Software Diagnostics Library

I’ve made available Search Inside for MDAA V1 book on Amazon:

Amazon Search Inside

It is still not available for purchase there but will be in a few weeks because I use a different POD company for WW distribution and I made my submission too late. In the mean time you can buy it directly from Dump Analysis Store. Google Book Search will also be available soon too.

Note: The book is shown as color book inside but it is B/W in printed form. I apologize for any confusion that might have arisen from this fact. I’m working on a digital version and it will have color pictures inside.

- Dmitry Vostokov @ DumpAnalysis.org -

Often I’m asked about what a particular function that we see on a stack trace does. Over the time I found the following function name and purpose mining techniques and resources useful:

• - We might need to strip or replace prefixes and suffixes like

NtUserGetMessage

GetMessageW

ZwReadFile <-> NtReadFile

• - Search in MSDN, Platform SDK and WDK (formerly DDK) help
• - Various blogs like this excellent summary:

A catalog of NTDLL kernel mode to user mode callbacks

• - Reverse engineering and logical deduction:

 What is KiFastSystemCallRet?

• - Various books like this:

Windows NT/2000 Native API Reference

• - Win32 API emulators like WINE
• - and finally Windows source code if you are a Microsoft source code licensee or a participant in Windows Academic Program.
• - Sometimes Internet search finds the description of the whole stack trace collection from the class of common processes like this one:

Production Debugging for .NET Framework Applications 

- Dmitry Vostokov @ DumpAnalysis.org -

I’m very proud to announce that it is finally available in both paperback and hardback. Why have I made available both editions? Because I personally prefer hardcover books. You can order the book today and it will be printed in 3-5 days (paperback) or 5-10 days (hardcover) and sent to you:

Memory Dump Analysis Anthology, Volume 1

Note: although listed on Amazon and other online bookstores it is not immediately available at these stores at the moment due to the late submission. I apologize for this. However, I expect that in a few weeks pre-orders taken there will be eventually fulfilled. In the mean time, if you want the book now, you can use the link above.

- Dmitry Vostokov @ DumpAnalysis.org -

To avoid controversial pictures I decided to put an image of TestDefaultDebugger crash dump generated by Dump2Picture:

- Dmitry Vostokov @ DumpAnalysis.org -

Some people commented that by placing an image of a complete memory dump on the back cover of a book both violates copyright and intellectual property rights, as the picture is generated from copyrighted material. Instead they suggested to put a picture of a freeware program. Here is my response:

I disagree to the best of my understanding. This picture is just the visualized physical memory for illustration purposes only. What about disassembling a function to illustrate a bug? Or dumping memory, for example, a thread structure? Or printing a screenshot from Performance Monitor or Task Manager to illustrate CPU spike? Or a stack trace from a complete memory dump? Does it violate copyright and intellectual property rights because it is generated from copyrighted material? What about the front cover then, showing book spines of hundreds of copyrighted books? If Microsoft asks me to remove the picture, certainly, I’ll do it and reprint the book. And, surely, a memory dump of a freeware program will definitely contain portions of copyrighted material, like ntdll.dll, kernel32.dll or accidental 3rd-party hooks. Regarding a complete memory dump copyrighted material might have been paged out from physical memory and not included in file contents. Do you admit that printing a CRC number violates property rights because it was generated from copyrighted material? Due to the mathematical nature of involved algorithms it is not possible to reconstruct binary code from the printed cover picture which could have been created artificially as well.

What do you think?

- Dmitry Vostokov @ DumpAnalysis.org -

I’ve posted the final Table of Contents and additional information for the soon-to-be-published book:

Memory Dump Analysis Anthology, Volume 1

Note that the proposed back cover image is the picture of a 1Gb complete physical memory dump generated by Dump2Picture:

- Dmitry Vostokov @ DumpAnalysis.org -

I was very busy this month with the forthcoming Memory Dump Analysis Anthology Volume 1 plus I had a business trip to Redmond and therefore I really didn’t have enough time to contribute well to other my blogs. Nevertheless I finished reading Incompleteness book during my transatlantic flights, started reading two others and here is the small update:

LiterateScientist Blog:

Incompleteness: The Proof and Paradox of Kurt Godel

The Philosophers Toolkit

ManagementBits Blog:

The Science of Career Promotions

Management Bit and Tip 0×200

- Dmitry Vostokov @ DumpAnalysis.org -

Just noticed that this month Addison-Wesley Professional reprints in paperback its out of stock hardcover book originally published in 1999:

Developing Windows NT Device Drivers: A Programmer’s Handbook (paperback)

Highly recommended. Almost all book material is still relevant today even in the light of new WDF model. Please also see my post Moving to kernel space (updated references).

- Dmitry Vostokov @ DumpAnalysis.org -

It may appear that I have announced too many titles but they all fall into the well-defined publishing roadmap (excluding a couple of publishing digressions like Debugware book):

This is a high level illustration of global incremental and iterative parts of IIPP (Iterative and Incremental Publishing Process) that I coined some months earlier. More about local iterative and incremental parts in one of my next posts. 

- Dmitry Vostokov @ DumpAnalysis.org -

This is planned for publication after Windows® Crash Dump Analysis book. Preliminary information is:

• Title: Advanced Windows® Crash Dump Analysis
• Paperback: 512 pages (*)
• ISBN-13: 978-0-9558328-8-8
• Author: Dmitry Vostokov
• Publisher: Opentask (01 Dec 2009)
• Language: English
• Product Dimensions: 22.86 x 15.24

(*) subject to change

- Dmitry Vostokov @ DumpAnalysis.org -

Although the first volume has not been published yet (scheduled for 15th of April, 2008) the planning for the second volume has already begun. Preliminary information is:

• Title: Memory Dump Analysis Anthology, Volume 2
• Paperback: 512 pages (*)
• ISBN-13: 978-0-9558328-7-1
• Author: Dmitry Vostokov
• Publisher: Opentask (01 Oct 2008)
• Language: English
• Product Dimensions: 22.86 x 15.24

Hardcover version is also planned. PDF version will be available for download too.

(*) subject to change

- Dmitry Vostokov @ DumpAnalysis.org -

Why do we need yet another book about device drivers? There are couple of reasons here:

1. Old books are more about developing the narrow range of legacy drivers than troubleshooting and debugging them.

2. New books shift towards WDF and ignore legacy drivers.

3. Windows Internals book is too big and something lightweight is desperately needed.

4. No published driver books use UML as communication device and discuss driver developement as software factory.

5. Existing books mostly view device drivers as hardware device drivers.

I started collecting and organizing information about Windows drivers 2 years ago and published a few selected materials so you can get an approximate flavour of what is expected in the forthcoming book scheduled for the next year:

UML and Device Drivers

• Title:  Windows Device Drivers: An Introduction
• Author: Dmitry Vostokov
• Paperback: 128 pages
• ISBN-13: 978-0-9558328-4-0
• Publisher: Opentask (15 Apr 2009)
• Language: English
• Product Dimensions: 22.86 x 15.24

- Dmitry Vostokov @ DumpAnalysis.org -

This is a forthcoming reference book for technical support and escalation engineers troubleshooting and debugging complex software issues. The book is also invaluable for software maintenance and development engineers debugging unmanaged, managed and native code.

• Title: Windows® Debugging Notebook: Essential Concepts, WinDbg Commands and Tools
• Author: Dmitry Vostokov
• Hardcover: 256 pages
• ISBN-13: 978-0-9558328-5-7
• Publisher: Opentask (1 September 2008)
• Language: English
• Product Dimensions: 22.86 x 15.24

- Dmitry Vostokov @ DumpAnalysis.org -

This is a forthcoming book about .NET debugging seen in a wider context than .NET runtime environment (CLR). There is the whole new generation of .NET software developers, designers and architects thinking in terms of managed code and associated concepts. However CLR runs in unmanaged environment which finally interfaces with native code. Therefore understanding unmanaged and native code is vital for successful debugging of real customer problems. Preliminary information is:

• Title: Unmanaged Code: Escaping the Matrix of .NET
• Author: Dmitry Vostokov
• Paperback: 512 pages (*)
• ISBN-13: 978-0-9558328-6-4
• Publisher: Opentask (1 Feb 2009)
• Language: English
• Product Dimensions: 22.86 x 15.24

(*) subject to change

- Dmitry Vostokov @ DumpAnalysis.org -

Thanks to everyone responded online and privately to proposed draft covers for forthcoming MDAA volumes. As some commented the original one looks good on the shelf so the final decision will be made when I print both variants for comparison. Supporters of the original cover proposed the following modification:

Also there will be surprise on the back cover of the book

PS. I decided to read couple of books about book design and manufacturing to get clearer picture about the whole process.

- Dmitry Vostokov @ DumpAnalysis.org -

I read science fiction from time to time now (I was a big fan of it back to school and university days) but I cannot recall memory dumps mentioned explicitly in such books. I’ve just finished reading Dan Simmons’s The Fall of Hyperion book (the sequel to Hyperion book that I read previously) and I recall in chapter 33 on page 303 a poetic description of a process crash (italics are mine):

“Johnny twists a second in the AI’s massive grip (fault injection?), and then his analog - Keats’s small but beautiful body (GUI?) - is torn, compacted, smashed into an unrecognizable mass (corrupt dump?) which Ummon sets against his megalith flesh (private bytes?), absorbing the analogs’s remains (overwriting discarded pages?) back into the orange-and-red depths of itself (working set?).”  

PS: Hyperion and The Fall of Hyperion is the best science fiction I have ever read and highly recommend:

Hyperion

The Fall of Hyperion

I continue looking for crash dumps in Dan Simmons’s Endymion and Rise of Endymion books which are on my lunch time reading list as soon as I finish Global Conspiracy book I’m reading now.  

- Dmitry Vostokov @ DumpAnalysis.org -

My colleagues and friends have been divided (50-50) over the opinion which draft cover is better (some polishing is required for both of them):

1. Original Draft Cover
2. New Draft Cover

Your comments are much appreciated (you can just respond with the numbers 1 or 2 corresponding to cover links above). You can really influence the cover of the book!

- Dmitry Vostokov @ DumpAnalysis.org -

Previously announced draft cover for Memory Dump Analysis Anthology has got new look and feel:

Books symbolize modular memory structure found in Windows memory dumps (see Dump2Picture paintings) and blue strip separating cover text and books symbolizes familiar blue screen).

- Dmitry Vostokov @ DumpAnalysis.org -

Next monthly summary of my Literate Scientist blog:

• Classical and Nonclassical Logics
• Not Even Wrong and the Trouble With Physics
• The Naked Capitalist and Tragedy & Hope
• Discrete Thoughts
• Fashionable Nonsense
• Deep Down Things and The Great Design
• The Road to Reality

- Dmitry Vostokov @ DumpAnalysis.org -

Next monthly summary of my Management Bits and Tips blog:

• Two Faces of Mess and Management
• New Management Bits Theme
• Process Parasites
• Management Bit and Tip 0×80
• Project Failure Analysis Patterns (Part 3)
• Management Bits
• Management Bit and Tip 0×100
• Bullshit Bibliophilia

- Dmitry Vostokov @ DumpAnalysis.org -