Leanpub Header

Skip to main content
Go to Leanpub.comLeanpub

Practical Foundations of Windows Debugging, Disassembling, Reversing, Second Edition

Training Course

Dmitry Vostokov

This training course is a combined, reformatted, improved, and modernized version of the two previous books Windows Debugging: Practical Foundations and x64 Windows Debugging: Practical Foundations.

The author is letting you choose the price you pay for this book!

Pick Your Price...
PDF
87
Readers
338
Pages
About

About

About the Book

This training course is a combined, reformatted, improved, and modernized version of the two previous books Windows Debugging: Practical Foundations and x64 Windows Debugging: Practical Foundations, that drew inspiration from the original lectures we developed almost 18 years ago to train support and escalation engineers in debugging and crash dump analysis of memory dumps from Windows applications, services, and systems. At that time, when thinking about what material to deliver, we realized that a solid understanding of fundamentals like pointers is needed to analyze stack traces beyond a few WinDbg commands. Therefore, this book is not about bugs or debugging techniques but about the background knowledge everyone needs to start experimenting with WinDbg, learn from practical experience, and read other advanced debugging books. This body of knowledge is what the author of this book possessed before starting memory dump analysis using WinDbg 18 years ago, which resulted in the number one debugging bestseller: the multi-volume Memory Dump Analysis Anthology. Now, in retrospection, we see these practical foundations as relevant and necessary to acquire for beginners as they were 18 years ago, because operating systems internals, assembly language, and compiler architecture haven't changed much in those years.

The book contains two separate sets of chapters and corresponding illustrations. They are named Chapter x86.NN and Chapter x64.NN respectively. The new format makes switching between and comparing x86 and x64 versions easy. There is some repetition of content due to the shared nature of x64 and x86 platforms. Both sets of chapters can be read independently. We included x86 chapters because many 3rd-party Windows applications are still 32-bit and executed in 32-bit compatibility mode on x64 Windows systems. The course consistently uses WinDbg (X86) for 32-bit examples and WinDbg (X64) for 64-bit examples. The book also has a larger format similar to other training courses from Software Diagnostics Services.

Almost 5 years have passed since the first edition of the combined training course that used the earlier version of Windows 10. Since then, we have also published "Practical Foundations of Linux Debugging, Disassembling, Reversing" and "Practical Foundations of ARM64 Linux Debugging, Disassembling, Reversing" books. At that time, we thought about revising our Windows course. Since then, Windows 11 appeared, and we also added Docker support for most of our Windows memory dump analysis courses. While working on the "Accelerated Windows Debugging 4D "course, we decided to make the second edition of Practical Foundations of Windows Debugging based on WinDbg from Windows 11 SDK and Visual Studio 2022 build tools, and an optional Docker support for the exercise environment. We also changed the ":=" operator to "<-" in our pseudo-code for Intel disassembly syntax flavor to align with our recent Linux Practical Foundations books, which use "->" in pseudo-code for x64 AT&T disassembly syntax flavor and "<-" in pseudo-code for ARM64 disassembly syntax. All sample projects were recompiled, and many diagrams were redone for the new edition to reflect changes in code generation. WinDbg syntax and code highlighting were also improved. There are also minor additions for C++11 and C++20.

The book is useful for:

  • Software technical support and escalation engineers
  • Software engineers coming from a managed code or JVM background
  • Software testers
  • Engineers coming from non-Wintel environments
  • Windows C/C++ software engineers without an assembly language background
  • Security researchers without x86/x64 assembly language background
  • Beginners learning Windows software reverse engineering techniques

This introductory training course can complement the more advanced course Accelerated Disassembly, Reconstruction and Reversing, Revised Edition. It may also help with advanced exercises in Accelerated Windows Memory Dump Analysis, Fifth Edition, Part 1, Revised, Process User Space and Accelerated Windows Memory Dump Analysis, Fifth Edition, Part 2, Revised, Kernel and Complete Spaces. This book can also be used as an Intel assembly language and Windows debugging supplement for relevant undergraduate-level courses.

Share this book

Categories

C and C++Computer SecuritySoftware EngineeringOperating System Development

Feedback

Email the author

Price

Pick Your Price...

Minimum price

$20.00

$20.00

You pay

$20.00

Author earns

$16.00
$

All prices are in US $. You can pay in US $ or in your local currency when you check out.

EU customers: prices exclude VAT, which is added during checkout.

...Or Buy With Credits!

Number of credits (Minimum 2)

2
The author will earn $24.00 from your purchase!
You can get credits monthly with a Reader Membership

Author

About the Author

Dmitry Vostokov

Dmitry Vostokov is an internationally recognized expert, speaker, educator, scientist, inventor, and author. He founded the pattern-oriented software diagnostics, forensics, and prognostics discipline (Systematic Software Diagnostics) and Software Diagnostics Institute. Vostokov has also authored over 50 books on software diagnostics, anomaly detection and analysis, software and memory forensics, root cause analysis and problem solving, memory dump analysis, debugging, software trace and log analysis, reverse engineering, and malware analysis. He has over 30 years of experience in software architecture, design, development, and maintenance in various industries, including leadership, technical, and people management roles. Dmitry founded OpenTask Iterative and Incremental Publishing and Software Diagnostics Technology and Services (former Memory Dump Analysis Services). In his spare time, he explores Software Narratology and Quantum Software Diagnostics. His interest areas are theoretical software diagnostics and its mathematical and computer science foundations, application of formal logic, semiotics, artificial intelligence, machine learning, and data mining to diagnostics and anomaly detection, software diagnostics engineering and diagnostics-driven development, diagnostics workflow and interaction. Recent interest areas also include functional programming, cloud native computing, monitoring, observability, visualization, security, automation, applications of category theory to software diagnostics, development and big data, and diagnostics of artificial intelligence.

Leanpub Podcast

Episode 213

An Interview with Dmitry Vostokov

Contents

Table of Contents

Contents 5

Preface to the Second Edition 15

Preface to the First Edition 16

Combined Preface from Original Editions 17

About the Author 18

Chapter x86.1: Memory, Registers, and Simple Arithmetic 19

Chapter x86.2: Debug and Release Binaries 33

Chapter x86.3: Number Representations 46

Chapter x86.4: Pointers 53

Chapter x86.5: Bytes, Words, and Double Words 68

Chapter x86.6: Pointers to Memory 73

Chapter x86.7: Logical Instructions and EIP 95

Chapter x86.8: Reconstructing a Program with Pointers 102

Chapter x86.9: Memory and Stacks 109

Chapter x86.10: Frame Pointer and Local Variables 128

Chapter x86.11: Function Parameters 141

Chapter x86.12: More Instructions 153

Chapter x86.13: Function Pointer Parameters 164

Chapter x86.14: Summary of Code Disassembly Patterns 170

Appendix x86: Using Docker Environment 174

Chapter x64.1: Memory, Registers, and Simple Arithmetic 176

Chapter x64.2: Debug and Release Binaries 191

Chapter x64.3: Number Representations 204

Chapter x64.4: Pointers 211

Chapter x64.5: Bytes, Words, and Double Words 229

Chapter x64.6: Pointers to Memory 235

Chapter x64.7: Logical Instructions and EIP 258

Chapter x64.8: Reconstructing a Program with Pointers 266

Chapter x64.9: Memory and Stacks 275

Chapter x64.10: Local Variables 295

Chapter x64.11: Function Parameters 305

Chapter x64.12: More Instructions 314

Chapter x64.13: Function Pointer Parameters 325

Chapter x64.14: Summary of Code Disassembly Patterns 329

Appendix x64: Using Docker Environment 335

Get the free sample chapters

Click the buttons to get the free sample in PDF or EPUB, or read the sample online here

Download Sample PDFDownload Sample EPUB

The Leanpub 60 Day 100% Happiness Guarantee

Within 60 days of purchase you can get a 100% refund on any Leanpub purchase, in two clicks.

Now, this is technically risky for us, since you'll have the book or course files either way. But we're so confident in our products and services, and in our authors and readers, that we're happy to offer a full money back guarantee for everything we sell.

You can only find out how good something is by trying it, and because of our 100% money back guarantee there's literally no risk to do so!

So, there's no reason not to click the Add to Cart button, is there?

See full terms...

Earn $8 on a $10 Purchase, and $16 on a $20 Purchase

We pay 80% royalties on purchases of $7.99 or more, and 80% royalties minus a 50 cent flat fee on purchases between $0.99 and $7.98. You earn $8 on a $10 sale, and $16 on a $20 sale. So, if we sell 5000 non-refunded copies of your book for $20, you'll earn $80,000.

(Yes, some authors have already earned much more than that on Leanpub.)

In fact, authors have earned over $14 million writing, publishing and selling on Leanpub.

Learn more about writing on Leanpub

Free Updates. DRM Free.

If you buy a Leanpub book, you get free updates for as long as the author updates the book! Many authors use Leanpub to publish their books in-progress, while they are writing them. All readers get free updates, regardless of when they bought the book or how much they paid (including free).

Most Leanpub books are available in PDF (for computers) and EPUB (for phones, tablets and Kindle). The formats that a book includes are shown at the top right corner of this page.

Finally, Leanpub books don't have any DRM copy-protection nonsense, so you can easily read them on any supported device.

Learn more about Leanpub's ebook formats and where to read them

Write and Publish on Leanpub

You can use Leanpub to easily write, publish and sell in-progress and completed ebooks and online courses!

Leanpub is a powerful platform for serious authors, combining a simple, elegant writing and publishing workflow with a store focused on selling in-progress ebooks.

Leanpub is a magical typewriter for authors: just write in plain text, and to publish your ebook, just click a button. (Or, if you are producing your ebook your own way, you can even upload your own PDF and/or EPUB files and then publish with one click!) It really is that easy.

Learn more about writing on Leanpub