New cartoon from Narasimha Vedala provides insight on string reversing (click on it to enlarge):
At the Bug Concentration Camp [BCC]
CCB officer decides the fate
I was curious to check if there are any opcodes like BCC or CCB and there are indeed:
BCC - Branch on Carry Clear
CCB - Chip Configuration Byte
- Dmitry Vostokov @ DumpAnalysis.org -
Shakespeare on transitive nature of software defects, where one bug causes another, and so on, until the final effect or when memory corruption causes crash effects.
“… and now remains
That we find out the cause of this effect,
Or rather say, the cause of this defect,
For this effect defective comes by cause.”William Shakespeare, Hamlet
- Dmitry Vostokov @ DumpAnalysis.org -
New cartoon from Narasimha Vedala:
Mother bug explains Morris worm
- Dmitry Vostokov @ DumpAnalysis.org -
“Sir, please believe me, it’s the first time this has ever happened. Have another try, don’t get upset. You know our” Programs “are” TESTED.
Jean-Pierre Petit, Adventures of Archibald Higgins: Euclid Rules O.K.?
- Dmitry Vostokov @ DumpAnalysis.org -
The following error was reported when launching an application and no configured default postmortem debugger was able to save a crash dump:
The application failed to initialize properly (0x06d007e). Click on OK to terminate the application.
The process memory dump captured manually using userdump.exe when the error message box was displayed didn’t show anything helpful on stack traces:
0:000> ~*kL
. 0 Id: 310.1ab8 Suspend: 1 Teb: 7ffdf000 Unfrozen
ChildEBP RetAddr
0012fd14 7c8284c5 ntdll!_LdrpInitialize+0x184
00000000 00000000 ntdll!KiUserApcDispatcher+0x25
1 Id: 310.1ec0 Suspend: 1 Teb: 7ffde000 Unfrozen
ChildEBP RetAddr
0820fcb0 7c826f4b ntdll!KiFastSystemCallRet
0820fcb4 7c813b90 ntdll!NtDelayExecution+0xc
0820fd14 7c8284c5 ntdll!_LdrpInitialize+0x19b
00000000 00000000 ntdll!KiUserApcDispatcher+0x25
However, one of last error values was access violation (Last Error Collection pattern):
0:000> !gle -all
Last error for thread 0:
LastErrorValue: (Win32) 0x3e6 (998) - Invalid access to memory location.
LastStatusValue: (NTSTATUS) 0xc0000005 - The instruction at "0x%08lx" referenced memory at "0x%08lx". The memory could not be "%s".
Last error for thread 1:
LastErrorValue: (Win32) 0 (0) - The operation completed successfully.
LastStatusValue: (NTSTATUS) 0 - STATUS_WAIT_0
It was suspected that access violation errors were handled by application exception handlers (Custom Exception Handler pattern) and it was recommended to catch first-chance exception crash dumps (Early Crash Dump pattern) and indeed there was one such exception:
0:000> r
eax=00000000 ebx=00000000 ecx=00000000 edx=00157554 esi=00000080 edi=00000000
eip=7c829ffa esp=0012ed48 ebp=0012ef64 iopl=0 nv up ei pl zr na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00010246
ntdll!RtlAllocateHeap+0x24:
7c829ffa 0b4310 or eax,dword ptr [ebx+10h] ds:0023:00000010=????????
0:000> kL
ChildEBP RetAddr
0012ef64 7c3416b3 ntdll!RtlAllocateHeap+0x24
0012efa4 7c3416db msvcr71!_heap_alloc+0xe0
0012efac 7c3416f8 msvcr71!_nh_malloc+0x10
0012efb8 67741c01 msvcr71!malloc+0xf
[...]
- Dmitry Vostokov @ DumpAnalysis.org -
The crash dump “is the message”.
- Dmitry Vostokov @ DumpAnalysis.org -
A few months ago I wrote about my discovery of the first memory dump book. It actually arrived but only today I got a chance to take pictures of its front and back covers. The latter explans the title of the book (MEMORY DUMP) albeit in Spanish.
Since many pages are in Basque I decided to learn a bit about this unique language and recommend this guide:
The Basque Language: A Practical Introduction (The Basque Series)
- Dmitry Vostokov @ DumpAnalysis.org -
I’m back from my holidays and here is my 10th anniversary bugtation:
“Coincidences, in general, are great stumbling-blocks in the way of” debugging.
Edgar Allan Poe, The Murders in the Rue Morgue
- Dmitry Vostokov @ DumpAnalysis.org -
“There is nothing more deceptive than an obvious” bug.
Sherlock Holmes, The Boscombe Valley Mystery
- Dmitry Vostokov @ DumpAnalysis.org -
New cartoon from Narasimha Vedala (click on it to enlarge):
Misty morning gossip in the park
- Dmitry Vostokov @ DumpAnalysis.org -
I wasn’t active last 3 months although I have many cached managerial thoughts in my Moleskine notebook that I plan to start publishing in September.
ManagementBits Blog:
I don’t remember whether I told this before or not but all management bits are available in a handy bit string here:
- Dmitry Vostokov @ DumpAnalysis.org -
New cartoon from Narasimha Vedala provides insight into crazy bugs (click on it to enlarge):
A visit to the Psychiatrist
- Dmitry Vostokov @ DumpAnalysis.org -
Debugging “will one day be as necessary for efficient” programming “as the ability to read and write” code.
- Dmitry Vostokov @ DumpAnalysis.org -
New cartoon from Narasimha Vedala provides insight into the beauty of nature (click on it to enlarge):
Nature’s Wonder: Life cycle of a beetle
- Dmitry Vostokov @ DumpAnalysis.org -
This bugtation is identical to the original quotation:
“Thank you for not dividing by zero.”
Unknown
Encouraged by this I propose another one 
“Thank you for checking for NULL pointers.”
- Dmitry Vostokov @ DumpAnalysis.org -
New cartoon from Narasimha Vedala captures recent rumors about the opening of Olympics:
Just to remind you that China is 6th on my Memory Dump Awareness Index.
- Dmitry Vostokov @ DumpAnalysis.org -
“I admit that” debugging “is a good thing. But excessive devotion to it is a bad thing.”
- Dmitry Vostokov @ DumpAnalysis.org -
There were no updates last two months primarily because I was still reading huge books 1,000 pages each. One of them was The Road to Reality that I started in March and finished only a few weeks ago. When I was about two-thirds through it and I thought that I could never finish it a sign happened to shed the light on the possible end. While commuting from work a shadow from the train window sign projected ”Exit” on the book and I asked to take a picture of this event:
LiterateScientist Blog:
The Skeptical Environmentalist
- Dmitry Vostokov @ DumpAnalysis.org -
“The great tragedy of” Software: “the slaying of a beautiful” program “by an ugly” bug.
Thomas Henry Huxley, Collected Essays
- Dmitry Vostokov @ DumpAnalysis.org -
Suppose we set up breakpoints to catch a random issue or at the end of a lengthy loop and we don’t want to sit tight, stare at the screen and wait for a debugger notification event. We just want to sit relaxed and read our favourite book or do something else. I discovered this meta-command where we can specify a wave file to be played every time a debugger breaks into a command prompt:
The .sound_notify command causes a sound to be played when WinDbg enters the wait-for-command state (from WinDbg help).
For example:
(15dc.dd0): Break instruction exception - code 80000003 (first chance)
eax=7ffde000 ebx=00000000 ecx=00000000 edx=77b3d094 esi=00000000 edi=00000000
eip=77af7dfe esp=01c6fbf4 ebp=01c6fc20 iopl=0 nv up ei pl zr na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000246
ntdll!DbgBreakPoint:
77af7dfe cc int 3
windbg> .sound_notify /ef c:\Windows\Media\tada.wav
Sound notification: file 'c:\Windows\Media\tada.wav'
0:001> g
(15dc.175c): Break instruction exception - code 80000003 (first chance)
eax=7ffde000 ebx=00000000 ecx=00000000 edx=77b3d094 esi=00000000 edi=00000000
eip=77af7dfe esp=01cafc08 ebp=01cafc34 iopl=0 nv up ei pl zr na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000246
ntdll!DbgBreakPoint:
77af7dfe cc int 3
[tada.wav is played when we break into]
- Dmitry Vostokov @ DumpAnalysis.org -
