Software Diagnostics Library » 2007 » November » 14

Archive for November 14th, 2007

Crash Dump Analysis Patterns (Part 36)

Wednesday, November 14th, 2007

The pattern I should have written as one of the first is called Local Buffer Overflow. It is observed on x86 platforms when a local variable and a function return address and/or saved frame pointer EBP are overwritten with some data. As a result, the instruction pointer EIP becomes Wild Pointer and we have a process crash in user mode or a bugcheck in kernel mode. Sometimes this pattern is diagnosed by looking at mismatched EBP and ESP values and in the case of ASCII or UNICODE buffer overflow EIP register may contain 4-char or 2-wchar_t value and ESP or EBP or both registers might point at some string fragment like in the example below:

0:000> r eax=000fa101 ebx=0000c026 ecx=01010001 edx=bd43a010 esi=000003e0 edi=00000000 eip=0048004a esp=0012f158 ebp=00510044 iopl=0 nv up ei pl nz na po nc cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000202 0048004a 0000 add byte ptr [eax],al ds:0023:000fa101=??

0:000> kL ChildEBP RetAddr WARNING: Frame IP not in any known module. Following frames may be wrong. 0012f154 00420047 0x48004a 0012f158 00440077 0x420047 0012f15c 00420043 0x440077 0012f160 00510076 0x420043 0012f164 00420049 0x510076 0012f168 00540041 0x420049 0012f16c 00540041 0x540041 ... ... ...

Good buffer overflow case studies with complete analysis including assembly language tutorial can be found in Buffer Overflow Attacks book.

- Dmitry Vostokov @ DumpAnalysis.org -

Posted in Assembly Language, Books, Crash Dump Analysis, Crash Dump Patterns, Debugging, Security | 4 Comments »

November 2007

M T W T F S S

« Oct Dec »

1 2 3 4

5 6 7 8 9 10 11

12 13 14 15 16 17 18

19 20 21 22 23 24 25

26 27 28 29 30
Pages
- About Dmitry Vostokov
- Abstract Debugging Commands
- Automated Crash Analysis
- Basic Windows Crash Dump Analysis
- Common Mistakes
- Complete Memory Dump Slice Part 1 (11Mb JPEG)
- Complete Memory Dump Slice Part 2 (10Mb JPEG)
- Crash Dump Analysis Patterns
- Crash Dump Analysis Style
- Crash Dumps For Dummies
- DebugWare Patterns
- First Chance Exceptions Explained
- Interrupts and Exceptions Explained
- Kernel Minidump Analysis
- Malware Analysis Patterns
- Memory Dump Analysis Interview Questions
- Memory Dump File Samples
- Page File Image Slice (7Mb JPEG)
- Pattern Cooperation
- Pattern-Driven Memory Analysis
- Practical Foundations of Debugging (x64)
- Practical Foundations of Debugging (x86)
- Raw Stack Analysis Scripts
- Reading Windows-based Code
- Reference Stack Traces
- Software Diagnostics Architecture Patterns
- Software Tracing Best Practices
- Structural Memory Analysis Patterns
- Trace Analysis Patterns
- UML and Device Drivers
- Unified Debugging Patterns
- User Interface Problem Analysis Patterns
- Workaround Patterns
Recent Comments
- Dmitry Vostokov on Crash Dump Analysis Patterns (Part 291)
- Dmitry Vostokov on Crash Dump Analysis Patterns (Part 293)
- Dmitry Vostokov on Crash Dump Analysis Patterns (Part 291)
- Dmitry Vostokov on Crash Dump Analysis Patterns (Part 291)
- Dmitry Vostokov on Crash Dump Analysis Patterns (Part 291)
- Dmitry Vostokov on Crash Dump Analysis Patterns (Part 41a)
- Dmitry Vostokov on Crash Dump Analysis Patterns (Part 305)
- Dmitry Vostokov on Crash Dump Analysis Patterns (Part 155)
- Dmitry Vostokov on Crash Dump Analysis Patterns (Part 56)
- Dmitry Vostokov on Crash Dump Analysis Patterns (Part 160)
- Dmitry Vostokov on Crash Dump Analysis Patterns (Part 6b)
- Dmitry Vostokov on Trace Analysis Patterns (Part 50)
- Dmitry Vostokov on Crash Dump Analysis Patterns (Part 264)
- Dmitry Vostokov on Trace Analysis Patterns (Part 186)
- Dmitry Vostokov on Crash Dump Analysis Patterns (Part 16a)
Categories
- .NET Core (4)
- .NET Debugging (75)
- 7 Habits (1)
- Abstract Stack Trace Notation (1)
- ADDR Patterns (1)
- Aesthetics of Memory Dumps (15)
- Alternative History (1)
- Analysis Notation (3)
- Android Crash Corner (1)
- Android Trace Corner (2)
- Announcements (609)
- Anomaly Detection (1)
- Anthropology (4)
- AntiPatterns (25)
- Applied Mathematics (2)
- Archaeology of Computer Memory (9)
- ARM64 Linux (1)
- ARM64 Windows (4)
- Art (97)
- Artificial Intelligence for Debugging (2)
- Assembly Language (113)
- Baby Turing Series (5)
- Best Practices (10)
- Bigraphical Details (1)
- Biographies (5)
- Biology (6)
- Books (326)
- Books (Korean) (1)
- Breakfast with Intel (3)
- Bugchecks Depicted (36)
- Bugtations (178)
- Build Date Astrology (6)
- Business (3)
- C and C++ (33)
- C++11 (2)
- Cartoons (41)
- Catastrophe Theory (2)
- Categorical Debugging (12)
- Causality (2)
- CDA Pattern Classification (21)
- CDF Analysis Tips and Tricks (116)
- Certification (26)
- Chaos (2)
- Chemistry (9)
- Citrix (106)
- Cloud Computing (6)
- Cloud Memory Dump Analysis (11)
- Code Reading (52)
- COM Debugging (4)
- Common Mistakes (34)
- Common Questions (4)
- Competitions and Awards (5)
- Complete Memory Dump Analysis (60)
- Complexity (3)
- Computation (2)
- Computational Ghosts and Bug Hauntings (8)
- Computer Forensics (8)
- Computer Memory Monsters (1)
- Computer Science (42)
- Computicart (Computical Art) (17)
- Containers (1)
- Core Dump Analysis (67)
- Countefactual Debugging (12)
- Crash Analysis Report Environment (CARE) (25)
- Crash Dump Analysis (1451)
- Crash Dump De-analysis (9)
- Crash Dump Patterns (832)
- Crash Dumps and Legal (1)
- Crash Dumps for Dummies (58)
- Customer Service Patterns (1)
- Cyber Intelligence (4)
- Cyber Problems (5)
- Cyber Security (4)
- Cyber Space (4)
- Cyber Warfare (11)
- Data Analysis (5)
- Data Recovery (10)
- Data Science (6)
- Databases (2)
- Debugged! MZ/PE (32)
- Debugging (1311)
- Debugging and Nature (7)
- Debugging Bureau (4)
- Debugging Environment (3)
- Debugging for Children (1)
- Debugging Industry (12)
- Debugging Jokes (2)
- Debugging Methodology (41)
- Debugging Slang (48)
- Debugging Today (2)
- Debugging Tours (1)
- Debugging Trends (11)
- Debugging TV (3)
- DebugWare Patterns (39)
- Deep Down C++ (16)
- Dictionary of Debugging (19)
  - 7 (1)
  - 8 (1)
  - B (1)
  - C (1)
  - H (1)
  - K (1)
  - M (3)
  - O (1)
  - P (1)
  - T (1)
  - U (1)
  - V (1)
- Dr. Watson (12)
- Dublin School of Security (9)
- DumpAnalysis and TraceAnalysis Logos (4)
- DumpAnalysis.org Statistics (20)
- EasyDbg (3)
- Economics (8)
- Education (2)
- Education and Research (43)
- Encyclopedia of Debugging (1)
- Encyclopedias (1)
- English Language (3)
- Epistles from Memoriarch (2)
- Escalation Engineering (85)
- Ethics (4)
- Event Tracing for Windows (ETW) (6)
- Evolution (7)
- Feature Engineering (1)
- Fiction (3)
- Fiction for Debugging (1)
- First Fault Problem Solving (9)
- First Fault Software Diagnostics (3)
- FreeBSD Crash Corner (3)
- From Cover To Cover (17)
- Fun with Cloud Computing (2)
- Fun with Crash Dumps (292)
- Fun with Debugging (84)
- Fun with Intelligence Analysis (2)
- Fun with Malware (4)
- Fun with Reversing (1)
- Fun with Social Engineering (1)
- Fun with Software Diagnostics (4)
- Fun with Software Traces (23)
- Fun with WinDbg (3)
- Futuristic Memory Dump Analysis (14)
- Games for Debugging (6)
- GDB Annoyances (3)
- GDB for WinDbg Users (39)
- General Abnormal Patterns (1)
- General Memory Analysis (17)
- General Science (5)
- Generative AI (5)
- Generative Debugging (10)
- Geography (2)
- Global Trace Analysis (1)
- Hardware (46)
- Hermeneutics of Memory Dumps and Traces (10)
- History (107)
- Horrors of Computation (14)
- Humanities (4)
- Hyper-V (5)
- IDA for WinDbg Users (5)
- Ideas (8)
- Images of Computer Memory (5)
- In Russian (1)
- Information Warfare (1)
- Intelligence Analysis Patterns (4)
- Intelligent Memory Movement (14)
- Interviews (3)
- Java Debugging (7)
- JIT Crash Analysis (3)
- JIT Memory Space Analysis (3)
- Kernel Debugging (1)
- Kernel Development (56)
- Kernel Memory Dump Analysis (6)
- Kindle Platform (1)
- Language (4)
- Laws of Troubleshooting and Debugging (6)
- Life (3)
- Linux Crash Corner (26)
- Linux Tracing and Logging (1)
- Live Debugging (4)
- Log Analysis (179)
- LogCat Trace Analysis (1)
- Logic (5)
- Logos (3)
- M->analysis (4)
- Mac Crash Corner (36)
- Mac OS X (23)
- Machine Learning (12)
- Malnarratives (2)
- Malware Analysis (51)
- Malware Fiction (1)
- Malware Patterns (28)
- Management Bits and Tips (18)
- Marxism (2)
- Mathematical Modeling (3)
- Mathematics (10)
- Mathematics of Debugging (56)
- Mathematics of Technical Support (1)
- Medicine (3)
- Memioart (1)
- Memiotics (Memory Semiotics) (29)
- Memoidealism (61)
- Memoretics (52)
- Memorian Art (4)
- Memorianic Pilgrimages (2)
- Memorianic Prophecies (7)
- Memory Analysis Culture (13)
- Memory Analysis Forensics and Intelligence (86)
- Memory Analysis Report System (9)
- Memory and Glitches (4)
- Memory Auralization (10)
- Memory Celebrations (2)
- Memory Cell Diagrams (1)
- Memory CPU (1)
- Memory Diagrams (4)
- Memory Dreams (13)
- Memory Dump Analysis and Bible (1)
- Memory Dump Analysis and History (7)
- Memory Dump Analysis Jobs (40)
- Memory Dump Analysis Methodology (5)
- Memory Dump Analysis Services (43)
- Memory Dump Fiction (2)
- Memory Dumps in Movies (4)
- Memory Dumps in Myths (4)
- Memory Forensics (7)
- Memory Holidays (1)
- Memory Intelligence Agency (2)
- Memory ISA (1)
- Memory OS (2)
- Memory Religion (Memorianity) (55)
- Memory Space Art (37)
- Memory Space Music (7)
- Memory Systems Language (12)
- Memory Visualization (137)
- Memuonics (13)
- Metadefect Template Library (5)
- Metamalware (3)
- Metaphysical Society of Ireland (2)
- Metaphysics of Memory Worldview (23)
- Metrics (3)
- MFC Debugging (2)
- Minidump Analysis (49)
- Monitoring (2)
- Movies and Debugging (3)
- Multithreading (26)
- Museum of Debugging (2)
- Music for Debugging (37)
- Music of Computation (3)
- Narralog Programming Language (2)
- Narrascope (1)
- Natural Language Processing (1)
- NDIS Corner (2)
- Network Trace Analysis (4)
- Network Trace Analysis Patterns (2)
- New Acronyms (40)
- New Debugging School (11)
- New Words (50)
- Nonlinear Science (1)
- Notes on Advanced .NET Debugging (5)
- Notes on Advanced Windows Debugging (1)
- Notes on Mac OS X Internals (1)
- Notes on Windows Internals (29)
- Object Patterns (2)
- Occult Debugging (6)
- Old Mental Dumps (4)
- Opcodism (6)
- Paleo-debugging (6)
- Parenting (1)
- Pattern Icons (103)
- Pattern Models (15)
- Pattern Prediction (10)
- Pattern-Based Debugging (1)
- Pattern-Based Software Diagnostics (1)
- Pattern-Driven Debugging (6)
- Pattern-Driven Software Support (5)
- Performance Analysis (2)
- Performance Monitoring (8)
- Phenomenology of Software Diagnostics (2)
- Philosophy (129)
- Philosophy of Software Diagnostics (2)
- Physicalist Art (39)
- Physics (8)
- Poetry (10)
- Political Economy (3)
- Politics (10)
- Politics of Debugging (1)
- Presentations (6)
- Process Monitor Log Analysis (2)
- Prolog for Debugging (2)
- Prometheus (2)
- Psi-computation (8)
- Psychoanalysis (2)
- Psychoanalysis of Software Maintenance and Support (6)
- Psychology (13)
- Publishing (174)
- Python for Debugging (2)
- Quantum Software Diagnostics (2)
- Reading (General, Metareading) (4)
- Reading List 2009 (7)
- Reading List 2010 (1)
- Reading List 2011 (5)
- Reading List 2012 (8)
- Reading Notebook (38)
- Reference (7)
- Reference Cards (1)
- Religion (22)
- Resume and CV (3)
- Reverse Engineering (15)
- Reviewed on Amazon (25)
- Riemann Programming Language (5)
- Root Cause Analysis (14)
- Science Fiction (10)
- Science of Memory Dump Analysis (120)
- Science of Software Tracing (52)
- Security (106)
- Semantics (4)
- Semiotics (5)
- Social Media (6)
- Social Sciences (12)
- Sociology of Debugging (1)
- Software and Business (2)
- Software and Economics (4)
- Software and Engineering (1)
- Software and Future (4)
- Software and History (5)
- Software and Industrial Production (2)
- Software and Modeling (3)
- Software and Philosophy (3)
- Software and Politics (3)
- Software and Religion (2)
- Software and Science (2)
- Software and Sociology (3)
- Software Architecture (103)
- Software Astrology (7)
- Software Behavior DNA (13)
- Software Behavior Patterns (61)
- Software Behavioral Genome (13)
- Software Chorography (5)
- Software Chorology (6)
- Software Debugging Services (2)
- Software Defect Construction (33)
- Software Diagnostics (32)
- Software Diagnostics Architecture (1)
- Software Diagnostics Institute (7)
- Software Diagnostics Pattern Language (4)
- Software Diagnostics Patterns (8)
- Software Diagnostics Report Schemes (1)
- Software Diagnostics Services (3)
- Software Disruption Patterns (1)
- Software Engineering (111)
- Software Generalist (12)
- Software Generalist Worldview (2)
- Software Maintenance Institute (14)
- Software Narrative Fiction (9)
- Software Narrative Science (6)
- Software Narratology (81)
- Software Narratology and Literary Theory (3)
- Software Narremes (5)
- Software Pathology (1)
- Software Problem Description Patterns (6)
- Software Problem Solving (14)
- Software Prognostics (2)
- Software Support Patterns (4)
- Software Technical Support (321)
- Software Trace Analysis (436)
- Software Trace Analysis and Genetics (2)
- Software Trace Analysis and Genomics (2)
- Software Trace Analysis and History (13)
- Software Trace Analysis and Proteomics (1)
- Software Trace Analysis Report Environment (STARE) (1)
- Software Trace Analysis Tips and Tricks (15)
- Software Trace Deconstruction (12)
- Software Trace Diagramming (6)
- Software Trace Linguistics (14)
- Software Trace Modeling (7)
- Software Trace Reading (97)
- Software Trace Stylistics (1)
- Software Trace Visualization (42)
- Software Tracing Design (2)
- Software Tracing for Dummies (14)
- Software Tracing Implementation Patterns (10)
- Software Troubleshooting Patterns (18)
- Software Victimology (17)
- SPDL (6)
- SQL Debugging (2)
- Stack Trace Collection (36)
- Static Code Analysis Patterns (1)
- Statistics (3)
- StopPages Conferences (1)
- Structural Diagnostics (1)
- Structural Memory Analysis and Social Sciences (6)
- Structural Memory Patterns (31)
- Structural Trace Patterns (21)
- Systems Theory (5)
- Systems Thinking (14)
- TaaS (2)
- Telemetry (1)
- Testing (80)
- Text Analysis (2)
- The Way of Philip Marlowe (5)
- Theology (5)
- Tool Objects (7)
- Tools (282)
- Trace Acquisition Patterns (1)
- Trace Analysis and Chemistry (1)
- Trace Analysis and Geometry (4)
- Trace Analysis and Music (3)
- Trace Analysis and Physics (15)
- Trace Analysis and Topology (10)
- Trace Analysis Patterns (358)
- Trace and Log Classification (1)
- Trace and Log Forensics (1)
- Trace Engineering (1)
- Tracing and Design Patterns (3)
- Trademarks (2)
- Training and Seminars (89)
- Troubleshooting Methodology (95)
- UI Problem Analysis Patterns (10)
- Unified Debugging Patterns (16)
- Unified Software Diagnostics (6)
- Unit Testing (2)
- Uses of UML (9)
- Victimware (36)
- Victimware Analysis (12)
- Virtualization (34)
- Vista (80)
- Visual Dump Analysis (118)
- Watches for Debugging (2)
- Webinars (22)
- Wetware Patterns (1)
- WinDbg Annoyances (1)
- WinDbg Commands (1)
- WinDbg for GDB Users (33)
- WinDbg Scripting Extensions (3)
- WinDbg Scripts (65)
- WinDbg Tips and Tricks (197)
- Windows 10 (9)
- Windows 11 (9)
- Windows 7 (39)
- Windows 8 (6)
- Windows Azure (5)
- Windows Data Structures (3)
- Windows Memory Management (1)
- Windows Mobile (6)
- Windows Server 2008 (70)
- Windows Server 2012 (1)
- Windows Store Applications (1)
- Windows System Administration (42)
- Workaround Patterns (19)
- Writing (2)
- x64 Linux (18)
- x64 Mac OS X (15)
- x64 Windows (150)
- XRAM Analysis (2)
Archives
- March 2026 (1)
- February 2026 (1)
- January 2026 (1)
- December 2025 (1)
- November 2025 (4)
- October 2025 (2)
- September 2025 (2)
- August 2025 (1)
- June 2025 (2)
- March 2025 (3)
- December 2024 (1)
- September 2024 (1)
- June 2024 (3)
- April 2024 (2)
- March 2024 (10)
- February 2024 (4)
- January 2024 (4)
- December 2023 (3)
- November 2023 (2)
- September 2023 (3)
- August 2023 (1)
- July 2023 (1)
- April 2023 (2)
- March 2023 (1)
- February 2023 (15)
- November 2022 (3)
- June 2022 (1)
- March 2022 (2)
- February 2022 (1)
- January 2022 (1)
- November 2021 (4)
- October 2021 (2)
- September 2021 (2)
- August 2021 (3)
- June 2021 (1)
- May 2021 (1)
- April 2021 (5)
- March 2021 (2)
- January 2021 (3)
- November 2020 (6)
- October 2020 (1)
- September 2020 (5)
- August 2020 (3)
- July 2020 (15)
- June 2020 (5)
- May 2020 (1)
- April 2020 (2)
- February 2020 (3)
- November 2019 (2)
- October 2019 (3)
- September 2019 (3)
- July 2019 (7)
- May 2019 (3)
- April 2019 (1)
- March 2019 (2)
- February 2019 (1)
- November 2018 (2)
- October 2018 (4)
- September 2018 (3)
- August 2018 (2)
- June 2018 (1)
- May 2018 (1)
- March 2018 (1)
- January 2018 (2)
- November 2017 (3)
- October 2017 (1)
- August 2017 (2)
- July 2017 (1)
- May 2017 (12)
- April 2017 (6)
- March 2017 (2)
- February 2017 (5)
- December 2016 (4)
- November 2016 (3)
- October 2016 (1)
- September 2016 (8)
- August 2016 (4)
- July 2016 (1)
- June 2016 (3)
- May 2016 (3)
- April 2016 (2)
- March 2016 (3)
- February 2016 (1)
- January 2016 (2)
- December 2015 (15)
- November 2015 (4)
- October 2015 (7)
- September 2015 (5)
- August 2015 (1)
- July 2015 (2)
- June 2015 (3)
- May 2015 (6)
- April 2015 (4)
- March 2015 (5)
- February 2015 (5)
- January 2015 (3)
- December 2014 (1)
- November 2014 (10)
- October 2014 (12)
- September 2014 (3)
- June 2014 (4)
- May 2014 (8)
- April 2014 (7)
- February 2014 (2)
- December 2013 (2)
- November 2013 (3)
- August 2013 (2)
- July 2013 (1)
- June 2013 (1)
- May 2013 (8)
- April 2013 (1)
- March 2013 (10)
- February 2013 (18)
- January 2013 (21)
- December 2012 (14)
- November 2012 (13)
- October 2012 (18)
- September 2012 (11)
- August 2012 (8)
- July 2012 (12)
- June 2012 (22)
- May 2012 (16)
- April 2012 (24)
- March 2012 (22)
- February 2012 (15)
- January 2012 (18)
- December 2011 (29)
- November 2011 (16)
- October 2011 (22)
- September 2011 (17)
- August 2011 (15)
- July 2011 (12)
- June 2011 (26)
- May 2011 (17)
- April 2011 (19)
- March 2011 (25)
- February 2011 (25)
- January 2011 (29)
- December 2010 (29)
- November 2010 (38)
- October 2010 (45)
- September 2010 (41)
- August 2010 (30)
- July 2010 (46)
- June 2010 (29)
- May 2010 (43)
- April 2010 (44)
- March 2010 (45)
- February 2010 (28)
- January 2010 (39)
- December 2009 (29)
- November 2009 (24)
- October 2009 (28)
- September 2009 (48)
- August 2009 (31)
- July 2009 (54)
- June 2009 (40)
- May 2009 (41)
- April 2009 (36)
- March 2009 (37)
- February 2009 (42)
- January 2009 (31)
- December 2008 (43)
- November 2008 (48)
- October 2008 (53)
- September 2008 (59)
- August 2008 (44)
- July 2008 (59)
- June 2008 (40)
- May 2008 (39)
- April 2008 (27)
- March 2008 (34)
- February 2008 (30)
- January 2008 (29)
- December 2007 (19)
- November 2007 (37)
- October 2007 (25)
- September 2007 (8)
- August 2007 (29)
- July 2007 (28)
- June 2007 (10)
- May 2007 (20)
- April 2007 (23)
- March 2007 (10)
- February 2007 (16)
- January 2007 (9)
- December 2006 (14)
- November 2006 (12)
- October 2006 (33)
- September 2006 (13)
- August 2006 (5)
ARM64
- Connor McGarr’s Blog
Automated Analysis
- SuperDump
Blogroll
- !analyze -v
- !pool @eax
- 0kn0ck
- 0xc0000005
- A posteriori
- A tech support blog
- Advanced .NET Debugging Blog
- Alex Ionescu
- Alexander Bazhanyuk
- Alexey Kutuzov (Citrix TS in Russian)
- Alois Kraus
- Analyze -v
- Andrey Bazhan - Windows Tools and Troubleshooting
- Artem on Security
- ASKPERF
- Awesome Ideas
- AzureCAT
- Bill Demirkapi’s Blog
- Bing Xia
- Blogging on Citrix & Microsoft
- Brandon’s Blog
- BSOD Kernel Dump Analysis
- BSODTutorials
- BugSlasher
- Canned Platypus
- chentiangemalc
- Cisco’s Talos Intelligence
- Citrix Blogger
- Clint Huffman’s Windows Troubleshooting
- CLR Via Clojure
- Code for Concinnity
- codejury
- Coding Horror
- Connor McGarr’s Blog
- CPR Platforms Team (Ntdebugging)
- Crash Dump Analysis (Russian)
- csandker
- Cyber Security & Forensics Analytics
- DancingDinosaur
- Darkness Gate
- Debug Analyzer Blog
- Debug and Beyond
- Debug and Beyond
- DEBUG THINGS
- Debugging + Random Stuff
- Debugging Guide
- Debugging the virtual world
- Debugging Toolbox
- Debugging Tools for Windows
- Decrypt my World
- Diary of war with bugs
- Didier Stevens
- Distributed Matters
- Doron Holan
- Doug Stewart
- dtrace.org
- EreTIk’s Box
- Eugene Ching (Enegue Blog)
- Exploring the Microsoft Windows crash dump stack
- Famel
- Fedyashov’s Blog
- Flexilis
- fluxsec.red
- for(ensik){blog;}
- Frank Boldewin’s reconstructer.org
- Fuzzing the World
- Geoff Chappell, Software Analyst
- Goozy Dumps
- Hello Kernel series
- Hex Blog
- Hexacorn
- Hyper-V Internals
- Ian Voyce
- IEInternals
- if (ms) blog++;
- Insanely Low-Level
- Interrupt
- It’s Bugs All the Way Down
- j00ru//vx
- Jamie Fenton
- Jason Haley
- Jay’s Blog
- Jeremy Hurren
- John Robbins
- KaffeNews
- Ken Johnson
- Kernel - My Passion
- Kernel Mustard (DDK)
- KK’s Blog
- KnownError.com
- Lambda the Ultimate
- Language Memory
- Larry Osterman
- Leonardo Fagundes
- Lets Explore Windows
- Literate Scientist
- Lords of the Ring0
- lorenzhai
- Low Level Design
- Low Level Pleasure
- Lvdeijk’s Blog
- Machines Can Think
- Make Everyday Count
- Management Bits and Tips
- Marcelo Fartura
- MARCOT_BLOG on Security
- Mark Russinovich
- Martin Kulov’s Blog
- Matthieu Suiche
- Möbius Strip Reverse Engineering
- Mfartura’s blog
- Mind Array
- mindless-area
- MITHUN SHANBHAG’s blog
- MNIN Security Blog
- MS Security Research
- My Debug Notes
- My infected computer
- My interesting research
- Myne-us
- Needle in a Thread Stack
- Netwitness Blog
- Not a kernel guy
- Notes from a dark corner
- Of Filesystems And Other Demons
- offensivecraft
- Opcode
- OS/2 Museum
- Parallel Programming in Native Code
- Pavel’s Blog
- Perfecting Code
- Peter Wieland
- peteronprogramming
- PFE - Developer Notes for the Field
- PJ Gray
- preshing on programming
- Programming stuff
- Project Zero
- prosthetic memory
- Python windbg extension
- Quarkslab’s blog
- Ralf’s Ramblings
- Random ASCII
- RCE Endeavors
- REblog
- RedOps
- Reverse Engineering 0×4 Fun
- Reversing on Windows
- Room 362
- Sara Ford
- Sasha Goldshtein
- Satoshi’s note
- Say Goodnight
- Sean Heelan’s Blog
- SecNiche Security
- Secret Club
- SerCe’s blog
- Shellexecute
- Small Code
- SoftTalk - Multicore and Parallel Programming
- Software Astrology
- Software Generalist
- StackHash
- Steve Patrick
- Steve’s Techspot
- Sysinternals
- System Forensics
- System Programming
- Tess
- The Architecture of Open Source Applications
- The BIOS Blog
- the blog => anything goes
- The Blog Ride
- The Daily WTF
- The NDIS blog
- The Nomadic Developer
- The Old New Thing
- The Shadow File
- The Windows Blog
- Thoughts and knowledge exposed
- Tom’s Reversing
- Tone Poem
- triplefault.io
- TSS Blog
- Under The Hood
- Unhandled Exceptions
- Unintended Results
- Val3ntin’s Blog
- VeraCode
- Visual C++ Team
- Visualization News
- Voidsec
- Volker von Einem
- VRT
- waliedassar
- WASM
- Welcome to the Corner of Excellence
- WER Services
- WinDBG/KD Fun
- Windows Debugging
- Windows Programming Notes
- Within Windows
- Wolf’s IT-thoughts
- x64
- Yarden Shafir
Debugging Channels
- Debugging TV
Forensics
- forensicswiki.org
Hardware
- Ken Shirriff’s blog
- Visual Transistor-level Simulation
Linux
- people.kernel.org
Mac OS X
- NSBlog (mikeash.com)
- Reverse Engineering Mac OS X
- System Development
Magazines and Newspapers
- Debugging Expert
- Debugging Today
- Dr.Dobb’s
- HITB
- MSDN
- Uninformed
Malware Analysis
- KernelMode.info
- Malware Samples
- REXORVC0
Medical Diagnostics
- db’s Medical Rants
Narratology
- The Living Handbook of Narratology
Related Links
- Advanced .NET Debugging Book
- Advanced Windows Debugging Book
- Asm Encyclopedia
- Below Gotham Labs
- Book Store
- Bugchecks to Patterns Map
- CMDTREE.TXT for CDA Checklist
- Code Machine Resources
- Compiler Explorer
- Crash Dump Analysis (Russian)
- Crash Dump Analysis Card
- Crash Dump Analysis Checklist
- Crash Dump Analysis Forum
- Crash Dump Analysis Help
- Crash Dump Analysis Portal
- Crash Dump Analysis Poster
- Debug Analyzer
- Debugging Spy Network
- Memory Dump Analysis Services
- Metamath
- NDIS Developer’s Reference
- Opening Windows
- OpenTask
- PasteBin
- Rosetta Stone for Unix
- Software Trace Analysis Checklist
- SOS Commands
- SysProgs (VisualDDK)
- Systemic Software Debugging
- The Architecture of Open Source Applications
- Tool Objects
- Visual Complexity
- WinDbg Quick Links
Reversing
- Binary Parsing
Scripting Languages
- The Modern JavaScript Tutorial
Source Code
- Koders
Tracing Tools
- Linux Performance
- MaiZure’s Projects
Meta
- Login
- Entries RSS
- Comments RSS
- WordPress.org