Software Diagnostics Library

Archive for March 2nd, 2009

Pattern-Driven Memory Analysis (Part 1)

Monday, March 2nd, 2009

Last week I had an opportunity to present a pattern-driven memory dump analysis methodology at a global engineering conference. Now in a series of articles I’m going to clarify certain points and extend it to wider domain of memory analysis including computer memory forensics and intelligence.

Today I post the reworked picture of a waterfall-like analysis process:

Various phases and their relationship will be discussed in subsequent parts together with examples.

- Dmitry Vostokov @ DumpAnalysis.org -

Posted in Citrix, Crash Dump Analysis, Crash Dump Patterns, Debugging, Debugging Methodology, Memory Analysis Forensics and Intelligence, Security, Software Technical Support, Troubleshooting Methodology, WinDbg Scripts | 2 Comments »

March 2009

M T W T F S S

« Feb Apr »

1

2 3 4 5 6 7 8

9 10 11 12 13 14 15

16 17 18 19 20 21 22

23 24 25 26 27 28 29

30 31
Pages
- About Dmitry Vostokov
- Abstract Debugging Commands
- Automated Crash Analysis
- Basic Windows Crash Dump Analysis
- Common Mistakes
- Complete Memory Dump Slice Part 1 (11Mb JPEG)
- Complete Memory Dump Slice Part 2 (10Mb JPEG)
- Crash Dump Analysis Patterns
- Crash Dump Analysis Style
- Crash Dumps For Dummies
- DebugWare Patterns
- First Chance Exceptions Explained
- Interrupts and Exceptions Explained
- Kernel Minidump Analysis
- Malware Analysis Patterns
- Memory Dump Analysis Interview Questions
- Memory Dump File Samples
- Page File Image Slice (7Mb JPEG)
- Pattern Cooperation
- Pattern-Driven Memory Analysis
- Practical Foundations of Debugging (x64)
- Practical Foundations of Debugging (x86)
- Raw Stack Analysis Scripts
- Reading Windows-based Code
- Reference Stack Traces
- Software Diagnostics Architecture Patterns
- Software Tracing Best Practices
- Structural Memory Analysis Patterns
- Trace Analysis Patterns
- UML and Device Drivers
- Unified Debugging Patterns
- User Interface Problem Analysis Patterns
- Workaround Patterns
Recent Comments
- Dmitry Vostokov on Crash Dump Analysis Patterns (Part 291)
- Dmitry Vostokov on Crash Dump Analysis Patterns (Part 293)
- Dmitry Vostokov on Crash Dump Analysis Patterns (Part 291)
- Dmitry Vostokov on Crash Dump Analysis Patterns (Part 291)
- Dmitry Vostokov on Crash Dump Analysis Patterns (Part 291)
- Dmitry Vostokov on Crash Dump Analysis Patterns (Part 41a)
- Dmitry Vostokov on Crash Dump Analysis Patterns (Part 305)
- Dmitry Vostokov on Crash Dump Analysis Patterns (Part 155)
- Dmitry Vostokov on Crash Dump Analysis Patterns (Part 56)
- Dmitry Vostokov on Crash Dump Analysis Patterns (Part 160)
- Dmitry Vostokov on Crash Dump Analysis Patterns (Part 6b)
- Dmitry Vostokov on Trace Analysis Patterns (Part 50)
- Dmitry Vostokov on Crash Dump Analysis Patterns (Part 264)
- Dmitry Vostokov on Trace Analysis Patterns (Part 186)
- Dmitry Vostokov on Crash Dump Analysis Patterns (Part 16a)
Categories
- .NET Core (4)
- .NET Debugging (75)
- 7 Habits (1)
- Abstract Stack Trace Notation (1)
- ADDR Patterns (1)
- Aesthetics of Memory Dumps (15)
- Alternative History (1)
- Analysis Notation (3)
- Android Crash Corner (1)
- Android Trace Corner (2)
- Announcements (609)
- Anomaly Detection (1)
- Anthropology (4)
- AntiPatterns (25)
- Applied Mathematics (2)
- Archaeology of Computer Memory (9)
- ARM64 Linux (1)
- ARM64 Windows (4)
- Art (97)
- Artificial Intelligence for Debugging (2)
- Assembly Language (113)
- Baby Turing Series (5)
- Best Practices (10)
- Bigraphical Details (1)
- Biographies (5)
- Biology (6)
- Books (326)
- Books (Korean) (1)
- Breakfast with Intel (3)
- Bugchecks Depicted (36)
- Bugtations (178)
- Build Date Astrology (6)
- Business (3)
- C and C++ (33)
- C++11 (2)
- Cartoons (41)
- Catastrophe Theory (2)
- Categorical Debugging (12)
- Causality (2)
- CDA Pattern Classification (21)
- CDF Analysis Tips and Tricks (116)
- Certification (26)
- Chaos (2)
- Chemistry (9)
- Citrix (106)
- Cloud Computing (6)
- Cloud Memory Dump Analysis (11)
- Code Reading (52)
- COM Debugging (4)
- Common Mistakes (34)
- Common Questions (4)
- Competitions and Awards (5)
- Complete Memory Dump Analysis (60)
- Complexity (3)
- Computation (2)
- Computational Ghosts and Bug Hauntings (8)
- Computer Forensics (8)
- Computer Memory Monsters (1)
- Computer Science (42)
- Computicart (Computical Art) (17)
- Containers (1)
- Core Dump Analysis (67)
- Countefactual Debugging (12)
- Crash Analysis Report Environment (CARE) (25)
- Crash Dump Analysis (1451)
- Crash Dump De-analysis (9)
- Crash Dump Patterns (832)
- Crash Dumps and Legal (1)
- Crash Dumps for Dummies (58)
- Customer Service Patterns (1)
- Cyber Intelligence (4)
- Cyber Problems (5)
- Cyber Security (4)
- Cyber Space (4)
- Cyber Warfare (11)
- Data Analysis (5)
- Data Recovery (10)
- Data Science (6)
- Databases (2)
- Debugged! MZ/PE (32)
- Debugging (1311)
- Debugging and Nature (7)
- Debugging Bureau (4)
- Debugging Environment (3)
- Debugging for Children (1)
- Debugging Industry (12)
- Debugging Jokes (2)
- Debugging Methodology (41)
- Debugging Slang (48)
- Debugging Today (2)
- Debugging Tours (1)
- Debugging Trends (11)
- Debugging TV (3)
- DebugWare Patterns (39)
- Deep Down C++ (16)
- Dictionary of Debugging (19)
  - 7 (1)
  - 8 (1)
  - B (1)
  - C (1)
  - H (1)
  - K (1)
  - M (3)
  - O (1)
  - P (1)
  - T (1)
  - U (1)
  - V (1)
- Dr. Watson (12)
- Dublin School of Security (9)
- DumpAnalysis and TraceAnalysis Logos (4)
- DumpAnalysis.org Statistics (20)
- EasyDbg (3)
- Economics (8)
- Education (2)
- Education and Research (43)
- Encyclopedia of Debugging (1)
- Encyclopedias (1)
- English Language (3)
- Epistles from Memoriarch (2)
- Escalation Engineering (85)
- Ethics (4)
- Event Tracing for Windows (ETW) (6)
- Evolution (7)
- Feature Engineering (1)
- Fiction (3)
- Fiction for Debugging (1)
- First Fault Problem Solving (9)
- First Fault Software Diagnostics (3)
- FreeBSD Crash Corner (3)
- From Cover To Cover (17)
- Fun with Cloud Computing (2)
- Fun with Crash Dumps (292)
- Fun with Debugging (84)
- Fun with Intelligence Analysis (2)
- Fun with Malware (4)
- Fun with Reversing (1)
- Fun with Social Engineering (1)
- Fun with Software Diagnostics (4)
- Fun with Software Traces (23)
- Fun with WinDbg (3)
- Futuristic Memory Dump Analysis (14)
- Games for Debugging (6)
- GDB Annoyances (3)
- GDB for WinDbg Users (39)
- General Abnormal Patterns (1)
- General Memory Analysis (17)
- General Science (5)
- Generative AI (5)
- Generative Debugging (10)
- Geography (2)
- Global Trace Analysis (1)
- Hardware (46)
- Hermeneutics of Memory Dumps and Traces (10)
- History (107)
- Horrors of Computation (14)
- Humanities (4)
- Hyper-V (5)
- IDA for WinDbg Users (5)
- Ideas (8)
- Images of Computer Memory (5)
- In Russian (1)
- Information Warfare (1)
- Intelligence Analysis Patterns (4)
- Intelligent Memory Movement (14)
- Interviews (3)
- Java Debugging (7)
- JIT Crash Analysis (3)
- JIT Memory Space Analysis (3)
- Kernel Debugging (1)
- Kernel Development (56)
- Kernel Memory Dump Analysis (6)
- Kindle Platform (1)
- Language (4)
- Laws of Troubleshooting and Debugging (6)
- Life (3)
- Linux Crash Corner (26)
- Linux Tracing and Logging (1)
- Live Debugging (4)
- Log Analysis (179)
- LogCat Trace Analysis (1)
- Logic (5)
- Logos (3)
- M->analysis (4)
- Mac Crash Corner (36)
- Mac OS X (23)
- Machine Learning (12)
- Malnarratives (2)
- Malware Analysis (51)
- Malware Fiction (1)
- Malware Patterns (28)
- Management Bits and Tips (18)
- Marxism (2)
- Mathematical Modeling (3)
- Mathematics (10)
- Mathematics of Debugging (56)
- Mathematics of Technical Support (1)
- Medicine (3)
- Memioart (1)
- Memiotics (Memory Semiotics) (29)
- Memoidealism (61)
- Memoretics (52)
- Memorian Art (4)
- Memorianic Pilgrimages (2)
- Memorianic Prophecies (7)
- Memory Analysis Culture (13)
- Memory Analysis Forensics and Intelligence (86)
- Memory Analysis Report System (9)
- Memory and Glitches (4)
- Memory Auralization (10)
- Memory Celebrations (2)
- Memory Cell Diagrams (1)
- Memory CPU (1)
- Memory Diagrams (4)
- Memory Dreams (13)
- Memory Dump Analysis and Bible (1)
- Memory Dump Analysis and History (7)
- Memory Dump Analysis Jobs (40)
- Memory Dump Analysis Methodology (5)
- Memory Dump Analysis Services (43)
- Memory Dump Fiction (2)
- Memory Dumps in Movies (4)
- Memory Dumps in Myths (4)
- Memory Forensics (7)
- Memory Holidays (1)
- Memory Intelligence Agency (2)
- Memory ISA (1)
- Memory OS (2)
- Memory Religion (Memorianity) (55)
- Memory Space Art (37)
- Memory Space Music (7)
- Memory Systems Language (12)
- Memory Visualization (137)
- Memuonics (13)
- Metadefect Template Library (5)
- Metamalware (3)
- Metaphysical Society of Ireland (2)
- Metaphysics of Memory Worldview (23)
- Metrics (3)
- MFC Debugging (2)
- Minidump Analysis (49)
- Monitoring (2)
- Movies and Debugging (3)
- Multithreading (26)
- Museum of Debugging (2)
- Music for Debugging (37)
- Music of Computation (3)
- Narralog Programming Language (2)
- Narrascope (1)
- Natural Language Processing (1)
- NDIS Corner (2)
- Network Trace Analysis (4)
- Network Trace Analysis Patterns (2)
- New Acronyms (40)
- New Debugging School (11)
- New Words (50)
- Nonlinear Science (1)
- Notes on Advanced .NET Debugging (5)
- Notes on Advanced Windows Debugging (1)
- Notes on Mac OS X Internals (1)
- Notes on Windows Internals (29)
- Object Patterns (2)
- Occult Debugging (6)
- Old Mental Dumps (4)
- Opcodism (6)
- Paleo-debugging (6)
- Parenting (1)
- Pattern Icons (103)
- Pattern Models (15)
- Pattern Prediction (10)
- Pattern-Based Debugging (1)
- Pattern-Based Software Diagnostics (1)
- Pattern-Driven Debugging (6)
- Pattern-Driven Software Support (5)
- Performance Analysis (2)
- Performance Monitoring (8)
- Phenomenology of Software Diagnostics (2)
- Philosophy (129)
- Philosophy of Software Diagnostics (2)
- Physicalist Art (39)
- Physics (8)
- Poetry (10)
- Political Economy (3)
- Politics (10)
- Politics of Debugging (1)
- Presentations (6)
- Process Monitor Log Analysis (2)
- Prolog for Debugging (2)
- Prometheus (2)
- Psi-computation (8)
- Psychoanalysis (2)
- Psychoanalysis of Software Maintenance and Support (6)
- Psychology (13)
- Publishing (174)
- Python for Debugging (2)
- Quantum Software Diagnostics (2)
- Reading (General, Metareading) (4)
- Reading List 2009 (7)
- Reading List 2010 (1)
- Reading List 2011 (5)
- Reading List 2012 (8)
- Reading Notebook (38)
- Reference (7)
- Reference Cards (1)
- Religion (22)
- Resume and CV (3)
- Reverse Engineering (15)
- Reviewed on Amazon (25)
- Riemann Programming Language (5)
- Root Cause Analysis (14)
- Science Fiction (10)
- Science of Memory Dump Analysis (120)
- Science of Software Tracing (52)
- Security (106)
- Semantics (4)
- Semiotics (5)
- Social Media (6)
- Social Sciences (12)
- Sociology of Debugging (1)
- Software and Business (2)
- Software and Economics (4)
- Software and Engineering (1)
- Software and Future (4)
- Software and History (5)
- Software and Industrial Production (2)
- Software and Modeling (3)
- Software and Philosophy (3)
- Software and Politics (3)
- Software and Religion (2)
- Software and Science (2)
- Software and Sociology (3)
- Software Architecture (103)
- Software Astrology (7)
- Software Behavior DNA (13)
- Software Behavior Patterns (61)
- Software Behavioral Genome (13)
- Software Chorography (5)
- Software Chorology (6)
- Software Debugging Services (2)
- Software Defect Construction (33)
- Software Diagnostics (32)
- Software Diagnostics Architecture (1)
- Software Diagnostics Institute (7)
- Software Diagnostics Pattern Language (4)
- Software Diagnostics Patterns (8)
- Software Diagnostics Report Schemes (1)
- Software Diagnostics Services (3)
- Software Disruption Patterns (1)
- Software Engineering (111)
- Software Generalist (12)
- Software Generalist Worldview (2)
- Software Maintenance Institute (14)
- Software Narrative Fiction (9)
- Software Narrative Science (6)
- Software Narratology (81)
- Software Narratology and Literary Theory (3)
- Software Narremes (5)
- Software Pathology (1)
- Software Problem Description Patterns (6)
- Software Problem Solving (14)
- Software Prognostics (2)
- Software Support Patterns (4)
- Software Technical Support (321)
- Software Trace Analysis (436)
- Software Trace Analysis and Genetics (2)
- Software Trace Analysis and Genomics (2)
- Software Trace Analysis and History (13)
- Software Trace Analysis and Proteomics (1)
- Software Trace Analysis Report Environment (STARE) (1)
- Software Trace Analysis Tips and Tricks (15)
- Software Trace Deconstruction (12)
- Software Trace Diagramming (6)
- Software Trace Linguistics (14)
- Software Trace Modeling (7)
- Software Trace Reading (97)
- Software Trace Stylistics (1)
- Software Trace Visualization (42)
- Software Tracing Design (2)
- Software Tracing for Dummies (14)
- Software Tracing Implementation Patterns (10)
- Software Troubleshooting Patterns (18)
- Software Victimology (17)
- SPDL (6)
- SQL Debugging (2)
- Stack Trace Collection (36)
- Static Code Analysis Patterns (1)
- Statistics (3)
- StopPages Conferences (1)
- Structural Diagnostics (1)
- Structural Memory Analysis and Social Sciences (6)
- Structural Memory Patterns (31)
- Structural Trace Patterns (21)
- Systems Theory (5)
- Systems Thinking (14)
- TaaS (2)
- Telemetry (1)
- Testing (80)
- Text Analysis (2)
- The Way of Philip Marlowe (5)
- Theology (5)
- Tool Objects (7)
- Tools (282)
- Trace Acquisition Patterns (1)
- Trace Analysis and Chemistry (1)
- Trace Analysis and Geometry (4)
- Trace Analysis and Music (3)
- Trace Analysis and Physics (15)
- Trace Analysis and Topology (10)
- Trace Analysis Patterns (358)
- Trace and Log Classification (1)
- Trace and Log Forensics (1)
- Trace Engineering (1)
- Tracing and Design Patterns (3)
- Trademarks (2)
- Training and Seminars (89)
- Troubleshooting Methodology (95)
- UI Problem Analysis Patterns (10)
- Unified Debugging Patterns (16)
- Unified Software Diagnostics (6)
- Unit Testing (2)
- Uses of UML (9)
- Victimware (36)
- Victimware Analysis (12)
- Virtualization (34)
- Vista (80)
- Visual Dump Analysis (118)
- Watches for Debugging (2)
- Webinars (22)
- Wetware Patterns (1)
- WinDbg Annoyances (1)
- WinDbg Commands (1)
- WinDbg for GDB Users (33)
- WinDbg Scripting Extensions (3)
- WinDbg Scripts (65)
- WinDbg Tips and Tricks (197)
- Windows 10 (9)
- Windows 11 (9)
- Windows 7 (39)
- Windows 8 (6)
- Windows Azure (5)
- Windows Data Structures (3)
- Windows Memory Management (1)
- Windows Mobile (6)
- Windows Server 2008 (70)
- Windows Server 2012 (1)
- Windows Store Applications (1)
- Windows System Administration (42)
- Workaround Patterns (19)
- Writing (2)
- x64 Linux (18)
- x64 Mac OS X (15)
- x64 Windows (150)
- XRAM Analysis (2)
Archives
- March 2026 (1)
- February 2026 (1)
- January 2026 (1)
- December 2025 (1)
- November 2025 (4)
- October 2025 (2)
- September 2025 (2)
- August 2025 (1)
- June 2025 (2)
- March 2025 (3)
- December 2024 (1)
- September 2024 (1)
- June 2024 (3)
- April 2024 (2)
- March 2024 (10)
- February 2024 (4)
- January 2024 (4)
- December 2023 (3)
- November 2023 (2)
- September 2023 (3)
- August 2023 (1)
- July 2023 (1)
- April 2023 (2)
- March 2023 (1)
- February 2023 (15)
- November 2022 (3)
- June 2022 (1)
- March 2022 (2)
- February 2022 (1)
- January 2022 (1)
- November 2021 (4)
- October 2021 (2)
- September 2021 (2)
- August 2021 (3)
- June 2021 (1)
- May 2021 (1)
- April 2021 (5)
- March 2021 (2)
- January 2021 (3)
- November 2020 (6)
- October 2020 (1)
- September 2020 (5)
- August 2020 (3)
- July 2020 (15)
- June 2020 (5)
- May 2020 (1)
- April 2020 (2)
- February 2020 (3)
- November 2019 (2)
- October 2019 (3)
- September 2019 (3)
- July 2019 (7)
- May 2019 (3)
- April 2019 (1)
- March 2019 (2)
- February 2019 (1)
- November 2018 (2)
- October 2018 (4)
- September 2018 (3)
- August 2018 (2)
- June 2018 (1)
- May 2018 (1)
- March 2018 (1)
- January 2018 (2)
- November 2017 (3)
- October 2017 (1)
- August 2017 (2)
- July 2017 (1)
- May 2017 (12)
- April 2017 (6)
- March 2017 (2)
- February 2017 (5)
- December 2016 (4)
- November 2016 (3)
- October 2016 (1)
- September 2016 (8)
- August 2016 (4)
- July 2016 (1)
- June 2016 (3)
- May 2016 (3)
- April 2016 (2)
- March 2016 (3)
- February 2016 (1)
- January 2016 (2)
- December 2015 (15)
- November 2015 (4)
- October 2015 (7)
- September 2015 (5)
- August 2015 (1)
- July 2015 (2)
- June 2015 (3)
- May 2015 (6)
- April 2015 (4)
- March 2015 (5)
- February 2015 (5)
- January 2015 (3)
- December 2014 (1)
- November 2014 (10)
- October 2014 (12)
- September 2014 (3)
- June 2014 (4)
- May 2014 (8)
- April 2014 (7)
- February 2014 (2)
- December 2013 (2)
- November 2013 (3)
- August 2013 (2)
- July 2013 (1)
- June 2013 (1)
- May 2013 (8)
- April 2013 (1)
- March 2013 (10)
- February 2013 (18)
- January 2013 (21)
- December 2012 (14)
- November 2012 (13)
- October 2012 (18)
- September 2012 (11)
- August 2012 (8)
- July 2012 (12)
- June 2012 (22)
- May 2012 (16)
- April 2012 (24)
- March 2012 (22)
- February 2012 (15)
- January 2012 (18)
- December 2011 (29)
- November 2011 (16)
- October 2011 (22)
- September 2011 (17)
- August 2011 (15)
- July 2011 (12)
- June 2011 (26)
- May 2011 (17)
- April 2011 (19)
- March 2011 (25)
- February 2011 (25)
- January 2011 (29)
- December 2010 (29)
- November 2010 (38)
- October 2010 (45)
- September 2010 (41)
- August 2010 (30)
- July 2010 (46)
- June 2010 (29)
- May 2010 (43)
- April 2010 (44)
- March 2010 (45)
- February 2010 (28)
- January 2010 (39)
- December 2009 (29)
- November 2009 (24)
- October 2009 (28)
- September 2009 (48)
- August 2009 (31)
- July 2009 (54)
- June 2009 (40)
- May 2009 (41)
- April 2009 (36)
- March 2009 (37)
- February 2009 (42)
- January 2009 (31)
- December 2008 (43)
- November 2008 (48)
- October 2008 (53)
- September 2008 (59)
- August 2008 (44)
- July 2008 (59)
- June 2008 (40)
- May 2008 (39)
- April 2008 (27)
- March 2008 (34)
- February 2008 (30)
- January 2008 (29)
- December 2007 (19)
- November 2007 (37)
- October 2007 (25)
- September 2007 (8)
- August 2007 (29)
- July 2007 (28)
- June 2007 (10)
- May 2007 (20)
- April 2007 (23)
- March 2007 (10)
- February 2007 (16)
- January 2007 (9)
- December 2006 (14)
- November 2006 (12)
- October 2006 (33)
- September 2006 (13)
- August 2006 (5)
ARM64
- Connor McGarr’s Blog
Automated Analysis
- SuperDump
Blogroll
- !analyze -v
- !pool @eax
- 0kn0ck
- 0xc0000005
- A posteriori
- A tech support blog
- Advanced .NET Debugging Blog
- Alex Ionescu
- Alexander Bazhanyuk
- Alexey Kutuzov (Citrix TS in Russian)
- Alois Kraus
- Analyze -v
- Andrey Bazhan - Windows Tools and Troubleshooting
- Artem on Security
- ASKPERF
- Awesome Ideas
- AzureCAT
- Bill Demirkapi’s Blog
- Bing Xia
- Blogging on Citrix & Microsoft
- Brandon’s Blog
- BSOD Kernel Dump Analysis
- BSODTutorials
- BugSlasher
- Canned Platypus
- chentiangemalc
- Cisco’s Talos Intelligence
- Citrix Blogger
- Clint Huffman’s Windows Troubleshooting
- CLR Via Clojure
- Code for Concinnity
- codejury
- Coding Horror
- Connor McGarr’s Blog
- CPR Platforms Team (Ntdebugging)
- Crash Dump Analysis (Russian)
- csandker
- Cyber Security & Forensics Analytics
- DancingDinosaur
- Darkness Gate
- Debug Analyzer Blog
- Debug and Beyond
- Debug and Beyond
- DEBUG THINGS
- Debugging + Random Stuff
- Debugging Guide
- Debugging the virtual world
- Debugging Toolbox
- Debugging Tools for Windows
- Decrypt my World
- Diary of war with bugs
- Didier Stevens
- Distributed Matters
- Doron Holan
- Doug Stewart
- dtrace.org
- EreTIk’s Box
- Eugene Ching (Enegue Blog)
- Exploring the Microsoft Windows crash dump stack
- Famel
- Fedyashov’s Blog
- Flexilis
- fluxsec.red
- for(ensik){blog;}
- Frank Boldewin’s reconstructer.org
- Fuzzing the World
- Geoff Chappell, Software Analyst
- Goozy Dumps
- Hello Kernel series
- Hex Blog
- Hexacorn
- Hyper-V Internals
- Ian Voyce
- IEInternals
- if (ms) blog++;
- Insanely Low-Level
- Interrupt
- It’s Bugs All the Way Down
- j00ru//vx
- Jamie Fenton
- Jason Haley
- Jay’s Blog
- Jeremy Hurren
- John Robbins
- KaffeNews
- Ken Johnson
- Kernel - My Passion
- Kernel Mustard (DDK)
- KK’s Blog
- KnownError.com
- Lambda the Ultimate
- Language Memory
- Larry Osterman
- Leonardo Fagundes
- Lets Explore Windows
- Literate Scientist
- Lords of the Ring0
- lorenzhai
- Low Level Design
- Low Level Pleasure
- Lvdeijk’s Blog
- Machines Can Think
- Make Everyday Count
- Management Bits and Tips
- Marcelo Fartura
- MARCOT_BLOG on Security
- Mark Russinovich
- Martin Kulov’s Blog
- Matthieu Suiche
- Möbius Strip Reverse Engineering
- Mfartura’s blog
- Mind Array
- mindless-area
- MITHUN SHANBHAG’s blog
- MNIN Security Blog
- MS Security Research
- My Debug Notes
- My infected computer
- My interesting research
- Myne-us
- Needle in a Thread Stack
- Netwitness Blog
- Not a kernel guy
- Notes from a dark corner
- Of Filesystems And Other Demons
- offensivecraft
- Opcode
- OS/2 Museum
- Parallel Programming in Native Code
- Pavel’s Blog
- Perfecting Code
- Peter Wieland
- peteronprogramming
- PFE - Developer Notes for the Field
- PJ Gray
- preshing on programming
- Programming stuff
- Project Zero
- prosthetic memory
- Python windbg extension
- Quarkslab’s blog
- Ralf’s Ramblings
- Random ASCII
- RCE Endeavors
- REblog
- RedOps
- Reverse Engineering 0×4 Fun
- Reversing on Windows
- Room 362
- Sara Ford
- Sasha Goldshtein
- Satoshi’s note
- Say Goodnight
- Sean Heelan’s Blog
- SecNiche Security
- Secret Club
- SerCe’s blog
- Shellexecute
- Small Code
- SoftTalk - Multicore and Parallel Programming
- Software Astrology
- Software Generalist
- StackHash
- Steve Patrick
- Steve’s Techspot
- Sysinternals
- System Forensics
- System Programming
- Tess
- The Architecture of Open Source Applications
- The BIOS Blog
- the blog => anything goes
- The Blog Ride
- The Daily WTF
- The NDIS blog
- The Nomadic Developer
- The Old New Thing
- The Shadow File
- The Windows Blog
- Thoughts and knowledge exposed
- Tom’s Reversing
- Tone Poem
- triplefault.io
- TSS Blog
- Under The Hood
- Unhandled Exceptions
- Unintended Results
- Val3ntin’s Blog
- VeraCode
- Visual C++ Team
- Visualization News
- Voidsec
- Volker von Einem
- VRT
- waliedassar
- WASM
- Welcome to the Corner of Excellence
- WER Services
- WinDBG/KD Fun
- Windows Debugging
- Windows Programming Notes
- Within Windows
- Wolf’s IT-thoughts
- x64
- Yarden Shafir
Debugging Channels
- Debugging TV
Forensics
- forensicswiki.org
Hardware
- Ken Shirriff’s blog
- Visual Transistor-level Simulation
Linux
- people.kernel.org
Mac OS X
- NSBlog (mikeash.com)
- Reverse Engineering Mac OS X
- System Development
Magazines and Newspapers
- Debugging Expert
- Debugging Today
- Dr.Dobb’s
- HITB
- MSDN
- Uninformed
Malware Analysis
- KernelMode.info
- Malware Samples
- REXORVC0
Medical Diagnostics
- db’s Medical Rants
Narratology
- The Living Handbook of Narratology
Related Links
- Advanced .NET Debugging Book
- Advanced Windows Debugging Book
- Asm Encyclopedia
- Below Gotham Labs
- Book Store
- Bugchecks to Patterns Map
- CMDTREE.TXT for CDA Checklist
- Code Machine Resources
- Compiler Explorer
- Crash Dump Analysis (Russian)
- Crash Dump Analysis Card
- Crash Dump Analysis Checklist
- Crash Dump Analysis Forum
- Crash Dump Analysis Help
- Crash Dump Analysis Portal
- Crash Dump Analysis Poster
- Debug Analyzer
- Debugging Spy Network
- Memory Dump Analysis Services
- Metamath
- NDIS Developer’s Reference
- Opening Windows
- OpenTask
- PasteBin
- Rosetta Stone for Unix
- Software Trace Analysis Checklist
- SOS Commands
- SysProgs (VisualDDK)
- Systemic Software Debugging
- The Architecture of Open Source Applications
- Tool Objects
- Visual Complexity
- WinDbg Quick Links
Reversing
- Binary Parsing
Scripting Languages
- The Modern JavaScript Tutorial
Source Code
- Koders
Tracing Tools
- Linux Performance
- MaiZure’s Projects
Meta
- Login
- Entries RSS
- Comments RSS
- WordPress.org

March 2009
M	T	W	T	F	S	S
« Feb				Apr »
						1
2	3	4	5	6	7	8
9	10	11	12	13	14	15
16	17	18	19	20	21	22
23	24	25	26	27	28	29
30	31

Archive for March 2nd, 2009

Pattern-Driven Memory Analysis (Part 1)

Pages

Recent Comments

Categories

Archives

ARM64

Automated Analysis

Blogroll

Debugging Channels

Forensics

Hardware

Linux

Mac OS X

Magazines and Newspapers

Malware Analysis

Medical Diagnostics

Narratology

Related Links

Reversing

Scripting Languages

Source Code

Tracing Tools

Meta