Archive for October 29th, 2010

Crash Dump Analysis Patterns (Part 113)

Friday, October 29th, 2010

Sometimes we have very similar abnormal software behaviour dispositions (like crashes with similar stack traces) for different applications or services. In such cases, we should also check application or service vendor and copyright in the output of lmv command. Similar to Template Module Same Vendor pattern can be useful to relate such different incidents. Usually, in the same company, code and people reuse tends to distribute code fragments and code construction styles across different product lines, and software defects might surface in different images. For example:

0:000> lmv m ApplicationA
start    end        module name
00400000 00d99000   ApplicationA   (deferred)
[...]
Image name: ApplicationA.exe
Timestamp:        [...]
CheckSum:         00000000
[...]
CompanyName:      CompanyA
ProductName:      CompanyA Application
LegalCopyright:   Copyright (c) CompanyA
[…]

0:000> lmv m ApplicationB
start    end        module name
00400000 019d0000   ApplicationB  C (no symbols)
Image name: ApplicationB.exe
[...]
CompanyName:      CompanyA
ProductName:      ApplicationB
LegalCopyright:   Copyright (c) CompanyA
[…]

- Dmitry Vostokov @ DumpAnalysis.org + TraceAnalysis.org -

The New Journey of The Software Professional

Friday, October 29th, 2010

Having spent 16 years in software engineering I ventured into software support in 2003 (with 8th year started at the time of this writing). Now it is time for the next gradual shift into software security (the domain I previously had exposure to but not as a primary focus):

The title of this post is borrowed from the book I read from cover to cover long time ago and recently put on my desk again:

Journey of the Software Professional: The Sociology of Software Development

- Dmitry Vostokov @ DumpAnalysis.org + TraceAnalysis.org -