3 bugtations in a column:
Every debugger I know has trouble debugging.
Talent is helpful in debugging, but guts are absolutely necessary.
With failure comes a dump.
- Dmitry Vostokov @ DumpAnalysis.org + TraceAnalysis.org -
An advice to succeed in Software Technical Support:
They said : The dump came from the wrong site
He’s a page from the end of the dump
I said : The dump came from the right site
Took me just one look
<…>
With a little debugging
You will survive
With a little debugging
You will get by
Do what you want
Go your own way
in Technical Support.
- Dmitry Vostokov @ DumpAnalysis.org + TraceAnalysis.org -
This is a seasonal greetings postcard with Windows 8 bluescreen theme:
- Dmitry Vostokov @ DumpAnalysis.org + TraceAnalysis.org -
The beginning of a debugging tale:
He was debugging for 7 years and when he stopped and looked around he saw only 2 people left from the team of 50 strong technical support engineers.
Folktale
- Dmitry Vostokov @ DumpAnalysis.org + TraceAnalysis.org -
150 bugtations so far…
Program history has two sides, a computational and a human.
- Dmitry Vostokov @ DumpAnalysis.org + TraceAnalysis.org -
Does God play keyboard?
Dmitry Vostokov, Memoriarch, Founder of Memory Religion (Memorianity)
- Dmitry Vostokov @ DumpAnalysis.org + TraceAnalysis.org -
The idea of this bugtation came to me when I bought the book in a local bookshop The Presence of the Past
The Presence of The Memory Dump: Code Resonance and the Habits of Debugging.
- Dmitry Vostokov @ DumpAnalysis.org + TraceAnalysis.org -
The idea of this bugtation came to me when I was browsing Wrotten English: A Celebration of Literary Misprints, Mistakes and Mishaps
In a chapter on funny book titles I could find:
Dumps (The story of a plain app and its struggles in computation).
Dumps by Meade (Chambers, 1905)
- Dmitry Vostokov @ DumpAnalysis.org + TraceAnalysis.org -
R.E.M. album Out of Time
I put my own track title names here:
1. I Can’t Find It!
2. Losing My Data
3. LOWORD
4. Near A Wild Pointer (*pa, *pa, *ppa, …)
5. End Of Session
6. Happy Customers
7. Be LONG
8. Half A Word Away! (A Miracle)
9. Printer Driver (Can’t Spell Its Name)
10. Customer Feedback (One, Two, Three, …)
11. Found Me In Dumps
- Dmitry Vostokov @ DumpAnalysis.org + TraceAnalysis.org -
Finally you can even learn a WinDbg command from a certificate. Memory Dump Analysis Services has created a certificate with dv WinDbg command on it:
Source: http://www.dumpanalysis.com/sample-certificate
- Dmitry Vostokov @ DumpAnalysis.org + TraceAnalysis.org -
I showed this artwork to many people and they responded that they didn’t understand or hope one day they would understand. Only one guy (a professional manager) responded positively with understanding. What I think is that real art can be interpreted in many ways. So I kindly await your criticism.
PS. This Computicart (Computical Art) work was inspired by a pet parrot at home. I’ve been observing its behaviour for more than 6 months and tried to discern a few patterns. Its name is KiKi (not related to Ki* functions).
- Dmitry Vostokov @ DumpAnalysis.org + TraceAnalysis.org -
Never thought that I would one day bugtate Bill Gates but found his quote in Knuth’s The Art of Computer Programming, Volume 1:
Memory Dumps “have” not “changed in the past two decades.”
- Dmitry Vostokov @ DumpAnalysis.org + TraceAnalysis.org -
Second Eye (or sometimes a stronger variant “second pair of eyes”) - another engineer you typically need when you don’t see anything useful in a memory dump, software trace or source code for problem resolution purposes. You are anxious to recommend something useful.
Examples: Don’t see anything in this huge trace. I need a second eye.
- Dmitry Vostokov @ DumpAnalysis.org + TraceAnalysis.org -
Recently analyzed a process memory dump and noticed that it (up and running) survived system reboot 
0:000> version
Windows Vista Version 6000 MP (2 procs) Free x64
Product: WinNt, suite: SingleUserTS Personal
kernel32.dll version: 6.0.6000.16386 (vista_rtm.061101-2205)
Machine Name:
Debug session time: Tue Jul 12 16:53:07.000 2011 (UTC + 1:00)
System Uptime: 0 days 1:27:04.516
Process Uptime: 1 days 4:05:35.000
Kernel time: 0 days 0:00:13.000
User time: 0 days 0:00:04.000
[…]
I have a hypothesis how this could have happened. Interested in knowing yours. I’ll write mine later on.
- Dmitry Vostokov @ DumpAnalysis.org + TraceAnalysis.org -
It came to my attention that almost every huge or not so x64 kernel or complete memory dump is diagnosed with excessive pool usage. Sometimes it is too excessive like in the following example:
0: kd> !vm
*** Virtual Memory Usage ***
Physical Memory: 8387414 ( 33549656 Kb)
Page File: \??\D:\pagefile.sys
Current: 33856856 Kb Free Space: 33855520 Kb
Minimum: 33856856 Kb Maximum: 46364420 Kb
Available Pages: 7231844 ( 28927376 Kb)
ResAvail Pages: 7763458 ( 31053832 Kb)
Locked IO Pages: 0 ( 0 Kb)
Free System PTEs: 33556220 ( 134224880 Kb)
Modified Pages: 2759 ( 11036 Kb)
Modified PF Pages: 2759 ( 11036 Kb)
NonPagedPool Usage: 650867425 (2603469700 Kb)
NonPagedPoolNx Usage: 83715 ( 334860 Kb)
NonPagedPool Max: 6271754 ( 25087016 Kb)
********** Excessive NonPaged Pool Usage *****
PagedPool 0 Usage: 48923 ( 195692 Kb)
PagedPool 1 Usage: 39797 ( 159188 Kb)
PagedPool 2 Usage: 37412 ( 149648 Kb)
PagedPool 3 Usage: 37536 ( 150144 Kb)
PagedPool 4 Usage: 37453 ( 149812 Kb)
PagedPool Usage: 201121 ( 804484 Kb)
PagedPool Maximum: 33554432 ( 134217728 Kb)
Session Commit: 15829 ( 63316 Kb)
Shared Commit: 7198 ( 28792 Kb)
Special Pool: 0 ( 0 Kb)
Shared Process: 158498 ( 633992 Kb)
PagedPool Commit: 201147 ( 804588 Kb)
Driver Commit: 5761 ( 23044 Kb)
Committed pages: 1126203 ( 4504812 Kb)
Commit limit: 16851145 ( 67404580 Kb)
What we can see above is that the amount of used nonpaged pool is more than 2.5 Tb which is far less than the amount of physical memory + page file size (both in total do not exceed 100 Gb). So I conclude that Windows architects did the impossible and are able to create information (pages) from vacuum like matter can be created from vacuum fluctuations. Perhaps they are a step closer to implement some features from Cantor OS.
- Dmitry Vostokov @ DumpAnalysis.org + TraceAnalysis.org -
Having Fun - Having too many functions to analyze, reverse engineer, or simply having too many of them on a call stack.
Examples: We were having fun all night. A thread had fun culminating in a double fault. Why do I love debugging?
- Dmitry Vostokov @ DumpAnalysis.org + TraceAnalysis.org -
Adult Debugging - The act of debugging when you are dealing with Functions you don’t know much about using public sources. Comes from famous xxx calls, for example:
win32k!xxxHkCallHook
win32k!xxxCallHook2
win32k!xxxCallHook
win32k!xxxReceiveMessage
win32k!xxxRealSleepThread
win32k!xxxSleepThread
win32k!xxxInterSendMsgEx
win32k!xxxSendMessageTimeout
win32k!xxxWrapSendMessage
Examples: We are doing adult debugging from time to time.
- Dmitry Vostokov @ DumpAnalysis.org + TraceAnalysis.org -
Found it funny that President’s Daily Brief is abbreviated as PDB. For intelligence analysts who might be reading this post there are a few links explaining PDB files:
I also suggest to deabbreviate PDB files as Programmer’s Daily Briefs in the context of nightly builds on Windows platforms.
- Dmitry Vostokov @ DumpAnalysis.org + TraceAnalysis.org -
“The people behind your” crashes.
- Dmitry Vostokov @ DumpAnalysis.org + TraceAnalysis.org -
In this series we start with our analysis of monsters in the realm of computer memory, software defects, malware, corrupt software structures and their various behaviour. Some of monsters are based on exaggerated crash dump and software trace patterns, some are based on the accumulated debugging and technical support wisdom. The first monster we present today is called Chimera and it lives in DLL Hell. It is based on a exaggerated pattern called Module Variety. When opening a 64-bit memory dump it shows several pages of modules (lm WinDbg command):
As the monster’s creator explained to me they used an experimental way to represent every class object as a loaded component. And it was a word processor where every paragraph, every sentence, every word and every letter was an object implemented in a separate module! The goal was to have any letter literally dance on a screen if necessary.
- Dmitry Vostokov @ DumpAnalysis.org + TraceAnalysis.org -
