Leanpub Header

Skip to main content
Go to Leanpub.comLeanpub

Accelerated Windows Malware Analysis with Memory Dumps

Training Course Transcript and WinDbg Practice Exercises, Third Edition

Dmitry Vostokov

The full transcript of Software Diagnostics Services training. Learn how to navigate process, kernel, and physical spaces and diagnose malware patterns in Windows memory dump files using WinDbg and practical step-by-step hands-on exercises. Covered more than 20 malware analysis patterns. The third edition has some exercises updated to Windows 11.

The author is letting you choose the price you pay for this book!

Pick Your Price...
PDF
14
Readers
324
Pages
About

About

About the Book

The full transcript of Software Diagnostics Services training. Learn how to navigate process, kernel, and physical spaces and diagnose various malware patterns in Windows memory dump files. The course uses a unique and innovative pattern-oriented analysis approach to speed up the learning curve. The training consists of practical step-by-step, hands-on exercises using WinDbg, process, kernel, and complete memory dumps. The training covers more than 20 malware analysis patterns. The main audience is software technical support and escalation engineers who analyze memory dumps from complex software environments and need to check for possible malware presence in cases of abnormal software behavior. The course will also be useful for software engineers, quality assurance and software maintenance engineers, security researchers, malware and memory forensics analysts who have never used WinDbg for analysis of computer memory. The third edition uses the latest WinDbg Preview version with some exercises updated to Windows 11 and is optionally containerized.

Share this book

Categories

Computer SecuritySoftwareC and C++Operating System DevelopmentSoftware ArchitectureSoftware Engineering

Feedback

Email the author

Price

Pick Your Price...

Minimum price

$99.00

$99.00

You pay

$99.00

Author earns

$79.20
$

All prices are in US $. You can pay in US $ or in your local currency when you check out.

EU customers: prices exclude VAT, which is added during checkout.

...Or Buy With Credits!

Number of credits (Minimum 7)

7
The author will earn $84.00 from your purchase!
You can get credits monthly with a Reader Membership

Author

About the Author

Dmitry Vostokov

Dmitry Vostokov is an internationally recognized expert, speaker, educator, scientist, inventor, and author. He founded the pattern-oriented software diagnostics, forensics, and prognostics discipline (Systematic Software Diagnostics) and Software Diagnostics Institute. Vostokov has also authored over 50 books on software diagnostics, anomaly detection and analysis, software and memory forensics, root cause analysis and problem solving, memory dump analysis, debugging, software trace and log analysis, reverse engineering, and malware analysis. He has over 30 years of experience in software architecture, design, development, and maintenance in various industries, including leadership, technical, and people management roles. Dmitry founded OpenTask Iterative and Incremental Publishing and Software Diagnostics Technology and Services (former Memory Dump Analysis Services). In his spare time, he explores Software Narratology and Quantum Software Diagnostics. His interest areas are theoretical software diagnostics and its mathematical and computer science foundations, application of formal logic, semiotics, artificial intelligence, machine learning, and data mining to diagnostics and anomaly detection, software diagnostics engineering and diagnostics-driven development, diagnostics workflow and interaction. Recent interest areas also include functional programming, cloud native computing, monitoring, observability, visualization, security, automation, applications of category theory to software diagnostics, development and big data, and diagnostics of artificial intelligence.

Leanpub Podcast

Episode 213

An Interview with Dmitry Vostokov

Contents

Table of Contents

About the Author 5

Introduction 7

Practice Exercises 17

Exercise 0: Download, setup, and verify your WinDbg Preview or WinDbg installation, or Docker Debugging Tools for Windows image 22

Exercise M1A 38

Exercise M1B 49

Exercise M2 64

Exercise M3 81

Exercise M4 133

Exercise M5 187

Exercise M6 211

Selected Q&A 243

Appendix 247

Malware Analysis Patterns 249

Deviant Module 249

Deviant Token 256

Driver Device Collection 257

Execution Residue 258

Fake Module 282

Hidden Module 286

Hidden Process 288

Hooksware 290

Namespace 291

No Component Symbols 292

Out-of-Module Pointer 295

Packed Code 296

Patched Code 299

Pre-Obfuscation Residue 300

Raw Pointer 301

RIP Stack Trace 302

Self-Diagnosis (Kernel Mode) 304

Stack Trace Collection 305

Stack Trace Collection (I/O Requests) 313

String Hint 317

Unknown Module 319

Raw Stack Dump of All Threads (Kernel Space) 322

Complete Stack Traces from x64 System 323

Get the free sample chapters

Click the buttons to get the free sample in PDF or EPUB, or read the sample online here

Download Sample PDFDownload Sample EPUB

The Leanpub 60 Day 100% Happiness Guarantee

Within 60 days of purchase you can get a 100% refund on any Leanpub purchase, in two clicks.

Now, this is technically risky for us, since you'll have the book or course files either way. But we're so confident in our products and services, and in our authors and readers, that we're happy to offer a full money back guarantee for everything we sell.

You can only find out how good something is by trying it, and because of our 100% money back guarantee there's literally no risk to do so!

So, there's no reason not to click the Add to Cart button, is there?

See full terms...

Earn $8 on a $10 Purchase, and $16 on a $20 Purchase

We pay 80% royalties on purchases of $7.99 or more, and 80% royalties minus a 50 cent flat fee on purchases between $0.99 and $7.98. You earn $8 on a $10 sale, and $16 on a $20 sale. So, if we sell 5000 non-refunded copies of your book for $20, you'll earn $80,000.

(Yes, some authors have already earned much more than that on Leanpub.)

In fact, authors have earned over $14 million writing, publishing and selling on Leanpub.

Learn more about writing on Leanpub

Free Updates. DRM Free.

If you buy a Leanpub book, you get free updates for as long as the author updates the book! Many authors use Leanpub to publish their books in-progress, while they are writing them. All readers get free updates, regardless of when they bought the book or how much they paid (including free).

Most Leanpub books are available in PDF (for computers) and EPUB (for phones, tablets and Kindle). The formats that a book includes are shown at the top right corner of this page.

Finally, Leanpub books don't have any DRM copy-protection nonsense, so you can easily read them on any supported device.

Learn more about Leanpub's ebook formats and where to read them

Write and Publish on Leanpub

You can use Leanpub to easily write, publish and sell in-progress and completed ebooks and online courses!

Leanpub is a powerful platform for serious authors, combining a simple, elegant writing and publishing workflow with a store focused on selling in-progress ebooks.

Leanpub is a magical typewriter for authors: just write in plain text, and to publish your ebook, just click a button. (Or, if you are producing your ebook your own way, you can even upload your own PDF and/or EPUB files and then publish with one click!) It really is that easy.

Learn more about writing on Leanpub