Archive for the ‘New Acronyms’ Category

Phenomenology of Software Diagnostics: A First Sketch

Thursday, October 11th, 2012

Influenced by stages of Husserlian phenomenological investigation I propose the following stages for the investigation of phenomena as it appears in software execution artifacts such as memory dumps, traces and logs:

1. Bracketing the outside source code as reduction to patterns of phenomena independent from causal software engineering explanations.

2. Constructing the computational world for the given incident (the so called horizon of computation).

3. Comparing with “computed-in” experience of past computational worlds from which all universal patterns of computational structural and behavioral phenomena emerged.

PS. According to the above software diagnostics is a phenomenological science of patterns. Most probably this sketch will be revised soon. In the mean time here’s a funny coincidence. The first step in a phenomenological method is the so called epoché. I provide my own interpretation of this - “exception processing of crash” hypothetical episteme. Similar to EPOCH metaphysical grand conjecture that our World is just one enormous exception processing handler after Big Bang.

- Dmitry Vostokov @ DumpAnalysis.org + TraceAnalysis.org -

FBI (Debugging Slang, Part 35)

Wednesday, June 27th, 2012

FBI - Fighting Bugs Inside.

Examples: I’m doing an FBI work now!

- Dmitry Vostokov @ DumpAnalysis.org + TraceAnalysis.org -

STaMPs (Debugging Slang, Part 33)

Monday, June 25th, 2012

STaMPs - Software Trace and Memory Patterns. Stack Trace and Memory Patterns.

Examples: Got a few visible stamps on this trace. And more stamps on that crash dump.

- Dmitry Vostokov @ DumpAnalysis.org + TraceAnalysis.org -

Forthcoming Introduction to Pattern-Driven Software Diagnostics

Monday, April 9th, 2012

Memory Dump Analysis Services organizes a free Webinar on Unified Software Diagnostics (USD) and the new scalable cost-effective software support model called Pattern-Driven Software Support devised to address various shortcomings in existing tiered software support organizations. Examples cover Windows, Mac OS  and Linux.

 Introduction to Pattern-Driven Software Diagnostics Logo

Date: 22nd of June, 2012
Time: 17:00 (BST) 12:00 (EST) 09:00 (PST)
Duration: 60 minutes

Space is limited.
Reserve your Webinar seat now at:
https://www3.gotomeeting.com/register/172771078

- Dmitry Vostokov @ DumpAnalysis.org + TraceAnalysis.org -

Software Problem Description Language (Part 1)

Friday, November 11th, 2011

One of the new initiatives for 2012 is the development of SPDL (Software Problem Description Language). Its purpose is automatic generation of a software troubleshooting tool(s) based on the description of a problem. Here software problem means a post-construction problem as outlined in Introduction to Pattern-Driven Software Problem Solving. The tool construction will utilize an expanded set of DebugWare and Workaround patterns together with the refind version of RADII software development process. This will also provide necessary effectiveness, efficiency and enhanced problem solving capabilities to existing TaaS (Tools as a Service) implementations that are limited in the number of tools they offer.

- Dmitry Vostokov @ DumpAnalysis.org + TraceAnalysis.org -

Abscess (Debugging Slang, Part 27)

Thursday, August 25th, 2011

Abscess - A Bad Service and Customer Experience Short Story. Can also be an abbreviation for a bad support …

Examples: After combating an abscess a customer decided to take a social media approach. An abscess process.

- Dmitry Vostokov @ DumpAnalysis.org + TraceAnalysis.org -

Tapping (Debugging Slang, Part 23)

Friday, May 27th, 2011

Tapping - The act of collecting software traces for subsequent pattern-driven trace analysis. From TAP (Trace Analysis Pattern).

Examples: We started tapping the service for any anomalies. Software tapping methods and tools.

- Dmitry Vostokov @ DumpAnalysis.org + TraceAnalysis.org -

START: Software Trace Analysis in Real Time

Saturday, May 21st, 2011

Memory Dump Analysis Services is working on the “Start It” button:

http://www.dumpanalysis.com/introducing-project-start

- Dmitry Vostokov @ DumpAnalysis.org + TraceAnalysis.org -

Metadefect Template Library (Part 0)

Sunday, May 1st, 2011

To model software behavior at application and system levels, test generative debugging scenarious and construct software defects using metaprogramming I started working on MdTL (Metadefect Template Library). Its consists of C++ templates for structural and behavioral patterns. The simplest examples include Threads<Spike> and Spike<Thread>. The template classes can be more complex, of course, utilizing the full power of C++, STL, and existing libraries like Boost. The unique and novel feature of this library is the inclusion of dual classes of behaviour such as Leak<>, Deadlock<>, Overflow<>, Residue<>, Exception<>, Contention<>, etc. parameterized by various structural memory classes like Process<>, Thread<>, Heap<>, Stack<>, Region<>, Buffer<>, etc. MdTL also includes classes to model software tracing and this will be used for simultaneous software trace and memory dump analysis case study in the forthcoming presentation. I also plan to extend this metaprogramming approach in the future to model malware analysis patterns by introducing Metamalware Template Library (MmTL).

Forthcoming parts will introduce template classes and examples.

- Dmitry Vostokov @ DumpAnalysis.org + TraceAnalysis.org -

A.C.P. Root Cause Analysis Methodology

Friday, April 22nd, 2011

Very simple methodology summarized in just 3 words applicable to any problem solving domain and its activities including software troubleshooting and debugging:

Artifacts. Checklists. Patterns.

As an example of checklists and patterns please see these 3 presentations related to memory dump and software trace artifacts:

Introduction to Pattern-Driven Software Problem Solving

Fundamentals of Complete Crash and Hang Memory Dump Analysis

Pattern-Driven Memory Dump Analysis 

I’m now working on a detailed presentation of this methodology. 

- Dmitry Vostokov @ DumpAnalysis.org + TraceAnalysis.org -

Memory Dump Analysis Anthology, Volume 5 is available for download

Sunday, April 17th, 2011

I’m pleased to announce that MDAA, Volume 5 is available in PDF format:

www.dumpanalysis.org/Memory+Dump+Analysis+Anthology+Volume+5

It features:

- 25 new crash dump analysis patterns
- 11 new pattern interaction case studies (including software tracing)
- 16 new trace analysis patterns
- 7 structural memory patterns
- 4 modeling case studies for memory dump analysis patterns
- Discussion of 3 common analysis mistakes
- Malware analysis case study
- Computer independent architecture of crash analysis report service
- Expanded coverage of software narratology
- Metaphysical and theological implications of memory dump worldview
- More pictures of memory space and physicalist art
- Classification of memory visualization tools
- Memory visualization case studies
- Close reading of the stories of Sherlock Holmes: Dr. Watson’s observational patterns
- Fully cross-referenced with Volume 1, Volume 2, Volume 3, and Volume 4

Its table of contents is available here:

www.dumpanalysis.org/MDAA/MDA-Anthology-V5-TOC.pdf

Paperback and hardcover versions should be available in a week or two. I also started working on Volume 6 that should be available in November-December.

- Dmitry Vostokov @ DumpAnalysis.org + TraceAnalysis.org -

DBI: Debugging Bureau of Investigations

Thursday, March 24th, 2011

Memory Dump Analysis Services opens Debugging Bureau to complement crash and hang memory dump analysis audit:

http://www.dumpanalysis.com/debugging-bureau

- Dmitry Vostokov @ DumpAnalysis.org + TraceAnalysis.org -

MMXI

Friday, December 31st, 2010

Similar to Google GMMXIe depiction and interpretation I propose another one related to memory centuries that start from 1000 CE (M…):

MMXI

Malware Memory eXception and Injection

or

Monitoring Memory, eXceptions, and Injections

- Dmitry Vostokov @ DumpAnalysis.org + TraceAnalysis.org -

Forthcoming Memory Dump Analysis Anthology, Volume 5

Friday, November 12th, 2010

Five volumes of cross-disciplinary Anthology (dubbed by the author “The Summa Memorianica”) lay the foundation of the scientific discipline of Memoretics (study of computer memory snapshots and their evolution in time) that is also called Memory Dump and Software Trace Analysis.ca

The 5th volume contains revised, edited, cross-referenced, and thematically organized selected DumpAnalysis.org blog posts about crash dump, software trace analysis and debugging written in February 2010 - October 2010 for software engineers developing and maintaining products on Windows platforms, quality assurance engineers testing software on Windows platforms, technical support and escalation engineers dealing with complex software issues, and security researchers, malware analysts and reverse engineers. The fifth volume features:

- 25 new crash dump analysis patterns
- 11 new pattern interaction case studies (including software tracing)
- 16 new trace analysis patterns
- 7 structural memory patterns
- 4 modeling case studies for memory dump analysis patterns
- Discussion of 3 common analysis mistakes
- Malware analysis case study
- Computer independent architecture of crash analysis report service
- Expanded coverage of software narratology
- Metaphysical and theological implications of memory dump worldview
- More pictures of memory space and physicalist art
- Classification of memory visualization tools
- Memory visualization case studies
- Close reading of the stories of Sherlock Holmes: Dr. Watson’s observational patterns
- Fully cross-referenced with Volume 1, Volume 2, Volume 3, and Volume 4

Product information:

  • Title: Memory Dump Analysis Anthology, Volume 5
  • Author: Dmitry Vostokov
  • Language: English
  • Product Dimensions: 22.86 x 15.24
  • Paperback: 400 pages
  • Publisher: Opentask (10 December 2010)
  • ISBN-13: 978-1-906717-96-4
  • Hardcover: 400 pages
  • Publisher: Opentask (10 December 2010)
  • ISBN-13: 978-1-906717-97-1

Back cover features memory space art image Hot Computation: Memory on Fire.

- Dmitry Vostokov @ DumpAnalysis.org + TraceAnalysis.org -

Dublin School of Security

Thursday, October 28th, 2010

Motivated by the existence of London School of Economics (LSE) I just founded DSS. The program to be communicated soon and includes general memory dump and software trace analysis as a foundation for security. I like the name very much because of its additional meaning:

DUmps Binary Logs INternals

- Dmitry Vostokov @ DumpAnalysis.org + TraceAnalysis.org -

Architecture of CARE

Saturday, October 23rd, 2010

Here is the description of a high-level architecture of the previously announced project CARE (Crash Analysis Report Environment). To remind, the main idea of the project is to process memory dumps on a client to save debugger logs. They can be sent to a server for pattern-driven analysis of software behaviour. Textual logs can also be inspected by a client security team before sending. Certain sensitive information can be excluded or modified to have generic meaning according to the built-in processing rules like renaming (for example, server names and folders). Before processing, verified secured logs are converted to abstract debugger logs. Abstracting platform-specific debugger log format allows reuse of the same architecture for different computer platforms. We call it CIA (Computer Independent Architecture). Do not confuse it with ICA (Independent Computer Architecture) and CIA acronym is more appropriate for memory analysis (like similar MAFIA acronym, Memory Analysis Forensics and Intelligence Architecture). These abstract logs are checked for various patterns (in abstracted form) using abstract debugger commands and an abstract report is generated according to various checklists. Abstract reports are then converted to structured reports for the required audience level. Abstract memory analysis pattern descriptions are prepared from platform-specific pattern descriptions. In certain architectural component deployment configurations both client and server parts can reside on the same machine. Here’s the simple diagram depicting the flow of processing:

- Dmitry Vostokov @ DumpAnalysis.org + TraceAnalysis.org -

Malware Analysis Report System (MARS)

Friday, October 22nd, 2010

I detour for MARS expedition. You may also call it Memory Analysis Report System as malware analysis is always exploration of memory (in general). Why is this sudden change of course? After reading Gilles Deleuze I want to broaden the concept of “malware” and give it new orientation and direction of thinking. Beside that I also want new challenges after many years of research in pattern-driven memory dump and software trace analysis of abnormal software behaviour.

You may have also noticed small restructuring (rebranding) of this blog and DumpAnalysis.org headers.

See you there :-)

- Dmitry Vostokov @ DumpAnalysis.org + TraceAnalysis.org -

Adjoint Threading in Process Monitor

Thursday, September 30th, 2010

Another tool that supports adjoint threading in addition to Citrix CDFAnalyzer (see also Debugging Experts magazine article for pictorial description of this concept) is Process Monitor. We can view adjoint threads having common attributes like TID (ordinary threads), PID, operation (function), process name, etc. by using this right click context menu:

For example, this adjoint thread having RegOpenKey as its ATID (Adjoint Thread ID) where we excluded Path, Result and Detail fields for viewing clarity (together these fields can constitute an analogous Message field in TMF traces):

Time of Day      Process Name PID  TID  Operation
[…]
09:33:25.9545410 Explorer.EXE 1292 1032 RegOpenKey
09:33:25.9548650 Explorer.EXE 1292 1032 RegOpenKey
09:33:25.9550234 Explorer.EXE 1292 1032 RegOpenKey
09:33:25.9551656 Explorer.EXE 1292 1032 RegOpenKey
09:33:25.9692456 WFICA32.EXE  3588 3496 RegOpenKey
09:33:25.9761325 wfcrun32.exe 852  1148 RegOpenKey
09:33:25.9761912 wfcrun32.exe 852  1148 RegOpenKey
09:33:25.9762295 wfcrun32.exe 852  1148 RegOpenKey
09:33:25.9984547 wfcrun32.exe 852  1148 RegOpenKey
09:33:26.0023831 wfcrun32.exe 852  1148 RegOpenKey
09:33:26.0074675 wfcrun32.exe 852  1148 RegOpenKey
09:33:26.0087191 Explorer.EXE 1292 1032 RegOpenKey
09:33:26.1618595 iexplore.exe 1348 2228 RegOpenKey
09:33:26.1625697 iexplore.exe 1348 2228 RegOpenKey
09:33:26.1632745 iexplore.exe 1348 2228 RegOpenKey
09:33:26.1633924 iexplore.exe 1348 2228 RegOpenKey
09:33:26.1639209 iexplore.exe 1348 2228 RegOpenKey
[…]

So if someone writes a converter from TMF to PML format…

- Dmitry Vostokov @ DumpAnalysis.org + TraceAnalysis.org -

Bugtation No.125

Tuesday, September 28th, 2010

Who’s your BOSS (Basic Operating Support System)?

I report to Memory……………………………………………………….

Dmitry Vostokov

- Dmitry Vostokov @ DumpAnalysis.org + TraceAnalysis.org -

On The Interpretation of M-Theory

Monday, September 20th, 2010

There many interpretations of the letter M in M-theory but I propose another one: M stands for Memory. In any outcome it surely will be committed to memory in the future either as successful or not. On the other hand I’m now trying to make sense of it in relation to Memory as an ur-foundation (ur-, primordial, German prefix).

- Dmitry Vostokov @ DumpAnalysis.org + TraceAnalysis.org -