Accelerated Windows Memory Dump Analysis: Training Course Transcript and Windbg Practice Exercises with Notes,Fourth Edition
by 作者: Dmitry Vostokov – Software Diagnostics Services
ISBN-10 书号: 1908043466
ISBN-13 书号: 9781908043467
Edition: 4th Revised edition
Publication Date 出版日期: 2016-05-23
Pages 页数: 874
Book Description
The full transcript of Software Diagnostics Services training with 28 step-by-step exercises,notes,source code of specially created modelling applications and more than 100 questions and answers. Covers more than 60 crash dump analysis patterns from x86 and x64 process,kernel,complete (physical),and active memory dumps. Learn how to analyse application,service and system crashes and freezes,navigate through memory dump space and diagnose heap corruption,memory leaks,CPU spikes,blocked threads,deadlocks,wait chains,and much more. The training uses a unique and innovative pattern-oriented analysis approach developed by Software Diagnostics Institute to speed up the learning curve. Prerequisites: Basic Windows troubleshooting. Audience: Software technical support and escalation engineers,system administrators,security researchers,reverse engineers,malware and memory forensics analysts,software developers and quality assurance engineers. The 4th edition was fully reworked to use WinDbg 10 and now covers memory dumps from Windows 10 x64. It also includes optional legacy exercises from the previous editions covering Windows Vista and Windows 7.
Contents
Preface
About the Author
Presentation Slides and Transcript
Practice Exercises
Exercise 0: Download,setup and verify your WinDbg installation
Exercise P1: Analysis of a normal application process dump (32-bit notepad)
Exercise P2: Analysis of a normal application process dump (64-bit notepad)
Exercise P3: Analysis of a normal application process dump (64-bit Microsoft Edge)
Exercise P4: Analysis of an application process dump (64-bit ApplicationK,no symbols)
Exercise P5: Analysis of an application process dump (64-bit ApplicationK,with application symbols)
Exercise P6: Analysis of application process dump (ApplicationL,32-bit)
Exercise P7: Analysis of an application process dump (ApplicationL,64-bit)
Exercise P8: Analysis of an application process dump (ApplicationM,64-bit)
Exercise P9: Analysis of an application process dump (ApplicationN,64-bit)
Exercise P10: Analysis of an application process dump (ApplicationO,64-bit)
Exercise P11: Analysis of an application process dump (ApplicationP,64-bit)
Exercise P12: Analysis of an application process dump (ApplicationR,32-bit)
Exercise P13: Analysis of an application process dump (ApplicationA,64-bit)
Exercise P14: Analysis of an application process dump (ApplicationS,64-bit)
Exercise P15: Analysis of an application process dump (notepad,32-bit)
Exercise P16: Analysis of an application process dump (notepad,64-bit)
Exercise P17: Analysis of an application process dump (ApplicationQ,32-bit)
Exercise K1: Analysis of a normal kernel dump (64-bit)
Exercise K2: Analysis of a kernel dump with pool leak (64-bit)
Exercise K3: Analysis of a kernel dump with pool corruption (64-bit)
Exercise K4: Analysis of a kernel dump with code corruption (64-bit)
Exercise K5: Analysis of a kernel dump with hang I/O (64-bit)
Exercise C1: Analysis of a normal complete dump (64-bit)
Exercise C2: Analysis of a problem complete dump (64-bit)
Exercise C3: Analysis of a problem complete dump (64-bit)
Exercise C4: Analysis of a problem complete dump (64-bit)
Exercise A1: Analysis of a problem active dump (64-bit)
Legacy Exercises
Exercise Legacy.0
Exercise Legacy.P1: Analysis of a normal application process dump (32-bit notepad)
Exercise Legacy.P2: Analysis of a normal application process dump (64-bit notepad)
Exercise Legacy.P3: Analysis of a normal application process dump (32-bit IE)
Exercise Legacy.P4: Analysis of an application process dump (32-bit ApplicationK,no symbols)
Exercise Legacy.P5: Analysis of an application process dump (32-bit ApplicationK,with application symbols)
Exercise Legacy.P6: Analysis of application process dump (ApplicationL,32-bit)
Exercise Legacy.P7: Analysis of an application process dump (ApplicationL,64-bit)
Exercise Legacy.P8: Analysis of an application process dump (ApplicationM,32-bit)
Exercise Legacy.P9: Analysis of an application process dump (ApplicationN,64-bit)
Exercise Legacy.P10: Analysis of an application process dump (ApplicationO,64-bit)
Exercise Legacy.P11: Analysis of an application process dump (ApplicationP,32-bit)
Exercise Legacy.P13: Analysis of an application process dump (ApplicationA,32-bit)
Exercise Legacy.P14: Analysis of an application process dump (ApplicationS,32-bit)
Exercise Legacy.P15: Analysis of an application process dump (notepad,32-bit)
Exercise Legacy.P16: Analysis of an application process dump (notepad,64-bit)
Exercise Legacy.P17: Analysis of an application process dump (ApplicationQ,32-bit)
Exercise Legacy.K1: Analysis of a normal kernel dump (32-bit)
Exercise Legacy.K2: Analysis of a kernel dump with pool leak (32-bit)
Exercise Legacy.K3: Analysis of a kernel dump with pool corruption (32-bit)
Exercise Legacy.K4: Analysis of a kernel dump with code corruption (32-bit)
Exercise Legacy.K5: Analysis of a kernel dump with hang I/O (32-bit)
Exercise Legacy.C1: Analysis of a normal complete dump (32-bit)
Exercise Legacy.C2: Analysis of a problem complete dump (32-bit)
Application Source Code
ApplicationA
ApplicationB
ApplicationC
ApplicationE
ApplicationK
ApplicationL
ApplicationM
ApplicationN
ApplicationO
ApplicationP
ApplicationR
ApplicationS
ApplicationQ
Selected Q&A
Minidump Analysis
Scripts and WinDbg Commands
Component Identification
Raw Stack Data Analysis
Symbols and Images
Wait Chain (Executive Resources)
safari 官方链接
此内容查看价格为4积分(VIP免费),请先登录
Opentask Advanced Windows Memory Dump Analysis with Data Structures 3rd Edition 9781908043467.rar
