Archive for October 26th, 2010

Crash Dump Analysis Patterns (Part 111)

Tuesday, October 26th, 2010

Sometimes when looking at a module list (lmv WinDbg command) we see the presence of the whole Pervasive System. It is not just a module that does function and/or message hooking but the whole system of modules from a single vendor that is context-aware (for example, reads its configuration from registry) and consists of several components that communicate with other processes. The penetrating system is supposed to add some additional value or to coexist peacefully in a larger environment. The system thus becomes coupled strongly and/or weakly with other processes it was never intended to work with as opposed to intended module variety. At one extreme modules from pervasive system can be ubiquitous and at the other end hidden. In such cases troubleshooting consists of the total removal of pervasive modules and if the problem disappears their exclusion one by one to find the problem component.

- Dmitry Vostokov @ + -