Software Diagnostics Library

“Life is too short not to believe in Memory.”

Founding Farther of Memorianity

Imagine someone wrote an AI program and fit it into 4Gb. Imagine that it becomes intelligent indeed after some execution time (learning?). At some point when we admit its true intelligence we save a complete memory dump. Conclusion: we successfully reduced AI to a memory dump (out of memorillion of them). If AI requires a distributed network we still have the more complex dump (but still the dump). If AI program requires storage for its learning database we just concatenate it to the complete memory dump and we have the dump file again. Would advocates of AI or even Artificial General Intelligence agree with me?

- Dmitry Vostokov @ DumpAnalysis.org -

What gives rise to intelligence in memory medium? Apparently the drive towards infinity via power set or the so called exponentiation, where patterns, subsets of memory, are combined in their totality to form even bigger memory space. Imagine how many subsets can be formed from just one complete 4Gb memory dump?

We have 2³² unique byte pairs (address, value)

so we have 2²³² possible subsets.

- Dmitry Vostokov @ DumpAnalysis.org -

Following the news about Dr. Debugalov, Giordano Bruno¹ of Debugging, his creator, Narasimha Vedala, depicted the event at once:

This event was also filmed by Narasimha Vedala:

Burning Debugalov (3Mb AVI)

1. Giordano Bruno wrote extensive works on the art of memory and Dr. Debugalov is famous for his memory analysis techniques.

- Dmitry Vostokov @ DumpAnalysis.org -

IMM, The Intelligent Memory Movement borrows the following Intel meta-opcode for its slogan:

NoIndirection: MOV OPERAND, IMM ; Memory first, Being second

Please assemble and join me in the direction of this movement!

- Dmitry Vostokov @ DumpAnalysis.org -

Just finished listening twice to Rick Wakeman performance at Lincoln Cathedral. To paraphrase his words, when I do memory dump analysis I experience the feeling of power surge through the fingers. Highly recommended to get the feeling of being the debugging god back during bitter moments of software support:

At Lincoln Cathedral

Here is my version of track titles inspired by listening (with my comments in italics):

1. Process Mortality
2. Dance of the MIPS
3. Gifts from Help
4. THE ALL MIGHTY DEBUGGER
5. Problem solved
6. The DA TA Variations (remember DATA: Dump Analysis Trace Analysis)

- Dmitry Vostokov @ DumpAnalysis.org -

In this part we see how we can load memory dumps into ParaView data analysis and visualization system. First we need to download the latest version from here. If we have a memory dump we need first to calculate its dimensions and for a square we can use this simple formula: (int)sqrt(file_size/4). For example, the dump file I use here has the size of 1,746,853 bytes, therefore we have 660×660.

1. Launch ParaView:

2. Go to File \ Open and select All Files (*.*) and choose your .dmp file. The following dialog appears:

Choose Raw (binary) Files option.

3. If nothing changes on the screen go to View menu and select Object Inspector. The following panel should appear:

4. Here we should carefully specify parameters for our dump file:

Data Scalar Type: unsigned long
File Dimensionality: 2
Data Extent:

0 659
0 659

5. We then Apply and get the dump loaded:

6. We might want to uncheck File Lower Left at the bottom of the Object Inspector properties to get lower memory addresses start from the left-top corner of the image:

7. Also Data Byte Order LittleEndian obviously changes the color of RGB triplets or RGBA quadruplets but the large scale structure remains the same:

8. We can select View \ Show Color Legend to see how unsigned long values from the dump file are mapped continuously to colors:

I prefer to choose BigEndian because we get similar layout as we get from ImageMagick RGBA conversion or from Dump2Picture:

9. ParaView can even load large dumps, for example, this is a screenshot of 1.5Gb dump in big endian and little endian byte orderings respectively:

 - Dmitry Vostokov @ DumpAnalysis.org -

There are many books and articles titled “Large-scale Structure of X”, where X can be Space-Time, Cosmos or Universe. Here is the large-scale structure of 12Gb complete memory dump:

The image was generated with the help of ImageMagick. The dump file was interpreted as a raw RGBA image with 8-bits per color:

C:\MemoryDumps>convert -size 56751x56751 -depth 8
-resize 450x450 rgba:complete.dmp dump_12Gb_rgba_8_sq.jpg

The width and height were calculated as sqrt(filesize/4).

Complete memory dumps are physical memory dumps where modularized structure of virtual space of kernel and process memory is not expected but we see some structure nevertheless.

I’ve also created two pages with dump slices. Some viewers do not handle files with more that 32767 pixels in one dimension so I split 450×56751 slice into two:

Complete Memory Dump Slice Part 1 (11Mb JPEG)

Complete Memory Dump Slice Part 2 (10Mb JPEG)  

- Dmitry Vostokov @ DumpAnalysis.org -

Recently I discovered Quantum Levels on top of a continuum in one kernel memory dump:

- Dmitry Vostokov @ DumpAnalysis.org -

Just noticed that RichardS from Australia (nickname: rsayad1) was outraged after reading Dumps, Bugs and Debugging Forensics book and burnt it in his fireplace. I applied my analytical and forensic skills and figured out his name: Richard Sayad. The only excuse for him is that crash dumps is so hot topic that he rushed to buy the book without even looking inside it on Amazon.

What do you think and what is your opinion about this book? It is basically composed from the following material:

Cartoons

The first 64 bugtations

For the book all cartoons were edited, polished and most of them became full color in the book version.

- Dmitry Vostokov @ DumpAnalysis.org - 

I was in McDonald’s today with my daughter. This time they popularize Einstein, giving his stature in happy meal packs, telling that the size of his brain was the same as mine. My brain continued to work after meal and I finally understood that the right memory dump is what really matters. Your computer may have 1Tb of memory but if you didn’t get the right dump at the right moment you wasted your time.

- Dmitry Vostokov @ DumpAnalysis.org - 

Following the meaning of DATA and memory dump world view via universal memory dumps I finally deciphered the acronym DUMP:

Digital Universal Memory Phase

This is the view from phase space perspective. From the point of phase space perspective we can also say:

Digital Universal Memory Point

It was the letter P that I was thinking hard about. Fortunately, when I opened Oxford Advanced Learner’s Dictionary on P section, it was “phase” word that grabbed my attention. Familiarity with classical physics and its Hamiltonian formulation provided the necessary glue.

- Dmitry Vostokov @ DumpAnalysis.org -

“Touched by an” exception.

Touched by an Angel

- Dmitry Vostokov @ DumpAnalysis.org -  

The Adelphi Training Center in Dublin, Ireland, is haunted by the ghost of pre-Internet epoch. During one debugging night, when installing a secret service, Drilliam Traceless was murdered by a redundant engineer who was envy to his charisma. He stubbed him in the back while Drilliam was unlocking his mini-computer case. He died whispering: “I’ll be back debugging”. His face sometimes appears on greenish screensavers running on computers located in that center. During morning training sessions, many trainees think this is a kind of the so called Guinness effect.

The story is adapted from The Ghost of Adelphi Theatre. 

- Dmitry Vostokov @ DumpAnalysis.org -

I was reading General Chemistry book on the way to my office today and found a nice basic chemical formula representation for processes in memory. In this nomenclature, the class of modules developed by a particular vendor constitutes an ”element”. For example, M is for Microsoft modules, C is for Citrix modules, etc. Individual modules of particular elements are similar to “atoms” and denoted as numbers in subscript. For example, net.exe command running in a typical Citrix terminal services environment has the following loaded modules where I highlighted Citrix modules in blue and Microsoft modules in red:

0:000> lm1m
net
wdmaudhook
tzhook
twnhook
scardhook
mmhook
mfaphook
cxinjime
CtxSbxHook
MPR
NETAPI32
Secur32
USER32
msvcrt
GDI32
RPCRT4
kernel32
ADVAPI32
MSVCR71
ntdll

Therefore the formula is this:

M₁₂C₈.

I put the element of the main process module first in such formulae.

The formula for IE process from the following case study:

M₁₂₆A₅U

where A is for Adobe modules and U is for an unknown module that needs identification, see Unknown Component pattern.  

These formulas can useful to highlight various hooksware components and distinguish memory dumps generated after eliminating modules for troubleshooting and debugging purposes. It also forms the basis for one of many classificatory schemes for the purposes of micro- and macro-taxonomy of software discussed in the forthcoming book: 

The Variety of Software: The Richness of Computation (ISBN: 978-1906717544) 

In the forthcoming parts I’m also going to discuss the structural formulas as well, similar to the ones used in organic chemistry. 

- Dmitry Vostokov @ DumpAnalysis.org -

Some memory dumps can serve the role of a relic and be the subject of veneration. For example, a universal memory dump that reveals the eternity and infinity of Memory. Speaking about earthly artifacts, like computer memory dumps, some of them could be relics and subjects of personal veneration after being generated from a cult system or when a venerated person was working on a computer, for example, doing code construction or writing and composing great works of significant value.

- Dmitry Vostokov @ DumpAnalysis.org -

Whom to blame if a process or a system crashes or freezes?

“Mr. Quinn: It is very dangerous to ignore political dumps these days. Mr. Dempsey: All dumps are political.”

Source

- Dmitry Vostokov @ DumpAnalysis.org -

Now some pictures from Citrix CDF traces.

Deep waters of The Sea of Traces:

Considering software tracing as narrative no wonder one day I discovered the vast Library of Software Logs in the sea above:

- Dmitry Vostokov @ DumpAnalysis.org -

I was suddenly enlightened by the unification of software traces with memory dumps and it came to me that DATA is simply Dump Analysis + Trace Analysis. It is commutative with TADA, the sound of accomplishment (tada.wav in Windows \ Media folder).

This can’t be a coincidence, can it?

- Dmitry Vostokov @ DumpAnalysis.org -

Do you remember memuons¹, the indivisible entities of memory? Their study is the domain of the new science called memuonics². According to the so called memophysical principle³,we have particle interpretation of memuons. This is called classical memuonics with classical memory field theory where memuons are “quanta” of memory. We can also ”quantize” memory fields and get quantum memory field theories where memuons are created and annihilated.

(1) The notion of memuons first appeared in the philosophy of memoidealism.

(2) Please don’t confuse memuonics with memiotics. The latter is computer memory semiotics.

(3) Memophysical principle - theories of memory-based universe need to take into account the current mainstream sciences including physics.

- Dmitry Vostokov @ DumpAnalysis.org -

This is a computational ghost that comes from CPU spiking tops and hills to bring sickness to small programs. Red color from RGB triplets provides early warning signs.

Inspired by non-computational Acheri.

PS. This category of computational ghosts and bug hauntings was also inspired by an e-mail conversation between two software engineers that I witnessed some years ago when one told another: “Is this your fix that is still haunting us?”. If you have ever visited heated code review debates you can imagine the provoked response.

- Dmitry Vostokov @ DumpAnalysis.org -