October 6th, 2008
Most of the time Data Alignment manifests itself on Intel platforms from performance perspective and GP faults for some instructions that require natural boundary for their qword operands. There are no exceptions generally if we move a dword value from or to an odd memory location address when the whole operand fits into one page. However we need to take the possibility of page boundary spans into account when checking memory addresses for their validity. Consider this exception:
0: kd> .trap 0xffffffffa38df520
ErrCode = 00000002
eax=b6d9220f ebx=b6ab4ffb ecx=00000304 edx=eaf2fdea esi=b6d9214c edi=b6ab8189
eip=bfa10e6e esp=a38df594 ebp=a38df5ac iopl=0 nv up ei ng nz ac po cy
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00010293
driver+0x2ae6e:
bfa10e6e 895304 mov dword ptr [ebx+4],edx ds:0023:b6ab4fff=????????
The address seems to be valid:
0: kd> !pte b6ab4fff
VA b6ab4fff
PDE at C0300B68 PTE at C02DAAD0
contains 7F0DD863 contains 426B0863
pfn 7f0dd —DA–KWEV pfn 426b0 —DA–KWEV
But careful examination of the instruction reveals that it writes 32 bit value so we need to inspect the next byte too because it is on another page:
0: kd> !pte b6ab4fff+1
VA b6ab5000
PDE at C0300B68 PTE at C02DAAD4
contains 7F0DD863 contains 00000080
pfn 7f0dd —DA–KWEV not valid
DemandZero
Protect: 4 - ReadWrite
Although the page is demand zero and this should have been satisfied by creating a new page filled with zeroes, my point here that the page could have been completely invalid or paged out in the case of IRQL >= 2.
- Dmitry Vostokov @ DumpAnalysis.org -
Posted in Assembly Language, Crash Dump Analysis, Crash Dump Patterns, Debugging | No Comments »
October 6th, 2008
Another variation of the previous bugtation No.40:
“Read” code “at whim!”
Randall Jarrell, A Sad Heart at the Supermarket: Essays & Fables
- Dmitry Vostokov @ DumpAnalysis.org -
Posted in Bugtations, Code Reading, Debugging | No Comments »
October 6th, 2008
Debug “at whim!” Debug “at whim!”
Randall Jarrell, A Sad Heart at the Supermarket: Essays & Fables
- Dmitry Vostokov @ DumpAnalysis.org -
Posted in Bugtations, Debugging | No Comments »
October 6th, 2008
Crash dumps “have another hypnotic effect. Because they are not immediately understood, they, like certain jokes, are suspected of holding in some sort of magic embrace the secret of” troubleshooting, “or at least some of its more” difficult “parts.”
Scott Milross Buchanan, Poetry and Mathematics
- Dmitry Vostokov @ DumpAnalysis.org -
Posted in Bugtations, Crash Dump Analysis, Debugging, Fun with Crash Dumps, Software Technical Support, Testing, Troubleshooting Methodology | No Comments »
October 3rd, 2008
“Everything is memory dump.”
I’m very excited to announce that Volume 2 is available in paperback, hardcover and digital editions:
Memory Dump Analysis Anthology, Volume 2
In one or two weeks paperback edition should also appear on Amazon and other bookstores. Amazon hardcover edition is planned to be available by the end of October.
I’m often asked when Volume 3 is available and I currently plan to release it in October - November, 2009. In the mean time I’m planning to concentrate on other publishing projects.
- Dmitry Vostokov @ DumpAnalysis.org -
Posted in Announcements, Assembly Language, Books, Bugchecks Depicted, CDF Analysis Tips and Tricks, Citrix, Common Mistakes, Crash Dump Analysis, Crash Dump Patterns, Crash Dumps for Dummies, Data Recovery, DebugWare Patterns, Debugging, Fun with Crash Dumps, Kernel Development, Memory Analysis Forensics and Intelligence, Memory Dump Analysis Jobs, Memory Visualization, Minidump Analysis, Music for Debugging, New Words, Philosophy, Publishing, Science of Memory Dump Analysis, Security, Software Architecture, Software Technical Support, Stack Trace Collection, Testing, Tools, Training and Seminars, Troubleshooting Methodology, Virtualization, Vista, WinDbg Scripts, WinDbg Tips and Tricks, WinDbg for GDB Users, Windows Server 2008 | No Comments »
October 2nd, 2008
Out of 61,500,000 Google hits for “Everything is” X I couldn’t find X == memory dump so I presume this quotation is also traced to me 
“Everything is memory dump.”
Dmitry Vostokov
- Dmitry Vostokov @ DumpAnalysis.org -
Posted in Announcements, Bugtations, Crash Dump Analysis, Debugging, Fun with Crash Dumps, Philosophy, Science of Memory Dump Analysis | No Comments »
October 2nd, 2008
Out of 85,800 Google hits for “In the beginning there was the” X I couldn’t find X == crash so I presume this quotation is traced to me
“In the beginning there was the crash.”
Dmitry Vostokov
- Dmitry Vostokov @ DumpAnalysis.org -
Posted in Announcements, Bugtations, Crash Dump Analysis, Debugging, Software Technical Support | No Comments »
October 1st, 2008
The book is nearly finished and here is the final TOC:
Memory Dump Analysis Anthology, Volume 2: Table of Contents
- Dmitry Vostokov @ DumpAnalysis.org -
Posted in Announcements, Assembly Language, Books, Bugchecks Depicted, CDF Analysis Tips and Tricks, Citrix, Common Mistakes, Crash Dump Analysis, Crash Dump Patterns, Crash Dumps for Dummies, Data Recovery, DebugWare Patterns, Debugging, Fun with Crash Dumps, Kernel Development, Memory Dump Analysis Jobs, Memory Visualization, Minidump Analysis, Music for Debugging, Publishing, Science of Memory Dump Analysis, Security, Software Technical Support, Stack Trace Collection, Tools, Troubleshooting Methodology, Virtualization, Vista, WinDbg Scripts, WinDbg Tips and Tricks, WinDbg for GDB Users, Windows Server 2008 | No Comments »
September 30th, 2008
Today Citrix officially joined the club of public symbol server companies! Please refer to the following article for details:
How to Use the Citrix Symbol Server to Obtain Debug Symbols
- Dmitry Vostokov @ DumpAnalysis.org -
Posted in Announcements, Citrix, Crash Dump Analysis, Crash Dumps for Dummies, Debugging, Minidump Analysis, Software Technical Support, Stack Trace Collection, Tools, Vista, WinDbg Tips and Tricks, Windows Server 2008 | 4 Comments »
September 28th, 2008
Crash dump analysis “does not consist merely in” peeking” the memory and enlightening the understanding. Its main business should be to direct the” Customer.
Joseph Joubert, Pensées
- Dmitry Vostokov @ DumpAnalysis.org -
Posted in Bugtations, Crash Dump Analysis, Debugging | No Comments »
September 26th, 2008
Here you can find the draft TOC for the forthcoming book “DebugWare: The Art and Craft of Writing Troubleshooting and Debugging Tools”:
Table of Contents
- Dmitry Vostokov @ DumpAnalysis.org -
Posted in Announcements, Books, DebugWare Patterns, Debugging, Publishing, Software Architecture, Software Technical Support, Tools | No Comments »
September 25th, 2008
“An excellent precept for” programmers: “have a clear idea of all the” functions “and expressions you need, and you will find them.”
Ximénès Doudan, Pensées et fragments suivis des révolutions du goût
- Dmitry Vostokov @ DumpAnalysis.org -
Posted in Bugtations, Code Reading, Debugging, Kernel Development | No Comments »
September 24th, 2008
“The art of not” coding “is extremely important. It consists in our not taking up whatever happens to be occupying the” management “public at the time.”
Arthur Schopenhauer, Parerga and Paralipomena: On Reading and Books
- Dmitry Vostokov @ DumpAnalysis.org -
Posted in Bugtations, Code Reading, Debugging | No Comments »
September 24th, 2008
Finally Dr. Debugalov adventures are going to be imprinted with bugs inside. This full-color book features never published before cartoons and a few surprises. It sets a new standard for entertainment in software engineering.
- Title: Dumps, Bugs and Debugging Forensics: The Adventures of Dr. Debugalov
- Author: Narasimha Vedala
- Editor: Dmitry Vostokov
- Publisher: Opentask (1 December 2008)
- Language: English
- Product Dimensions: 21.6 x 14.0
- ISBN-13: 978-1-906717-25-4
- Paperback: 64 pages
The cover was designed by Narasimha Vedala.
- Dmitry Vostokov @ DumpAnalysis.org -
Posted in Announcements, Art, Books, Bugtations, Cartoons, Crash Dump Analysis, Debugging, Fun with Crash Dumps, Memory Analysis Forensics and Intelligence, Publishing | No Comments »
September 23rd, 2008
“A” code “never — well, hardly ever — shakes off its” legacy “and its formation. In spite of all changes in and extensions of and additions to its” base “, and indeed rather pervading and governing these, there will still persist the old” code.
John Langshaw Austin, Philosophical Papers: A Plea For Excuses
- Dmitry Vostokov @ DumpAnalysis.org -
Posted in Bugtations, Code Reading, Debugging | No Comments »
September 21st, 2008
Opcodes “- so innocent and powerless as they are, as standing in a” manual “, how potent for good and evil they become in the hands of one who knows how to combine them.”
Nathaniel Hawthorne, American Notebooks
- Dmitry Vostokov @ DumpAnalysis.org -
Posted in Assembly Language, Bugtations, Debugging, Security | No Comments »
September 20th, 2008
APIs “govern the world.”
John Selden, Table Talk
- Dmitry Vostokov @ DumpAnalysis.org -
Posted in Bugtations, Debugging, Software Architecture | No Comments »
September 20th, 2008
New cartoon from Narasimha Vedala (click on it to enlarge):
Revolution and carnage imminent at Dr. Debugalov’s bug farm…
- Dmitry Vostokov @ DumpAnalysis.org -
Posted in Cartoons, Debugging | No Comments »
