MemoryDumpAnalysisAnthology,Volume11_memorydump-其它文档类

Memory

需积分: 36 170 浏览量更新于2023-05-22 评论收藏 32.63MB PDF 举报

身份认证购VIP最低享 7 折!

领优惠券(最高得80元）

资源详情

资源评论

资源推荐

Allrightsreserved.Nopartofthisbookmaybereproduced,storedinaretrievalsystem,or

transmitted,inanyformorbyanymeans,withoutthepriorwrittenpermissionofthepublisher.

Youmustnotcirculatethisbookinanyotherbindingorcover,andyoumustimposethesame

conditiononanyacquirer.

OpenTaskbooksareavailablethroughbooksellersanddistributorsworldwide.Forfurther

informationorcommentssendrequeststopress@opentask.com.

Productandcompanynamesmentionedinthisbookmaybetrademarksoftheirowners.

ACIPcatalogrecordforthisbookisavailablefromtheBritishLibrary.

ISBN13:9781912636112(Paperback)

Firstprinting,2018

Revision1.04(December2018)



Preface

Thisreferencevolumeconsistsofrevised,edited,crossreferencedandthematicallyorganized

articlesfromSoftwareDiagnosticsInstitute(DumpAnalysis.org+TraceAnalysis.org)and

SoftwareDiagnosticsLibrary(formerCrashDumpAnalysisblog,DumpAnalysis.org/blog).

Mostoftheselectedarticlesareaboutsoftwarediagnostics,rootcauseanalysis,debugging,

crashandhangdumpanalysis,softwaretraceandloganalysis.TheywerewritteninJune2017

November2018.Wehopethisreferenceisusefulfor:

SoftwareengineersdevelopingandmaintainingproductsonWindowsplatforms;

Technicalsupportandescalationengineersdealingwithcomplexsoftwareissues;

QualityassuranceengineerstestingsoftwareonWindowsplatforms;

Securityresearchers,reverseengineers,malwareandmemoryforensicsanalysts;

Traceandloganalysisarticlesareofinteresttousersofanyplatform.

Inthisvolume,wealsoincludepreviousarticlesfromtheformerCrashDumpAnalysisblognot

availableinprintform,andsomenoteswepostedonsocialmediasitessuchasFacebookover

thelast5years.

Ifyouencounteranyerror,pleasecontactmeusingthisform:

PART1:CrashDumpAnalysisPatterns



SystemCall

Usually,threadsareBlocked(Volume2)waitingforsynchronizationobjectsorActive(Volume7)

runningthreads.Thereisadifferentcategoryofthreadsthatappearblockedinuserspacebutinfact,

maybedoingalotofinvisiblework(notvisiblefromthedumptype)inkernelspace.Wecallsuchan

analysispatternSystemCall.ComparethesethreadStackTraces(Volume1)fromStackTrace

Collection(Volume1):

#CallSite

00ntdll!NtWaitForMultipleObjects

01KERNELBASE!WaitForMultipleObjectsEx

02user32!MsgWaitForMultipleObjectsEx

03combase!ASTAWaitContext::KernelWait

04combase!ASTAWaitContext::Wait

05combase!CoMsgWaitInProcessEvents

06Windows_UI!Windows::UI::Core::CDispatcher::WaitAndProcessMessages

07Windows_UI!Windows::UI::Core::CDispatcher::ProcessEvents

08Windows_UI_Xaml!CJupiterWindow::RunCoreWindowMessageLoop

09Windows_UI_Xaml!CJupiterControl::RunMessageLoop

0aWindows_UI_Xaml!DirectUI::DXamlCore::RunMessageLoop

0btwinapi_appcore!Windows::ApplicationModel::Core::CoreApplicationView::Run

[...]

0ekernel32!BaseThreadInitThunk

0fntdll!RtlUserThreadStart

#CallSite

00user32!NtUserCallNoParam

01user32!MsgWaitForMultipleObjectsEx

02combase!ASTAWaitContext::KernelWait

03combase!ASTAWaitContext::Wait

04combase!CoMsgWaitInProcessEvents

05Windows_UI!Windows::UI::Core::CDispatcher::WaitAndProcessMessages

06Windows_UI!Windows::UI::Core::CDispatcher::ProcessEvents

07Windows_UI_Xaml!CJupiterWindow::RunCoreWindowMessageLoop

08Windows_UI_Xaml!CJupiterControl::RunMessageLoop

09Windows_UI_Xaml!DirectUI::DXamlCore::RunMessageLoop

0atwinapi_appcore!Windows::ApplicationModel::Core::CoreApplicationView::Run

[...]

0dkernel32!BaseThreadInitThunk

0entdll!RtlUserThreadStart

Thefirstthreadistraditionallywaiting,buttheotherwaswokeduptoprocessaninputmessageand

maybeblockedinthekernelordoingsomeworkthere.Incaseofadoubtwecandoublecheckthe

lastexecutedinstruction(fromthestacktraceperspective):

ists

ory

rials

s & Deals

lights

ngs

Support

Sign Out

剩余263页未读，继续阅读

buddaseed

粉丝: 0
资源: 4

会员权益专享

Memory Dump Analysis Anthology, Volume 11

评论0

会员权益专享

最新资源

Memory Dump Analysis Anthology, Volume 11

评论0

Advanced Windows Memory Dump Analysis with Data Structures(3rd) 无水印pdf

Memory Dump Analysis Anthology ,Volume 2

Software.Trace.and.Log.Analysis.A.Pattern.Reference.2nd.Edition

memorydump分析方法

Accelerated Linux Core Dump Analysis Training Course

Cuckoo Malware Analysis

linux生成dump文件

c++ dump文件没生成

java visualvm分析dump文件

段错误时 coredump大小为0 有哪些可能

pgdump 备份数据库

thread dump怎么使用

pg_dumpall 使用示例

使用 MemoryAnalyzer.exe 分析内存泄露

SONiC中的generate_dump文件有什么作用

json.dumps和json.dump

如果通过命令抓取安卓手机的dump log

计算机中的dump到底是什么意思？

浅析Linux下利用coredump技术追查进程崩溃原因

dump备份的数据库恢复

会员权益专享

最新资源