Jobs page on Memory Dump, Software Trace, Debugging and Malware Analysis Portal now accepts company job ads related to security research, computer forensics, reverse engineering, and malware analysis in addition to debugging, software defect research, crash / core / memory dump and software trace analysis.
http://www.dumpanalysis.org/jobs
- Dmitry Vostokov @ DumpAnalysis.org + TraceAnalysis.org -
My recent desire is to have the ultimate human debugger’s desk: monitors joined together around me to have 360-degree memory surveillance. I haven’t yet been talking about spherical coordinate system for memory analysis, only cylindrical one. Any sponsor? 
Source: 360-Degree Memory Analysis
- Dmitry Vostokov @ DumpAnalysis.org + TraceAnalysis.org -
Five volumes of cross-disciplinary Anthology (dubbed by the author “The Summa Memorianica”) lay the foundation of the scientific discipline of Memoretics (study of computer memory snapshots and their evolution in time) that is also called Memory Dump and Software Trace Analysis.ca
The 5th volume contains revised, edited, cross-referenced, and thematically organized selected DumpAnalysis.org blog posts about crash dump, software trace analysis and debugging written in February 2010 - October 2010 for software engineers developing and maintaining products on Windows platforms, quality assurance engineers testing software on Windows platforms, technical support and escalation engineers dealing with complex software issues, and security researchers, malware analysts and reverse engineers. The fifth volume features:
- 25 new crash dump analysis patterns
- 11 new pattern interaction case studies (including software tracing)
- 16 new trace analysis patterns
- 7 structural memory patterns
- 4 modeling case studies for memory dump analysis patterns
- Discussion of 3 common analysis mistakes
- Malware analysis case study
- Computer independent architecture of crash analysis report service
- Expanded coverage of software narratology
- Metaphysical and theological implications of memory dump worldview
- More pictures of memory space and physicalist art
- Classification of memory visualization tools
- Memory visualization case studies
- Close reading of the stories of Sherlock Holmes: Dr. Watson’s observational patterns
- Fully cross-referenced with Volume 1, Volume 2, Volume 3, and Volume 4
Product information:
Back cover features memory space art image Hot Computation: Memory on Fire.
- Dmitry Vostokov @ DumpAnalysis.org + TraceAnalysis.org -
OpenTask to offer first 3 volumes of Memory Dump Analysis Anthology in one set:
The set is available exclusively from OpenTask e-Commerce web site starting from June. Individual volumes are also available from Amazon, Barnes & Noble and other bookstores worldwide.
Product information:
Information about individual volumes:
- Dmitry Vostokov @ DumpAnalysis.org + TraceAnalysis.org -
This is a revised, edited, cross-referenced and thematically organized volume of selected DumpAnalysis.org blog posts about crash dump analysis and debugging written in July 2009 - January 2010 for software engineers developing and maintaining products on Windows platforms, quality assurance engineers testing software on Windows platforms and technical support and escalation engineers dealing with complex software issues. The fourth volume features:
- 13 new crash dump analysis patterns
- 13 new pattern interaction case studies
- 10 new trace analysis patterns
- 6 new Debugware patterns and case study
- Workaround patterns
- Updated checklist
- Fully cross-referenced with Volume 1, Volume 2 and Volume 3
- New appendixes
Product information:
Back cover features memory space art image: Internal Process Combustion.
- Dmitry Vostokov @ DumpAnalysis.org + TraceAnalysis.org -
By analogy with a security researcher profession I propose the new title of a software defect researcher as a unified profession combining relevant fields of security research, testing, debugging, memory dump analysis, software reverse engineering, construction and maintenance. At least I consider myself a software defect researcher. If you think you consider yourself too please write a comment to this post. Thank you in advance.
- Dmitry Vostokov @ DumpAnalysis.org -
This is a revised, edited, cross-referenced and thematically organized volume of selected DumpAnalysis.org blog posts about crash dump analysis and debugging written in October 2008 - June 2009 for software engineers developing and maintaining products on Windows platforms, quality assurance engineers testing software on Windows platforms and technical support and escalation engineers dealing with complex software issues. The third volume features:
- 15 new crash dump analysis patterns
- 29 new pattern interaction case studies
- Trace analysis patterns
- Updated checklist
- Fully cross-referenced with Volume 1 and Volume 2
- New appendixes
Product information:
Back cover features 3D computer memory visualization image.
- Dmitry Vostokov @ DumpAnalysis.org -
The digital version of the book is finally available:
x64 Windows Debugging: Practical Foundations
Paperback should be available in 1-2 weeks on Amazon and other stores. When working on the book I fixed errors in the previous x86 version. Errata file for it should be available tomorrow.
- Dmitry Vostokov @ DumpAnalysis.org -
Jobs section on the portal features the new open position:
Dump Analyst for Samsung SDS India
- Dmitry Vostokov @ DumpAnalysis.org -
OpenTask plans to expand its Practical Foundations series and publish the following 2 books for the forthcoming Memory Dump Analysis Fundamentals certification (Unix track) being developed by Memory Analysis and Debugging Institute:
Linux, FreeBSD and Mac OS X Debugging: Practical Foundations (ISBN: 978-1906717773)
64-bit Linux, FreeBSD and Mac OS X Debugging: Practical Foundations (ISBN: 978-1906717780)
- Dmitry Vostokov @ DumpAnalysis.org -
Sometimes I’m asked about a broad software engineering book to recommend for general memory dump analysis that covers software architecture, design methods and diagramming languages like UML, programming languages, concurrency, real-time issues and many other topics you need to know to have systems understanding that helps in problem identification and debugging. Here’s the book that I was fortunate to buy 4-5 years ago in a book shop and is a sheer pleasure to read:
Software Engineering for Real-Time Systems
Today I found that there even exists an OMG certification based on it:
http://www.omg.org/ocres/exam-info.htm
I might try later this summer.
- Dmitry Vostokov @ DumpAnalysis.org -
The number of blog visits (excluding portal main page and other my blogs) was about 15,000 - 16,000 by the end of the last year and then it dropped to 13,000. I explain this as the fact that 5% - 10% of engineers were no longer interested in crash dumps and debugging due to layoffs. This month I see the number of visits exceeds 14,000 and this surely makes me more optimistic about the prospect of economic recovery:
- Dmitry Vostokov @ DumpAnalysis.org -
Previously announced memory dump analysis certification will have x86/x64-based tracks for Windows and Unix (including Linux / FreeBSD / Mac OS X). Each track consists of 3 exams, each having its own set of requirements and scope:
More information will be available later. The initiative is supported by OpenTask.
- Dmitry Vostokov @ DumpAnalysis.org -
This is an example from the sample question set of the forthcoming memory dump analysis certification planned by Memory Analysis and Debugging Institute. You can reply to this post with your answers.
Q. Interpret the fragment from WinDbg output below.
0:002> !teb
[...]
TEB at 7efaf000
[...]
0:002> dds poi(7efaf000+8) poi(7efaf000+4)
01192000 00000000
01192004 00000000
01192008 00000000
[...]
0119e448 00010020
0119e44c 00030002
0119e450 00050004
0119e454 00070006
0119e458 00090008
0119e45c 000b000a
0119e460 000d000c
0119e464 000f000e
0119e468 00110010
0119e46c 00130012
0119e470 00150014
0119e474 00170016
0119e478 00190018
0119e47c 001b001a
0119e480 001d001c
0119e484 001f001e
0119e488 00210020
0119e48c 00230022
0119e490 00250024
0119e494 00270026
0119e498 00290028
0119e49c 002b002a
0119e4a0 002d002c
0119e4a4 002f002e
0119e4a8 00310030
0119e4ac 00330032
0119e4b0 00350034
0119e4b4 00370036
0119e4b8 00390038
0119e4bc 003b003a
0119e4c0 003d003c
0119e4c4 003f003e
0119e4c8 00410040 MyService!__InternalCxxFrameHandler+0x5c
0119e4cc 00430042
0119e4d0 00450044
0119e4d4 00470046
0119e4d8 00490048
0119e4dc 004b004a
0119e4e0 004d004c
0119e4e4 004f004e
0119e4e8 00510050 advapi32!`string'+0x164
0119e4ec 00530052 advapi32!GetPerflibKeyValue+0x184
0119e4f0 00550054 advapi32!`string'+0x20c
0119e4f4 00570056 advapi32!_NULL_IMPORT_DESCRIPTOR+0x2714
0119e4f8 00590058 advapi32!szPerflibSectionName <PERF> (advapi32+0x90058)
0119e4fc 005b005a shlwapi!_CRT_INIT+0xaf
0119e500 005d005c shlwapi!_OpenProgidKey+0xee
0119e504 005f005e shlwapi!_pRawDllMain <PERF> (shlwapi+0x5005e)
0119e508 00410060 MyService!__InternalCxxFrameHandler+0x7c
0119e50c 00430042
0119e510 00450044
0119e514 00470046
0119e518 00490048
0119e51c 004b004a
0119e520 004d004c
0119e524 004f004e
0119e528 00510050 advapi32!`string'+0x164
0119e52c 00530052 advapi32!GetPerflibKeyValue+0x184
0119e530 00550054 advapi32!`string'+0x20c
0119e534 00570056 advapi32!_NULL_IMPORT_DESCRIPTOR+0x2714
0119e538 00590058 advapi32!szPerflibSectionName <PERF> (advapi32+0x90058)
0119e53c 007b005a
0119e540 007d007c
0119e544 007f007e
[...]
Choose all answers that are valid:
a. ASCII string fragment
b. Raw stack data
c. Exception handling
d. UNICODE string fragment
e. Partial stack traces
f. Performance monitoring
g. Execution residue
- Dmitry Vostokov @ DumpAnalysis.org -
As soon as I wrote my review of the 2nd edition I found out that the 3rd edition was recently published and immediately bought it. I intend to read it from cover to cover again and publish my notes and comments in my reading notebook on Software Generalist blog. The new edition is also bundled with a companion CD.
Programming Language Pragmatics, Third Edition
Hope in one of subsequent editions the author includes my Riemann Programming Language :-)
- Dmitry Vostokov @ DumpAnalysis.org -
Every debugging engineer needs to know how the code is interpreted or compiled. Debugging complex problems or doing memory analysis on general-purpose operating systems often requires understanding the syntax and semantics of several programming languages and their run-time support. The knowledge of optimization techniques is also important for low-level debugging when the source code is not available. The following book provides an overview of all important concepts and discusses almost 50 languages. I read the first edition 6 years ago and I liked it so much that I’m now reading the second edition.
Programming Language Pragmatics, Second Edition
- Dmitry Vostokov @ DumpAnalysis.org -
Noticed today on Amazon that my book becomes more expensive after being used:
- Dmitry Vostokov @ DumpAnalysis.org -
Listening to étude No. 1 in C major written by Frédéric Chopin (Op. 10) an idea came to me about writing 16 debugging études (ISBN: 978-1906717575). It is surprising that there are many programming études out there but there are no debugging ones. Stay tuned and be in touch with this blog.
Draft definition:
Debugging étude is a composition of software with intentional defects (bugs) of considerable difficulty to find and fix, designed to provide practice material to perfect debugging techniques and problem-solving skills.
The idea actually came to me long time ago to create some sort of debugging excersises for training purposes.
- Dmitry Vostokov @ DumpAnalysis.org -
I very proud to announce that after 3 weeks of final work the book has been released in both paperback and PDF format. In a week or so it should also appear on Amazon and other booksellers around the world. The book information and how to buy it can be found on the portal:
Windows Debugging: Practical Foundations
- Dmitry Vostokov @ DumpAnalysis.org -
Draft Table of Contents is available for the forthcoming Windows Debugging: Practical Foundations book to be released next week:
- Dmitry Vostokov @ DumpAnalysis.org -
