Leanpub Header

Skip to main content
Go to Leanpub.comLeanpub

Extended Windows Memory Dump Analysis

Using and Writing WinDbg Extensions, Database and Event Stream Processing, Data Science and Visualization, Machine Learning and AI, Second Edition

Dmitry Vostokov

The book contains the full transcript of Software Diagnostics Services training with 25 hands-on exercises. This training course extends pattern-oriented analysis introduced in Accelerated Windows Memory Dump AnalysisAccelerated .NET Core Memory Dump Analysis, and Advanced Windows Memory Dump Analysis with Data Structures.

The author is letting you choose the price you pay for this book!

Pick Your Price...
PDF
362
Pages
About

About

About the Book

The book contains the full Software Diagnostics Services training transcript with 25 hands-on exercises. This training course extends pattern-oriented analysis introduced in Accelerated Windows Memory Dump AnalysisAccelerated .NET Core Memory Dump Analysis, and Advanced Windows Memory Dump Analysis with Data Structures courses with:

  • Surveying the current landscape of WinDbg extensions with analysis pattern mappings
  • Writing WinDbg extensions in C, C++, and Rust (new)
  • Connecting WinDbg to NoSQL databases
  • Connecting WinDbg to streaming and log processing platforms
  • Querying and visualizing WinDbg output data
  • Using Data Science, Machine Learning, and Gen AI for diagnostics and postmortem debugging (new)

The new edition of the training updates existing exercises and includes new ones.

Prerequisites: Working knowledge of WinDbg. Working knowledge of C, C++, or Rust is optional (required only for some exercises). Other concepts are explained when necessary.

Audience: Software developers, software maintenance engineers, escalation engineers, quality assurance engineers, security and vulnerability researchers, malware and memory forensics analysts who want to build memory analysis pipelines.

Share this book

Categories

C and C++Computer SecurityOperating System DevelopmentSoftware EngineeringTestingData SciencePython

Feedback

Email the author

Price

Pick Your Price...

Minimum price

$49.00

$49.00

You pay

$49.00

Author earns

$39.20
$

All prices are in US $. You can pay in US $ or in your local currency when you check out.

EU customers: prices exclude VAT, which is added during checkout.

...Or Buy With Credits!

Number of credits (Minimum 4)

4
The author will earn $48.00 from your purchase!
You can get credits monthly with a Reader Membership

Author

About the Author

Dmitry Vostokov

Dmitry Vostokov is an internationally recognized expert, speaker, educator, scientist, inventor, and author. He founded the pattern-oriented software diagnostics, forensics, and prognostics discipline (Systematic Software Diagnostics) and Software Diagnostics Institute. Vostokov has also authored over 50 books on software diagnostics, anomaly detection and analysis, software and memory forensics, root cause analysis and problem solving, memory dump analysis, debugging, software trace and log analysis, reverse engineering, and malware analysis. He has over 30 years of experience in software architecture, design, development, and maintenance in various industries, including leadership, technical, and people management roles. Dmitry founded OpenTask Iterative and Incremental Publishing and Software Diagnostics Technology and Services (former Memory Dump Analysis Services). In his spare time, he explores Software Narratology and Quantum Software Diagnostics. His interest areas are theoretical software diagnostics and its mathematical and computer science foundations, application of formal logic, semiotics, artificial intelligence, machine learning, and data mining to diagnostics and anomaly detection, software diagnostics engineering and diagnostics-driven development, diagnostics workflow and interaction. Recent interest areas also include functional programming, cloud native computing, monitoring, observability, visualization, security, automation, applications of category theory to software diagnostics, development and big data, and diagnostics of artificial intelligence.

Leanpub Podcast

Episode 213

An Interview with Dmitry Vostokov

Contents

Table of Contents

About the Author 5

Introduction 7

Practice Exercises 17

Exercise E0: Download, set up, and verify your WinDbg or Debugging Tools for Windows installation or Docker Debugging Tools for Windows image 21

Exercise ES1: Explore Patterns WinDbg Extension 35

Exercise ES2: Explore MEX WinDbg Extension 41

Exercise ES3: Explore DbgKit WinDbg Extension 63

Exercise ES4: Explore win32kext WinDbg Extension 105

Exercise ES5: Explore SwishDbgExt WinDbg Extension 112

Exercise ES6: Explore 0cchext WinDbg Extension 132

Exercise ES7: Explore pykd WinDbg Extension 144

Exercise ES8: Explore snapshot WinDbg Extension 175

Exercise ES9: Explore WinDbg Copilot 189

Exercise ES10: Explore ChatDBG WinDbg Extension 206

Exercise EW1: Writing WinDbg Extension (WdbgExts C API) 222

Exercise EW2: Writing WinDbg Extension (DbgEng COM API) 237

Exercise EW3: Writing WinDbg Extension (ExtExtension C++ API) 251

Exercise EW4: Writing WinDbg Extension (Rust) 264

Exercise EP1: Install Kafka Environment 274

Exercise EP2: Connect WinDbg to Kafka 277

Exercise EP3: Configure Kafka Connect to Send WinDbg Output 281

Exercise ED1: Install MongoDB Environment 290

Exercise ED2: Connect WinDbg to MongoDB 297

Exercise EV1: Install Jupyter Notebook Environment 307

Exercise EV2: Execution Residue Visualization 316

Exercise EV3: Find Anomalies in Stack Traces 332

Exercise ML1: Compute Similarity of Stack Traces 340

Exercise ML2: Group Stack Traces into Clusters 344

Exercise ML3: Identify Anomalous Stack Traces 347

Conclusion 355

Get the free sample chapters

Click the buttons to get the free sample in PDF or EPUB, or read the sample online here

Download Sample PDFDownload Sample EPUB

The Leanpub 60 Day 100% Happiness Guarantee

Within 60 days of purchase you can get a 100% refund on any Leanpub purchase, in two clicks.

Now, this is technically risky for us, since you'll have the book or course files either way. But we're so confident in our products and services, and in our authors and readers, that we're happy to offer a full money back guarantee for everything we sell.

You can only find out how good something is by trying it, and because of our 100% money back guarantee there's literally no risk to do so!

So, there's no reason not to click the Add to Cart button, is there?

See full terms...

Earn $8 on a $10 Purchase, and $16 on a $20 Purchase

We pay 80% royalties on purchases of $7.99 or more, and 80% royalties minus a 50 cent flat fee on purchases between $0.99 and $7.98. You earn $8 on a $10 sale, and $16 on a $20 sale. So, if we sell 5000 non-refunded copies of your book for $20, you'll earn $80,000.

(Yes, some authors have already earned much more than that on Leanpub.)

In fact, authors have earned over $14 million writing, publishing and selling on Leanpub.

Learn more about writing on Leanpub

Free Updates. DRM Free.

If you buy a Leanpub book, you get free updates for as long as the author updates the book! Many authors use Leanpub to publish their books in-progress, while they are writing them. All readers get free updates, regardless of when they bought the book or how much they paid (including free).

Most Leanpub books are available in PDF (for computers) and EPUB (for phones, tablets and Kindle). The formats that a book includes are shown at the top right corner of this page.

Finally, Leanpub books don't have any DRM copy-protection nonsense, so you can easily read them on any supported device.

Learn more about Leanpub's ebook formats and where to read them

Write and Publish on Leanpub

You can use Leanpub to easily write, publish and sell in-progress and completed ebooks and online courses!

Leanpub is a powerful platform for serious authors, combining a simple, elegant writing and publishing workflow with a store focused on selling in-progress ebooks.

Leanpub is a magical typewriter for authors: just write in plain text, and to publish your ebook, just click a button. (Or, if you are producing your ebook your own way, you can even upload your own PDF and/or EPUB files and then publish with one click!) It really is that easy.

Learn more about writing on Leanpub