Icons for Memory Dump Analysis Patterns (Part 65)
Friday, August 27th, 2010Today we introduce an icon for Special Stack Trace pattern:
B/W
Color
- Dmitry Vostokov @ DumpAnalysis.org + TraceAnalysis.org -
Archive for August 27th, 2010
Windows is waiting for the end of the century
Friday, August 27th, 2010I was inspecting the list of timers in a complete memory dump and found that in x64 W2K8 R2 (it may be also in other versions) there is a timer set to fire for the end of our century 2001 - 2100:
1: kd> !timer
Dump system timers
[...]
fffff80001c31b80 f690c4d5 0064364d [12/31/2099 23:00:00.510] nt!ExpCenturyDpcRoutine (DPC @ fffff80001c31bc0)
[…]
Its disassembly shows at that time the following work item will be executed:
1: kd> uf nt!ExpCenturyDpcRoutine
[...]
fffff800`01ae81ab 488d0dae991400 lea rcx,[nt!ExpCenturyWorkItem (fffff800`01c31b60)]
[...]
I don’t want to dig myself far into the details here 
May be someone from MS provides some comments what we should expect at the turn of the century? What should I tell my children to expect if they still run the Windows OS?
PS. Long live the Windows OS! (my the most sincere comment; no pun intended).
- Dmitry Vostokov @ DumpAnalysis.org + TraceAnalysis.org -
Trace Analysis Patterns (Part 27)
Friday, August 27th, 2010Like in a literature (and in a narratology in general) we have components that trace themselves and components that tell the story of a computation including status updates they query about other components and subsystems. This pattern gets its name Diegetic Messages from diegesis. Here’s the difference between diegetic (in blue bold) and non-diegetic trace messages:
PID TID TIME MESSAGE
11864 11912 06:34:53.598 ModuleA: foo called bar. Status OK.
11620 10372 06:34:59.754 ModuleB: ModuleA integrity check. Status OK.
Some modules may emit messages that tell about their status but from their message text we know the larger computation story like in a process startup sequence example.
- Dmitry Vostokov @ DumpAnalysis.org + TraceAnalysis.org -