 15: What's Next?
This is a very interesting book that views debugging from various perspectives including critical thinking. It uses GDB debugger for C++ debugging case studies and therefore this book can be considered as a GDB tutorial. Highly recommended for Unix software engineers especially if their job involves software maintenance. This book is also useful for escalation engineers willing to improve their troubleshooting and debugging skills. Very useful is Appendix B that lists and annotates various books related to debugging.
The book arrived today and I like it. Certainly when more and more drivers are WDF (KMDF or UMDF) and you start getting crash dumps you will definitely need to understand this framework. So you better start reading about it in advance. Additional covered topics are ETW (event tracing for Windows), WinDbg extensions, PREfast and static driver verifier. Highly recommended.
Highly recommended to learn about new changes and additions to Vista code base.
1. Code Quality (SAL annotation for C/C++ string buffers, banned API and cryptography, static analysis tools)
2. User Account Control, Tokens and Integrity Levels
3. Buffer Overrun Defenses (ASLR, stack randomization, heap defenses, NX, /GS, SafeSEH)
4. Networking Defenses (IPv6, Network List Manager, RSS, Winsock Secure Socket Extensions, Windows Firewall)
5. Creating Secure and Resilient Services
6. Internet Explorer 7 Defenses
7. Cryptographic Enhancements
8. Authentication and Authorization (CardSpace, GINA changes)
9. Miscellaneous Defenses and Security-Related Technologies (Windows Defender API, Signing, TPM, Credential User Interface API, Kernel Mode Debugging issues)
I bought this book 2 years ago and finally found time to read it. This is very good book if you already know C++ well from reading Effective C++, Exceptional C++ and many other top-quality books where C++ is praised. Now you would see its limitations and problems. I like the discussion about C and C++ ABI (application binary interface). To be honest I like every chapter. Almost (if not all) aspects of C++ are discussed and it is certainly good refresher if you haven't read any good C++ book in the last couple of years.