Archive for the ‘Software Trace Analysis’ Category
Monday, April 11th, 2011
Adjoint Thread invariants like PID can be reused giving rise to curious CDF (ETW) traces where two separate execution entities are glued together in one trace. For example, in one trace we see AppA and AppB sharing the same PID
# Module PID TID Time Message
[…]
242583 ProcMon 5492 9476 11:04:33.398 LoadImageEvent for ImageName: …\AppA.exe PID: 5492
256222 ProcMon 5492 9476 11:04:50.036 ProcessDestroyEvent for PPID: 12168 PID: 5492
274887 ProcMon 5492 10288 11:05:18.235 LoadImageEvent for ImageName: …\AppB.exe PID: 5492
[…]
Other similar examples might include different instances of components sharing the same name, source code or even, in general, periodic tracing sessions appended to the end of the same trace file although we are thinking that the latter should be a separate pattern. We named this pattern Glued Activity by an analogy of different thread strings glued together (in general, manifiolds glued along their boundaries). Another name might be along the line of adjoint thread ID reuse (ATID Reuse).
- Dmitry Vostokov @ DumpAnalysis.org + TraceAnalysis.org -
Posted in CDF Analysis Tips and Tricks, Debugging, Software Trace Analysis, Trace Analysis Patterns | No Comments »
Saturday, March 26th, 2011
The presentation materials from the webinar (25th of March, 2011) are available for download:
http://www.dumpanalysis.com/PDSPSI-materials
Thanks to everyone who registered and attended!
- Dmitry Vostokov @ DumpAnalysis.org + TraceAnalysis.org -
Posted in Announcements, Crash Dump Analysis, Crash Dump Patterns, DebugWare Patterns, Debugging, Debugging Methodology, Escalation Engineering, Mac Crash Corner, Malware Analysis, Malware Patterns, Memory Analysis Forensics and Intelligence, Software Architecture, Software Behavior Patterns, Software Engineering, Software Technical Support, Software Trace Analysis, Software Tracing Implementation Patterns, Software Troubleshooting Patterns, Structural Memory Patterns, Structural Trace Patterns, Tools, Trace Analysis Patterns, Training and Seminars, Troubleshooting Methodology, Unified Debugging Patterns, Webinars, Workaround Patterns | No Comments »
Monday, March 14th, 2011
“… he who has not been in” support “does not know what” debugging “is.”
Attributed to Leo Tolstoy, by Adam Ulam, The Bolsheviks
- Dmitry Vostokov @ DumpAnalysis.org + TraceAnalysis.org -
Posted in Bugtations, Crash Dump Analysis, Debugging, Escalation Engineering, Fun with Crash Dumps, Fun with Debugging, Fun with Software Traces, Software Engineering, Software Technical Support, Software Trace Analysis | No Comments »
Thursday, March 10th, 2011
Because the number of software trace patterns is growing I’m starting another checklist in addition to memory dump analysis checklist. The goal is to help experienced engineers not to miss any important information. The checklist doesn’t prescribe any specific steps, just lists all possible points to double check when looking at a software trace. Of course, it is not complete at the moment and any suggestions are welcome. This post will be modified on the ongoing basis.
General:
• Check overall trace time delta
• Check no trace metafile message density
• Check whether a trace is a multi-part or a circular
• Check for basic facts and the story (software narrative)
• Check for any exceptions, non-false positive errors and periodic errors
• Check for significant events
• Check for discontinuities in the time domain
• Check for message current and acceleration in the frequency domain
- Dmitry Vostokov @ DumpAnalysis.org + TraceAnalysis.org -
Posted in CDF Analysis Tips and Tricks, Debugging, Debugging Methodology, Escalation Engineering, Software Technical Support, Software Trace Analysis, Software Trace Reading, Trace Analysis Patterns, Troubleshooting Methodology | No Comments »
Monday, March 7th, 2011

The first Webinar to start an in-depth discussion of pattern-driven software troubleshooting, debugging and maintenance:
Date: 25th of March 2011
Time: 18:30 (GMT) 14:30 (EST) 11:30 (PST)
Duration: 60 minutes
Space is limited.
Reserve your Webinar seat now at:
https://www3.gotomeeting.com/register/448268158
Topics include:
- A Short History of DumpAnalysis.org
- Memory Dump Analysis Patterns
- Troubleshooting and Debugging Tools (Debugware) Patterns
- Software Trace Analysis Patterns
- From Software Defects to Software Behavior
- Workaround Patterns
- Structural Memory Patterns
- Memory Analysis Domain Pattern Hierarchy
- New Directions
Prerequisites: experience in software troubleshooting and/or debugging.
- Dmitry Vostokov @ DumpAnalysis.org + TraceAnalysis.org -
Posted in .NET Debugging, Analysis Notation, Announcements, AntiPatterns, Best Practices, CDA Pattern Classification, Crash Dump Analysis, Crash Dump Patterns, DebugWare Patterns, Debugging, Debugging Methodology, Debugging Trends, Escalation Engineering, Java Debugging, Linux Crash Corner, Mac Crash Corner, Malware Analysis, Malware Patterns, Memory Analysis Forensics and Intelligence, Memory Dump Analysis Services, Pattern Models, Pattern Prediction, Presentations, Software Behavior Patterns, Software Chorology, Software Engineering, Software Narratology, Software Technical Support, Software Trace Analysis, Software Trace Reading, Software Tracing Implementation Patterns, Software Troubleshooting Patterns, Structural Memory Patterns, Structural Trace Patterns, Systems Thinking, Testing, Trace Analysis Patterns, Training and Seminars, Troubleshooting Methodology, Unified Debugging Patterns, Webinars, Workaround Patterns | No Comments »
Sunday, February 20th, 2011
Sometimes, we look at a trace and say it’s Impossible Trace. For example, this fragment shows that the function foo had been called:
# Module PID TID Message
[...]
1001 ModuleA 202 404 foo: start
1002 ModuleA 202 404 foo: end
[...]
However, if we look at the corresponding source code (PLOT) we would see that something is missing: the function bar must have been called with its own set of trace messages we don’t see in the trace:
void foo()
{
TRACE("foo: start");
bar();
TRACE("foo: end");
}
void bar()
{
TRACE("bar: start");
// some code ...
TRACE("bar: end");
}
We suspect the runtime code being modified, perhaps by patching. In other cases of missing messages we can also suspect thrown exceptions or local buffer overflows that led to wrong return address skipping the code with expected tracing statements. The mismatch between the trace and the source code we are looking at is also possible if the old source code didn’t have bar function called.
Note: I’m grateful for this pattern idea to Gary Barton.
- Dmitry Vostokov @ DumpAnalysis.org + TraceAnalysis.org -
Posted in Code Reading, Debugging, Software Trace Analysis, Software Trace Reading, Trace Analysis Patterns | No Comments »
Thursday, February 17th, 2011
This is the ultimate multi- and cross-platform debugging reference project dubbed internally as “Memory Dump of Debugging”. Useful for years to come, this encyclopedia would cover all aspects of debugging with articles from leading experts from both industry and academia. Preliminary product information:
- Title: Encyclopedia of Debugging
- Editor: Dmitry Vostokov
- Hardcover: 1200 pages
- Publisher: OpenTask (March 2014)
- ISBN-13: 978-1-908043-12-2
The title is a successor to both Encyclopedia of Crash Dump Analysis Patterns (ISBN: 978-1906717216) and Dictionary of Debugging (ISBN: 978-1906717353) the publisher plans to release in the mean time.
- Dmitry Vostokov @ DumpAnalysis.org + TraceAnalysis.org -
Posted in Announcements, Computer Science, Crash Dump Analysis, Debugging, Dictionary of Debugging, Encyclopedia of Debugging, Publishing, Software Engineering, Software Trace Analysis | No Comments »
Tuesday, February 8th, 2011
This pattern has a funny name Gossip. I thought originally to call it Duplicated Message but gave it the new name allowing for the possibility of semantics of the same message to be distorted in subsequent trace messages from different adjoint threads. Typical ETW / CDF trace example (distortion free) of the same message content seen in different modules (some columns like Date and Time are omitted):
# Module PID TID Message[...]26875 ModuleA
2172 5284 LoadImageEvent: ImageName(\Device\HarddiskVolume2\Windows\System32\notepad.exe) ProcessId(0x000000000000087C)26876 ModuleB
2172 5284 LoadImageEvent: ImageName(\Device\HarddiskVolume2\Windows\System32\notepad.exe), ProcessId(2172)26877 ModuleC
2172 5284 ImageLoad: fileName=notepad.exe, pid: 000000000000087C[...]
In such cases, when constructing event sequence order it is recommended to choose messages from the one source instead of mixing events from different sources, for example:
# Module PID TID Message[...]26875 ModuleA
2172 5284 LoadImageEvent: ImageName(\Device\HarddiskVolume2\Windows\System32\notepad.exe) ProcessId(0×000000000000087C)[…]33132 ModuleA
4180 2130 LoadImageEvent: ImageName(\Device\HarddiskVolume2\Windows\System32\calc.exe) ProcessId(0×0000000000001054)[…]
- Dmitry Vostokov @ DumpAnalysis.org + TraceAnalysis.org -
Posted in CDF Analysis Tips and Tricks, Debugging, Software Trace Analysis, Software Trace Reading, Trace Analysis Patterns | No Comments »
Sunday, January 30th, 2011
When reading and analyzing software traces we always compare them to Master Trace. Another name for this pattern borrowed from narrative theory is Archetype. When looking at the software trace from a system we either know the correct sequence of Activity Regions, expect certain Background and Foreground Components, Event Sequence Order or mentally construct a model based on our experience and Implementation Discourse. For the latter example software engineers internalize software master narratives when they construct code and write tracing code for supportability. For the former example it is important to have a repository of traces corresponding to master traces. This helps in finding deviations after Bifurcation Point. Consider such comparisons similar to regression testing when we check the computation output against the expected prerecorded sequence.
- Dmitry Vostokov @ DumpAnalysis.org + TraceAnalysis.org -
Posted in CDF Analysis Tips and Tricks, Debugging, Software Narratology, Software Trace Analysis, Software Trace Reading, Testing, Trace Analysis Patterns | 2 Comments »
Tuesday, January 25th, 2011
This is the 3rd revision of memory map visualization tools list where I include IDA Pro and a visualizer from Debug Analyzer.NET (every category is presented in chronological order of my encounter with links):
1. Synthetic
2. Natural
a. Static
b. Semi-dynamic
c. Dynamic
Please let me know any other approaches or links you know.
- Dmitry Vostokov @ DumpAnalysis.org + TraceAnalysis.org -
Posted in .NET Debugging, Crash Dump Analysis, Debugging, Debugging Trends, IDA for WinDbg Users, Memory Visualization, Software Trace Analysis, Tools | 1 Comment »
Saturday, January 22nd, 2011
Pre-analysis - Avoiding crash dump analysis anti-patterns like wrong dump or zippocricy. Sometimes it goes with wild explanation no one asked for. Checking whether a software trace is empty before sending it.
Examples: He is always doing !locks pre-analysis before sending any dump.
- Dmitry Vostokov @ DumpAnalysis.org + TraceAnalysis.org -
Posted in AntiPatterns, Crash Dump Analysis, Crash Dump De-analysis, Debugging, Debugging Slang, Fun with Crash Dumps, Fun with Debugging, Fun with Software Traces, Software Trace Analysis | No Comments »
Saturday, January 22nd, 2011
Software trace analysis is difficult and it is very common to hear “couldn’t see anything …”. One of advantages of software trace analysis patterns is that we can use that pattern language to write analysis reports. Here I provide an example for an analysis of a CDF trace from Citrix XenApp server. Instead of replying “didn’t find anything suspicious …” an engineer identified the following patterns:
Seeing the list of patterns it was much easier to ask questions to aid in further troubleshooting.
- Dmitry Vostokov @ DumpAnalysis.org + TraceAnalysis.org -
Posted in CDF Analysis Tips and Tricks, Software Behavior Patterns, Software Trace Analysis, Software Trace Reading, Structural Trace Patterns, Trace Analysis Patterns | No Comments »
Wednesday, January 19th, 2011
A memory dump “analysis is never finished, it is only abandoned”
Paul Valéry
- Dmitry Vostokov @ DumpAnalysis.org + TraceAnalysis.org -
Posted in Bugtations, Crash Dump Analysis, Software Trace Analysis | No Comments »
Saturday, January 15th, 2011
Stack Trace is a general pattern and there can always be found fine-grained patterns in stack traces as well. Here we discuss the general category of such stack trace patterns called Technology-Specific Subtrace (TSST) and give examples related to COM technology.
Consider this trace:
1: kd> k250
ChildEBP RetAddr
8d5d2808 82a7eb15 nt!KiSwapContext+0x26
8d5d2840 82a7d403 nt!KiSwapThread+0x266
8d5d2868 82a772cf nt!KiCommitThreadWait+0x1df
8d5d28e0 82550d75 nt!KeWaitForSingleObject+0x393
8d5d293c 82550e10 win32k!xxxRealSleepThread+0x1d7
8d5d2958 824ff4b0 win32k!xxxSleepThread+0x2d
8d5d29cc 825547e8 win32k!xxxInterSendMsgEx+0xb1c
8d5d2a1c 825546a4 win32k!xxxSendMessageTimeout+0x13b
8d5d2a44 82533843 win32k!xxxSendMessage+0×28
8d5d2b08 824fd865 win32k!xxxCalcValidRects+0xf7
8d5d2b64 82502c98 win32k!xxxEndDeferWindowPosEx+0×100
8d5d2b84 825170c9 win32k!xxxSetWindowPos+0xf6
8d5d2c08 82517701 win32k!xxxActivateThisWindow+0×2b1
8d5d2c38 82517537 win32k!xxxActivateWindow+0×144
8d5d2c4c 824fd9dd win32k!xxxSwpActivate+0×44
8d5d2ca4 82502c98 win32k!xxxEndDeferWindowPosEx+0×278
8d5d2cc4 824fff82 win32k!xxxSetWindowPos+0xf6
8d5d2d10 82a5342a win32k!NtUserSetWindowPos+0×140
8d5d2d10 76ee64f4 nt!KiFastCallEntry+0×12a (TrapFrame @ 8d5d2d34)
01e2cea0 7621358d ntdll!KiFastSystemCallRet
01e2cea4 6a8fa0eb USER32!NtUserSetWindowPos+0xc
01e2cf14 6a894b13 IEFRAME!SHToggleDialogExpando+0×15a
01e2cf28 6a894d5d IEFRAME!EleDlg::ToggleExpando+0×20
01e2d74c 6a895254 IEFRAME!EleDlg::OnInitDlg+0×229
01e2d7b8 762186ef IEFRAME!EleDlg::DlgProcEx+0×189
01e2d7e4 76209eb2 USER32!InternalCallWinProc+0×23
01e2d860 7620b98b USER32!UserCallDlgProcCheckWow+0xd6
01e2d8a8 7620bb7b USER32!DefDlgProcWorker+0xa8
01e2d8c4 762186ef USER32!DefDlgProcW+0×22
01e2d8f0 76218876 USER32!InternalCallWinProc+0×23
01e2d968 76217631 USER32!UserCallWinProcCheckWow+0×14b
01e2d9a8 76209b1d USER32!SendMessageWorker+0×4d0
01e2da64 76235500 USER32!InternalCreateDialog+0xb0d
01e2da94 76235553 USER32!InternalDialogBox+0xa7
01e2dab4 76235689 USER32!DialogBoxIndirectParamAorW+0×37
01e2dad8 6a5d4952 USER32!DialogBoxParamW+0×3f
01e2db00 6a5d5024 IEFRAME!Detour_DialogBoxParamW+0×47
01e2db24 6a8956df IEFRAME!SHFusionDialogBoxParam+0×32
01e2db58 6a8957bb IEFRAME!EleDlg::ShowDialog+0×398
01e2e638 6a8959d3 IEFRAME!ShowDialogBox+0xb6
01e2eb9c 6a9013ed IEFRAME!ShowElevationPrompt+0×1dd
01e2f010 7669fc8f IEFRAME!CIEUserBrokerObject::BrokerCoCreateInstance+0×202
01e2f040 76704c53 RPCRT4!Invoke+0×2a
01e2f448 76d9d936 RPCRT4!NdrStubCall2+0×2d6
01e2f490 76d9d9c6 ole32!CStdStubBuffer_Invoke+0xb6
01e2f4d8 76d9df1f ole32!SyncStubInvoke+0×3c
01e2f524 76cb213c ole32!StubInvoke+0xb9
01e2f600 76cb2031 ole32!CCtxComChnl::ContextInvoke+0xfa
01e2f61c 76d9a754 ole32!MTAInvoke+0×1a
01e2f64c 76d9dcbb ole32!AppInvoke+0xab
01e2f72c 76d9a773 ole32!ComInvokeWithLockAndIPID+0×372
01e2f778 7669f34a ole32!ThreadInvoke+0×302
01e2f7b4 7669f4da RPCRT4!DispatchToStubInCNoAvrf+0×4a
01e2f80c 7669f3c6 RPCRT4!RPC_INTERFACE::DispatchToStubWorker+0×16c
01e2f834 766a0cef RPCRT4!RPC_INTERFACE::DispatchToStub+0×8b
01e2f86c 7669f882 RPCRT4!RPC_INTERFACE::DispatchToStubWithObject+0xb2
01e2f8b8 7669f7a4 RPCRT4!LRPC_SCALL::DispatchRequest+0×23b
01e2f8d8 7669f763 RPCRT4!LRPC_SCALL::QueueOrDispatchCall+0xbd
01e2f8f4 7669f5ff RPCRT4!LRPC_SCALL::HandleRequest+0×34f
01e2f928 7669f573 RPCRT4!LRPC_SASSOCIATION::HandleRequest+0×144
01e2f960 7669ee4f RPCRT4!LRPC_ADDRESS::HandleRequest+0xbd
01e2f9dc 7669ece7 RPCRT4!LRPC_ADDRESS::ProcessIO+0×50a
01e2f9e8 766a1357 RPCRT4!LrpcServerIoHandler+0×16
01e2f9f8 76ecd3a3 RPCRT4!LrpcIoComplete+0×16
01e2fa20 76ed0748 ntdll!TppAlpcpExecuteCallback+0×1c5
01e2fb88 76e11174 ntdll!TppWorkerThread+0×5a4
01e2fb94 76efb3f5 kernel32!BaseThreadInitThunk+0xe
01e2fbd4 76efb3c8 ntdll!__RtlUserThreadStart+0×70
01e2fbec 00000000 ntdll!_RtlUserThreadStart+0×1b
In the middle of the stack trace we see COM interface invocation in IEFRAME module. The similar stack trace fragment can be found in the following stack trace where COM IRemUnknown interface implementation resides in .NET CLR mscorwks module:
0:000> kL
ChildEBP RetAddr
0018a924 68b5f8f0 mscorwks!SafeReleaseHelper+0x77
0018a958 68b04a99 mscorwks!SafeRelease+0x2f
0018a98c 68b04860 mscorwks!IUnkEntry::Free+0x68
0018a9a0 68b049b5 mscorwks!RCW::ReleaseAllInterfaces+0x18
0018a9d0 68b049e1 mscorwks!RCW::ReleaseAllInterfacesCallBack+0xbd
0018aa00 68c0a108 mscorwks!RCW::Cleanup+0x22
0018aa0c 68c0a570 mscorwks!RCWCleanupList::ReleaseRCWListRaw+0x16
0018aa3c 68bd4b3d mscorwks!RCWCleanupList::ReleaseRCWListInCorrectCtx+0xdf
0018aa4c 75dd8c2e mscorwks!CtxEntry::EnterContextCallback+0×89
0018aa68 763c586c ole32!CRemoteUnknown::DoCallback+0×7a
0018aa84 764405f1 rpcrt4!Invoke+0×2a
0018ae88 75efd936 rpcrt4!NdrStubCall2+0×2ea
0018aed0 75efd9c6 ole32!CStdStubBuffer_Invoke+0xb6
0018af18 75efdf1f ole32!SyncStubInvoke+0×3c
0018af64 75e1223c ole32!StubInvoke+0xb9
0018b040 75e12131 ole32!CCtxComChnl::ContextInvoke+0xfa
0018b05c 75e130fa ole32!MTAInvoke+0×1a
0018b088 75efde47 ole32!STAInvoke+0×46
0018b0bc 75efdcbb ole32!AppInvoke+0xab
0018b19c 75efe34c ole32!ComInvokeWithLockAndIPID+0×372
0018b1c4 75e12ed2 ole32!ComInvoke+0xc5
0018b1d8 75e12e91 ole32!ThreadDispatch+0×23
0018b21c 75a06238 ole32!ThreadWndProc+0×161
0018b248 75a068ea user32!InternalCallWinProc+0×23
0018b2c0 75a07d31 user32!UserCallWinProcCheckWow+0×109
0018b320 75a07dfa user32!DispatchMessageWorker+0×3bc
0018b330 75ddd6be user32!DispatchMessageW+0xf
0018b360 75ddd66d ole32!CCliModalLoop::PeekRPCAndDDEMessage+0×4c
0018b390 75ddd57e ole32!CCliModalLoop::FindMessage+0×30
0018b3f0 75ddd633 ole32!CCliModalLoop::HandleWakeForMsg+0×41
0018b408 75dd1117 ole32!CCliModalLoop::BlockFn+0xc3
0018b488 68a6c905 ole32!CoWaitForMultipleHandles+0xcd
0018b4a8 68a6c866 mscorwks!NT5WaitRoutine+0×51
0018b514 68a6c7ca mscorwks!MsgWaitHelper+0xa5
0018b534 68b5fbe4 mscorwks!Thread::DoAppropriateAptStateWait+0×28
0018b5b8 68b5fc79 mscorwks!Thread::DoAppropriateWaitWorker+0×13c
0018b608 68b5fdf9 mscorwks!Thread::DoAppropriateWait+0×40
0018b664 68a1c5b6 mscorwks!CLREvent::WaitEx+0xf7
0018b678 68b1adb4 mscorwks!CLREvent::Wait+0×17
0018b6c8 68b1ab2a mscorwks!WKS::GCHeap::FinalizerThreadWait+0xfb
0018b764 08fa12c1 mscorwks!GCInterface::RunFinalizers+0×99
[…]
A TSST usually spans several modules. In any stack trace we can also find several TSST that may be overlapping. For example, in the first stack trace above we can discern fragments of COM, RPC, LPC, GUI Dialog, Window Management, and Window Messaging subtraces. In the second trace we can also see GC, Modal Loop, COM Wrapper, and Interface Management stack frames.
The closest software trace analysis pattern here is Implementation Discourse.
- Dmitry Vostokov @ DumpAnalysis.org + TraceAnalysis.org -
Posted in .NET Debugging, COM Debugging, Crash Dump Analysis, Crash Dump Patterns, Debugging, Software Trace Analysis, Software Trace Reading, Trace Analysis Patterns | 1 Comment »
Friday, January 14th, 2011
The Year of Dump Analysis, 0×7DA, was another remarkable year for DumpAnalysis.org. Here is the list of major achievements to report:
- Proposed software narratological framework
- Extended the concept of multithreading with adjoint threading
- After recognizing victimware as a counterpart to crimeware established Victimware.org (currently points to Memory Dump, Software Trace, Debugging and Malware Analysis Portal)
- Established the Dublin School of Security
- Proposed using category theory for memory dump analysis as an alternative to set-theoretical frameworks
- Secured the first Memory Dump Analysis Audit Service and its subsidiary Tool Objects: Unified Troubleshooting and Debugging to become portal sponsors
- Completely redesigned Debugging Experts Magazine Online
- Contributed to two issues of Debugged! MZ/PE magazine: Multithreading and Tools for Software Problem Solving
- Published the 4th volume of Memory Dump Analysis Anthology with color supplement
- Prepared material for the 5th volume of Memory Dump Analysis Anthology (to be published in January, 2011)
- Organized the first Debugging Jokes Competition and the first Tell Your Windows Debugging Story Competition
- Established the Metaphysical Society of Ireland to promote memory dump worldview
- Helped to deliver Fundamentals of Complete Crash and Hang Memory Dump Analysis webinar
- Established the Museum of Debugging and Memory Dumps (the 1st exhibition opens in 2011)
- Introduced Unified Debugging patterns, Workaround patterns and Structural Memory Analysis patterns
- Proposed and organized the first Memory Analysts and Debuggers Day (to be celebrated annually)
- Continued working on CARE research project and published its reference architecture
- Unified memory dump and software trace analysis patterns as software behavior patterns
- Memory Dump Analysis Anthology got international recognition when Korean translation of 1st volume was published
… and much more including many new memory dump and software trace analysis patterns, pattern icons, pattern models, and pattern-driven analysis case studies.
- Dmitry Vostokov @ DumpAnalysis.org + TraceAnalysis.org -
Posted in Announcements, Crash Dump Analysis, Debugging, History, Software Trace Analysis | No Comments »
Sunday, January 9th, 2011
According to Google Analytics the number of visits / year increased by 0.7% since 2009 with almost 156,000 unique visitors (1% increase) from 184 countries (183 in 2009) and more than 33% of them are coming back. 1,322 visits were via 12 mobile operating systems (512% increase). Here are the top 100 network locations out of 28,612 (1% increase):
|
Service Provider
|
Visits
|
|
microsoft corp
|
6298
|
|
comcast cable communications inc.
|
4144
|
|
road runner holdco llc
|
3579
|
|
internet service provider
|
3106
|
|
verizon internet services inc.
|
2589
|
|
comite gestor da internet no brasil
|
2418
|
|
hewlett-packard company
|
2324
|
|
japan network information center
|
2199
|
|
deutsche telekom ag
|
2145
|
|
reliance communications ltd
|
1985
|
|
network of citrix systems inc
|
1698
|
|
eircom
|
1602
|
|
chunghwa telecom data communication business group
|
1560
|
|
nib (national internet backbone)
|
1458
|
|
charter communications
|
1325
|
|
symantec corporation
|
1261
|
|
proxad / free sas
|
1252
|
|
samtel
|
1121
|
|
uunet non-portable customer assignment
|
1087
|
|
at&t internet services
|
1084
|
|
intel corporation
|
1083
|
|
cox communications
|
1067
|
|
abts (karnataka)
|
1060
|
|
qwest communications company llc
|
957
|
|
comcast cable communications holdings inc
|
940
|
|
korea telecom
|
900
|
|
chtd chunghwa telecom co. ltd.
|
859
|
|
comcast business communications inc.
|
829
|
|
chinanet guangdong province network
|
817
|
|
ip pools
|
802
|
|
xo communications
|
802
|
|
china unicom beijing province network
|
799
|
|
microsoft
|
771
|
|
data general corporation
|
765
|
|
shaw communications inc.
|
761
|
|
comcast cable communications
|
746
|
|
tw telecom holdings inc.
|
697
|
|
unknown
|
684
|
|
citrix systems inc.
|
681
|
|
telefonica de espana sau
|
674
|
|
psinet inc.
|
661
|
|
telstra internet
|
647
|
|
chinanet shanghai province network
|
637
|
|
arcor ag
|
622
|
|
krnic
|
621
|
|
cox communications inc.
|
595
|
|
bellsouth.net inc.
|
576
|
|
optimum online (cablevision systems)
|
559
|
|
starhub cable vision ltd
|
539
|
|
ntt communications corporation
|
521
|
|
dell computer corporation
|
519
|
|
computer associates international
|
497
|
|
comcast cable communications ip services
|
481
|
|
cisco systems inc.
|
463
|
|
research in motion limited
|
459
|
|
sympatico hse
|
456
|
|
abts delhi
|
425
|
|
eset s.r.o.
|
425
|
|
telus communications inc.
|
416
|
|
comstar-direct cjsc
|
413
|
|
customers ie
|
411
|
|
emc corporation
|
408
|
|
abts tamilnadu
|
398
|
|
iinet limited
|
381
|
|
lg dacom corporation
|
376
|
|
rcs & rds s.a.
|
376
|
|
opal telecom dsl
|
372
|
|
network of ign arch. and design gb
|
367
|
|
kaspersky lab internet
|
362
|
|
easynet ltd
|
356
|
|
honeywell international inc.
|
347
|
|
dynamic ip pool for broadband customers
|
343
|
|
dynamic pools
|
336
|
|
siemens ag
|
335
|
|
global crossing
|
333
|
|
provider local registry
|
332
|
|
tpg internet pty ltd.
|
328
|
|
ojsc north-west telecom
|
326
|
|
telia network services
|
326
|
|
ipg
|
312
|
|
information management group
|
310
|
|
chinanet jiangsu province network
|
307
|
|
bharti infotel ltd.
|
305
|
|
wipro technologies
|
302
|
|
t-com croatia internet network
|
291
|
|
pt telkom indonesia
|
289
|
|
telecom italia s.p.a. tin easy lite
|
288
|
|
neostrada plus
|
285
|
|
singnet pte ltd
|
285
|
|
multiprotocol service provider to other isp s and end users
|
282
|
|
ibm india private limited
|
278
|
|
microsoft corporation
|
266
|
|
ekk catv plovdiv
|
262
|
|
alice dsl
|
260
|
|
level 3 communications inc.
|
257
|
|
telekom malaysia berhad
|
257
|
|
ukrtelecom ip network
|
254
|
|
comcast cable communications inc
|
251
|
|
appense
|
250
|
|
uecomm
|
250
|
Almost 71,000 Google search keywords pointed to the portal and this blog with 100 most frequent (some are in Russian):
|
Keyword
|
Visits
|
|
crash dump
|
2776
|
|
crash dump analysis
|
2463
|
|
kifastsystemcallret
|
2451
|
|
adplus
|
916
|
|
ntdll!kifastsystemcallret
|
905
|
|
dump analysis
|
865
|
|
win32 error 0n2
|
693
|
|
dumpanalysis.org
|
595
|
|
memory dump analysis
|
530
|
|
windows 7 crash dump
|
516
|
|
windbg commands
|
513
|
|
bugcheck system_service_exception
|
487
|
|
дамп памяти
|
473
|
|
crash dump windows 7
|
451
|
|
windbg
|
437
|
|
fnodobfm
|
431
|
|
bugcheck 3b
|
406
|
|
crashdump
|
404
|
|
crash dumps
|
385
|
|
minidump analysis
|
383
|
|
windbg crash dump analysis
|
382
|
|
crash dump analyzer
|
381
|
|
windbg cheat sheet
|
343
|
|
adplus download
|
330
|
|
анализ дампа памяти
|
325
|
|
dmitry vostokov
|
311
|
|
dump analyzer
|
311
|
|
windbg analyze
|
308
|
|
warning: frame ip not in any known module. following frames may be wrong.
|
290
|
|
the stored exception information can be accessed via .ecxr.
|
278
|
|
core dump analysis
|
268
|
|
symbol file could not be found
|
267
|
|
frame ip not in any known module
|
263
|
|
bugcheck kmode_exception_not_handled
|
256
|
|
dumpanalysis
|
250
|
|
the stored exception information can be accessed via .ecxr
|
242
|
|
memory dump analysis anthology
|
238
|
|
ntkrnlmp.exe crash dump
|
233
|
|
system_thread_exception_not_handled
|
225
|
|
kiuserexceptiondispatcher
|
222
|
|
getcontextstate failed, 0×80070026
|
210
|
|
0eedfade
|
207
|
|
kisystemservicecopyend
|
204
|
|
windbg crash dump
|
203
|
|
kernel_mode_exception_not_handled
|
202
|
|
rtlplowfragheapfree
|
202
|
|
windows crash dump analysis
|
202
|
|
crash dump analysis tool
|
196
|
|
exception_double_fault
|
195
|
|
trap frame
|
189
|
|
ntdll kifastsystemcallret
|
183
|
|
nt!kebugcheckex
|
178
|
|
tppworkerthread
|
178
|
|
vista kmode_exception_not_handled
|
177
|
|
dump artefact trace artefact
|
170
|
|
dump file analyzer
|
168
|
|
adplus tutorial
|
165
|
|
pool corruption
|
160
|
|
rtldispatchexception wine
|
155
|
|
termdd!icacallnextdriver
|
155
|
|
application_fault_status_breakpoint
|
153
|
|
ntdll.dll!kifastsystemcallret
|
153
|
|
basethreadinitthunk
|
152
|
|
bugcheck 7e
|
151
|
|
analyze crash dump
|
150
|
|
windbg script
|
149
|
|
memory dump analysis tool
|
146
|
|
warning: stack unwind information not available. following frames may be wrong.
|
146
|
|
error: symbol file could not be found
|
145
|
|
free special np
|
145
|
|
rtluserthreadstart
|
141
|
|
download adplus
|
140
|
|
мещанина никифора никитина
|
140
|
|
failure_bucket_id
|
131
|
|
application_hang_blockedon_fileio
|
129
|
|
how to use windbg for crash dump analysis
|
123
|
|
windows dump analyzer
|
123
|
|
getcontextstate failed, 0xd0000147
|
122
|
|
stack_text
|
121
|
|
minidump analyzer
|
120
|
|
time travel debugging
|
120
|
|
windbg dump analysis
|
120
|
|
__dyn_tls_init_callback
|
118
|
|
localdumps
|
118
|
|
system_service_exception 3b
|
118
|
|
windbg scripts
|
118
|
|
getcontextstate failed
|
114
|
|
unable to load image win32 error 0n2
|
114
|
|
windbg hang
|
114
|
|
windows crash dump
|
114
|
|
crash dump vista
|
112
|
|
debug_flr_image_timestamp
|
110
|
|
ntdll.kifastsystemcallret
|
107
|
|
system_service_exception
|
107
|
|
system_thread_exception_not_handled (7e)
|
107
|
|
анализ дампов памяти
|
107
|
|
bugcheck c2
|
106
|
|
kifastcallentry
|
106
|
|
ldrpsnapthunk
|
106
|
|
nmi_hardware_failure
|
104
|
Special thanks to more than 1,100 web sites that mention the portal and this blog with the first top 100:
|
Source
|
Visits
|
|
google.com
|
3955
|
|
windbg.org
|
2190
|
|
windbg.dumpanalysis.org
|
2178
|
|
google.co.in
|
1366
|
|
twitter.com
|
1295
|
|
blog.codeimproved.net
|
1158
|
|
stackoverflow.com
|
1075
|
|
facebook.com
|
780
|
|
winvistaclub.com
|
751
|
|
blogs.msdn.com
|
741
|
|
dumpanalysis.com
|
680
|
|
reddit.com
|
618
|
|
dumpanalysis.org
|
586
|
|
images.google.com
|
522
|
|
google.co.uk
|
456
|
|
bytetalk.net
|
398
|
|
google.de
|
359
|
|
itdatabase.com
|
351
|
|
advancedwindowsdebugging.com
|
291
|
|
en.wikipedia.org
|
283
|
|
google.ca
|
280
|
|
analyze-v.com
|
254
|
|
advanceddotnetdebugging.com
|
246
|
|
google.com.au
|
220
|
|
serverfault.com
|
201
|
|
community.citrix.com
|
199
|
|
google.ru
|
180
|
|
nynaeve.net
|
170
|
|
jasonhaley.com
|
167
|
|
blog.miniasp.com
|
166
|
|
google.fr
|
166
|
|
google.es
|
165
|
|
google.com.br
|
158
|
|
google.co.kr
|
152
|
|
reconstructer.org
|
151
|
|
blogs.microsoft.co.il
|
148
|
|
blog.naver.com
|
143
|
|
forum.sysinternals.com
|
141
|
|
google.com.ua
|
133
|
|
netfxharmonics.com
|
133
|
|
google.it
|
126
|
|
google.nl
|
126
|
|
debuggingexperts.com
|
124
|
|
blog.not-a-kernel-guy.com
|
119
|
|
images.google.co.in
|
107
|
|
citrixblogger.org
|
104
|
|
opentask.com
|
103
|
|
google.pl
|
102
|
|
images.google.co.uk
|
98
|
|
delicious.com
|
97
|
|
support.citrix.com
|
88
|
|
isisaka.com
|
85
|
|
linkedin.com
|
83
|
|
google.com.ar
|
81
|
|
google.com.tr
|
81
|
|
j00ru.vexillium.org
|
81
|
|
google.com.tw
|
79
|
|
pchelpforum.com
|
78
|
|
social.technet.microsoft.com
|
78
|
|
debuggingexperts.dumpanalysis.org
|
77
|
|
google.se
|
77
|
|
codemachine.com
|
73
|
|
google.com.ph
|
73
|
|
rfvicente.spaces.live.com
|
70
|
|
advdbg.org
|
68
|
|
google.co.il
|
68
|
|
google.co.za
|
68
|
|
techsupportforum.com
|
68
|
|
otvety.google.ru
|
67
|
|
google.com.sg
|
66
|
|
jinaida.egloos.com
|
65
|
|
google.ie
|
64
|
|
google.be
|
63
|
|
voneinem-windbg.blogspot.com
|
62
|
|
images.google.de
|
60
|
|
saygoodnight.com
|
59
|
|
caloni.com.br
|
57
|
|
google.at
|
57
|
|
google.ro
|
56
|
|
msuiche.net
|
56
|
|
driverentry.com.br
|
55
|
|
google.ch
|
55
|
|
google.com.pk
|
54
|
|
mitbbs.com
|
54
|
|
google.com.my
|
53
|
|
serious-code.net
|
53
|
|
bugswar.blogspot.com
|
51
|
|
google.com.mx
|
51
|
|
iconfactory.com
|
51
|
|
advdbg.com
|
49
|
|
managementbits.com
|
49
|
|
rsdn.ru
|
48
|
|
techradar.com
|
48
|
|
blog.48bits.com
|
47
|
|
cs.rochester.edu
|
47
|
|
dogpile.com
|
47
|
|
images.google.ca
|
47
|
|
evilcodecave.wordpress.com
|
46
|
|
google.pt
|
46
|
Top 25 visiting countries:
|
Country/Territory
|
Visits
|
|
United States
|
69610
|
|
India
|
19007
|
|
United Kingdom
|
16399
|
|
Russia
|
12497
|
|
Germany
|
10027
|
|
China
|
7942
|
|
Canada
|
7277
|
|
Japan
|
5393
|
|
France
|
5260
|
|
South Korea
|
4551
|
|
Australia
|
4305
|
|
Taiwan
|
3882
|
|
Ireland
|
3361
|
|
Netherlands
|
3152
|
|
Spain
|
3045
|
|
Ukraine
|
2981
|
|
Italy
|
2774
|
|
Israel
|
2720
|
|
Brazil
|
2592
|
|
Poland
|
2519
|
|
Sweden
|
2495
|
|
Singapore
|
2367
|
|
Romania
|
1990
|
|
Czech Republic
|
1784
|
|
Belgium
|
1481
|
More than 9,000 portal and blog pages were viewed a total of almost 387,000 times with top 100 content pages:
|
Page
|
Pageviews
|
|
/
|
45061
|
|
/blog/
|
35363
|
|
/blog/index.php/2008/01/10/what-is-kifastsystemcallret/
|
6673
|
|
/blog/index.php/2007/06/20/crash-dump-analysis-checklist/
|
6212
|
|
/blog/index.php/category/windbg-tips-and-tricks/
|
6151
|
|
/ru/blog/
|
4929
|
|
/blog/index.php/2008/09/12/adplus-in-21-seconds-and-13-steps/
|
3554
|
|
/Tools
|
3442
|
|
/blog/index.php/2007/07/20/crash-dump-analysis-patterns-part-17/
|
3311
|
|
/blog/index.php/category/windows-7/
|
3267
|
|
/Crash+Dump+Analysis+for+System+Administrators
|
2904
|
|
/blog/index.php/category/minidump-analysis/
|
2612
|
|
/blog/index.php/2007/09/06/minidump-analysis-part-2/
|
2604
|
|
/blog/index.php/2006/10/31/crash-dump-analysis-patterns-part-2/
|
2443
|
|
/blog/index.php/2007/04/03/crash-dump-analysis-patterns-part-11/
|
2366
|
|
/blog/index.php/2006/10/30/crash-dump-analysis-patterns-part-1/
|
2314
|
|
/blog/index.php/category/windbg-scripts/
|
2286
|
|
/blog/index.php/2008/03/12/bug-check-frequencies/
|
2220
|
|
/blog/index.php/2008/03/13/crash-dump-analysis-patterns-part-2b/
|
2113
|
|
/blog/index.php/2008/06/12/crash-dump-analysis-patterns-part-59b/
|
2104
|
|
/WinDbg+reference
|
2076
|
|
/Forthcoming+Windows+Debugging+Notebook
|
2054
|
|
/blog/index.php/2008/04/22/bugchecks-system_service_exception/
|
2048
|
|
/blog/index.php/about/
|
2038
|
|
/blog/index.php/2007/10/11/minidump-analysis-part-4/
|
1868
|
|
/blog/index.php/category/windows-server-2008/
|
1741
|
|
/blog/index.php/2007/09/11/crash-dump-analysis-patterns-part-26/
|
1736
|
|
/blog/index.php/2008/01/24/crash-dump-analysis-patterns-part-43/
|
1661
|
|
/blog/index.php/2007/12/17/crash-dump-analysis-patterns-part-41b/
|
1640
|
|
/blog/index.php/2007/10/17/crash-dump-analysis-patterns-part-31/
|
1631
|
|
/blog/index.php/2007/02/02/crash-dump-analysis-patterns-part-8/
|
1618
|
|
/blog/index.php/2007/05/19/resurrecting-dr-watson-on-vista/
|
1590
|
|
/blog/index.php/2006/12/09/clipboard-issues-explained/
|
1553
|
|
/Memory+Dump+Analysis+Anthology+Volume+1
|
1548
|
|
/blog/index.php/2007/09/17/resolving-symbol-file-could-not-be-found/
|
1524
|
|
/blog/index.php/2007/02/09/crash-dump-analysis-patterns-part-9a/
|
1516
|
|
/blog/index.php/2007/08/06/crash-dump-analysis-patterns-part-20a/
|
1445
|
|
/Memory+Dump+Analysis+Anthology+Volume+3
|
1423
|
|
/blog/index.php/2007/07/15/interrupts-and-exceptions-explained-part-4/
|
1422
|
|
/blog/index.php/crash-dump-analysis-patterns/
|
1368
|
|
/blog/index.php/2008/05/09/windbg-cheat-sheet-for-crash-dump-analysis/
|
1324
|
|
/Debugged+Magazine
|
1307
|
|
/ru/blog/index.php/category/komandy-otladchika-windbg/
|
1302
|
|
/blog/index.php/2007/03/04/windbg-tips-and-tricks-analyzing-hangs-faster/
|
1295
|
|
/blog/index.php/2007/04/25/bugchecks-system_thread_exception_not_handled/
|
1281
|
|
/blog/index.php/2007/08/29/minidump-analysis-part-1/
|
1267
|
|
/blog/index.php/category/windbg-tips-and-tricks/page/6/
|
1251
|
|
/ru/blog/index.php/page/2/
|
1251
|
|
/blog/index.php/2007/03/03/windbg-tips-and-tricks-hypertext-commands/
|
1203
|
|
/blog/index.php/category/gdb-for-windbg-users/
|
1193
|
|
/blog/index.php/basic-windows-crash-dump-analysis/
|
1191
|
|
/blog/index.php/2007/06/21/crash-dump-analysis-patterns-part-16a/
|
1151
|
|
/care
|
1151
|
|
/blog/index.php/category/bugchecks-depicted/
|
1143
|
|
/blog/index.php/2008/04/03/crash-dump-analysis-patterns-part-57/
|
1134
|
|
/museum-debugging
|
1103
|
|
/blog/index.php/category/bugchecks-depicted/page/2/
|
1099
|
|
/blog/index.php/2010/01/08/live-kernel-debugging-of-a-system-freeze-case-study/
|
1096
|
|
/arts-photography-links
|
1062
|
|
/blog/index.php/2007/09/
|
1022
|
|
/blog/index.php/2008/10/15/crash-dump-analysis-patterns-part-1b/
|
953
|
|
/blog/index.php/2007/08/04/visualizing-memory-dumps/
|
940
|
|
/blog/index.php/2007/11/02/crash-dump-analysis-patterns-part-13c/
|
932
|
|
/blog/index.php/category/dump-analysis/
|
921
|
|
/blog/index.php/crash-dump-examples/
|
912
|
|
/blog/index.php/2007/10/01/windows-service-crash-dumps-on-vista/
|
911
|
|
/blog/index.php/2007/02/10/crash-dump-analysis-in-visual-studio-2005/
|
904
|
|
/Forthcoming+Memory+Dump+Analysis+Anthology+Volume+2
|
902
|
|
/blog/index.php/category/windbg-scripts/page/2/
|
880
|
|
/blog/index.php/2006/10/
|
833
|
|
/blog/index.php/2008/06/26/heuristic-stack-trace-in-windbg-693113/
|
820
|
|
/blog/index.php/2008/01/02/how-to-distinguish-between-1st-and-2nd-chances/
|
813
|
|
/blog/index.php/2006/11/01/crash-dump-analysis-patterns-part-3/
|
790
|
|
/MDAA-color-supplement-vol1-3
|
783
|
|
/Forthcoming+Windows+Debugging:+Practical+Foundations
|
779
|
|
/blog/index.php/automated-analysis/
|
774
|
|
/blog/index.php/2007/05/20/custom-postmortem-debuggers-on-vista/
|
773
|
|
/contact
|
772
|
|
/blog/index.php/memory-dump-analysis-interview-questions/
|
763
|
|
/blog/index.php/2007/07/25/reconstructing-stack-trace-manually/
|
762
|
|
/blog/index.php/2007/09/14/crash-dump-analysis-patterns-part-27/
|
761
|
|
/training
|
760
|
|
/blog/index.php/category/net-debugging/
|
752
|
|
/blog/index.php/category/windbg-tips-and-tricks/page/2/
|
732
|
|
/blog/index.php/2007/04/25/bugchecks-kmode_exception_not_handled/
|
731
|
|
/blog/index.php/2007/07/01/gdb-for-windbg-users-part-5/
|
729
|
|
/blog/index.php/2009/04/28/trace-analysis-patterns-part-1/
|
729
|
|
/FCMDA-book
|
721
|
|
/blog/index.php/2007/06/21/repair-clipboard-chain-201/
|
720
|
|
/blog/index.php/category/cartoons/
|
706
|
|
/CDAPF-book
|
690
|
|
/blog/index.php/2008/03/08/time-travel-debugging/
|
690
|
|
/blog/index.php/2006/10/14/dumps-for-dummies-part-2/
|
679
|
|
/blog/index.php/2008/04/28/crash-dump-analysis-patterns-part-6a/
|
672
|
|
/blog/index.php/dumps-for-dummies/
|
672
|
|
/blog/index.php/2007/05/19/inside-vista-error-reporting-part-1/
|
661
|
|
/Links
|
640
|
|
/blog/index.php/2008/03/18/crash-dump-analysis-patterns-part-13e/
|
640
|
|
/blog/index.php/2008/05/28/net-managed-code-analysis-in-complete-memory-dumps/
|
635
|
|
/blog/index.php/foundations-of-debugging-x86/
|
635
|
- Dmitry Vostokov @ DumpAnalysis.org + TraceAnalysis.org -
Posted in Announcements, Crash Dump Analysis, Debugging, DumpAnalysis.org Statistics, History, Software Trace Analysis | No Comments »
Monday, January 3rd, 2011
Resolution rush - The rush of software technical support and maintenance engineers to provide the resolution to a suddenly escalated incident.
Examples: After it crashed 3 times in a row at the customer site our VP was called and we all got the resolution rush.
- Dmitry Vostokov @ DumpAnalysis.org + TraceAnalysis.org -
Posted in Crash Dump Analysis, Debugging, Debugging Slang, Escalation Engineering, Fun with Crash Dumps, Fun with Debugging, Fun with Software Traces, Software Engineering, Software Technical Support, Software Trace Analysis | No Comments »
Sunday, January 2nd, 2011
Working for more than 7 years in technical support environment I found that many support incidents were resolved more easily by abductive reasoning than by induction and deduction practiced by Sherlock Holmes and observed by Dr. Watson. Abduction as a way to build an incident theory to advance in problem resolution was practiced by a USA colleague of Holmes: Philip Marlowe. Because technical support is less detached from customers (”the world”) when compared to software engineering departments I see the way of Marlowe as more natural. Of course, from time to time the way of Holmes is also appropriate. All depends on a support case. I found that abductive reasoning is also appropriate for memory dump and software trace analysis where “leaps of faith” are necessary because of insufficient information. Such leaps of abduction actually happen all the time when analysts give troubleshooting advice based on patterns.
I plan to write more about the 3rd way of reasoning after I finish reading two Raymond Chandler’s novels and a few other inference, causality and explanation books I mention later: The Big Sleep & Farewell, My Lovely (Modern Library)
.


I’m grateful for Clive Gamble for pointing this way out in his book Archaeology: The Basics


- Dmitry Vostokov @ DumpAnalysis.org + TraceAnalysis.org -
Posted in Archaeology of Computer Memory, Books, Crash Dump Analysis, Debugging, Debugging Methodology, Dr. Watson, Escalation Engineering, Logic, New Debugging School, Software Technical Support, Software Trace Analysis, The Way of Philip Marlowe, Troubleshooting Methodology | No Comments »
Saturday, January 1st, 2011
With the new year starts the new initiative to integrate traditional multidisciplinary debugging approaches and methodologies with multiplatform pattern-driven software problem solving, unified debugging patterns, best practices in memory dump analysis and software tracing, computer security, economics, and the new emerging trends I’m going to write about during this year.
- Dmitry Vostokov @ DumpAnalysis.org + TraceAnalysis.org -
Posted in Announcements, Best Practices, Computer Forensics, Computer Science, Countefactual Debugging, Crash Analysis Report Environment (CARE), Crash Dump Analysis, Crash Dump Patterns, DebugWare Patterns, Debugging, Debugging Industry, Debugging Methodology, Debugging Trends, Dublin School of Security, Economics, Education and Research, Escalation Engineering, First Fault Problem Solving, Malware Analysis, Malware Patterns, Mathematics of Debugging, Memiotics (Memory Semiotics), Memoretics, Memory Analysis Forensics and Intelligence, Memory Analysis Report System, Memory Dump Analysis Services, Memory Systems Language, Memory Visualization, New Debugging School, Science of Memory Dump Analysis, Science of Software Tracing, Security, Software Behavior Patterns, Software Defect Construction, Software Engineering, Software Generalist, Software Maintenance Institute, Software Narratology, Software Trace Analysis, Software Trace Visualization, Software Tracing Implementation Patterns, Software Troubleshooting Patterns, Structural Memory Patterns, Structural Trace Patterns, Systems Thinking, Testing, Tool Objects, Tools, Trace Analysis Patterns, Training and Seminars, Troubleshooting Methodology, Unified Debugging Patterns, Victimware, Visual Dump Analysis, Webinars, Workaround Patterns | No Comments »