Archive for September 20th, 2010

Icons for Memory Dump Analysis Patterns (Part 71)

Monday, September 20th, 2010

Today we introduce an icon for Wait Chain (thread objects) pattern:

B/W

Color

- Dmitry Vostokov @ DumpAnalysis.org + TraceAnalysis.org -

Trace Analysis Patterns (Part 29)

Monday, September 20th, 2010

Sometimes, when comparing normal, expected (working) and abnormal (non-working) traces we can get a clue for further troubleshooting and debugging by looking at module load events. For example, when we see an unexpected module loaded in our non-working trace, its function (and sometimes even module name) can signify some difference to pay attention to:

#     PID  TID  Time         Message
[...]
14492 6908 6912 11:06:41.953 LoadImageEvent: ImageName(\WINDOWS\system32\3rdPartySso.dll)
[...]

I call this pattern Guest Component and it is a different from Missing Component. Although in the latter pattern a missing component in one trace may appear in another but the component name is known apriori and expected. In the former pattern the component is unexpected. For example, in the trace above, its partial name fragment “Sso” may trigger a suggestion to relate differences in authentication where in a non-working case SSO (single sign-on) was configured.

- Dmitry Vostokov @ DumpAnalysis.org + TraceAnalysis.org -

On The Interpretation of M-Theory

Monday, September 20th, 2010

There many interpretations of the letter M in M-theory but I propose another one: M stands for Memory. In any outcome it surely will be committed to memory in the future either as successful or not. On the other hand I’m now trying to make sense of it in relation to Memory as an ur-foundation (ur-, primordial, German prefix).

- Dmitry Vostokov @ DumpAnalysis.org + TraceAnalysis.org -