« The New Journey of The Software Professional
Moving to Kernel Space (updated references with an eye on security) »

Crash Dump Analysis Patterns (Part 113)

Sometimes we have very similar abnormal software behaviour dispositions (like crashes with similar stack traces) for different applications or services. In such cases we should also check application or service vendor and copyright in the output of lmv command. Similar to Template Module Same Vendor pattern can be useful to relate such different incidents. Usually in the same company code and people reuse tends to distribute code fragments and code construction styles across different product lines and software defects might surface in different images. For example:

0:000> lmv m ApplicationA
start    end        module name
00400000 00d99000   ApplicationA   (deferred)            
[...]
    Image name: ApplicationA.exe
    Timestamp:        [...]
    CheckSum:         00000000
[...]
    CompanyName:      CompanyA
    ProductName:      CompanyA Application
    LegalCopyright:   Copyright (c) CompanyA
[…]

0:000> lmv m ApplicationB
start    end        module name
00400000 019d0000   ApplicationB  C (no symbols)          
    Image name: ApplicationB.exe
[...]
    CompanyName:      CompanyA
    ProductName:      ApplicationB
    LegalCopyright:   Copyright (c) CompanyA
[…]

- Dmitry Vostokov @ DumpAnalysis.org + TraceAnalysis.org -

This entry was posted on Friday, October 29th, 2010 at 11:58 pm and is filed under Crash Dump Analysis, Crash Dump Patterns, Debugging. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

Leave a Reply