This full color book is the complete transcript of a Webinar organized by Memory Dump Analysis Services (www.DumpAnalysis.com). It discusses user vs. kernel vs. physical (complete) memory space, challenges of complete memory dump analysis, common WinDbg commands, patterns and pattern-driven analysis methodology, common mistakes, fiber bundles, DumpAnalysis.org case studies and illustrates step by step a hands-on exercise in a complete memory dump analysis.

Debugging Experts Magazine Online (online version of Debugged! MZ/PE) underwent the total redesign:


Being a software engineer, the author penetrated a software technical support department of a major software company rising to a management position. There he started collecting various management bits and tips promising everyone to write a management book. After moving back to engineering he became a director of several software research, education, publishing and software behavior analysis consultancy institutions including a museum. This book is an anthology of selected and edited blog posts from his Management Bits and Tips blog.
What this book has to do with the crash dump analysis then? Considering metaphorically an organization as a software machine, teams as processes and individuals as threads the author had applied his unique knowledge of software crashes and hangs to organizational project failures.

This multi-dimensional museum shows exhibitions dedicated to the history of debugging, memory dump artifacts and art.

If you would like to donate an exhibit (for example, an old memory dump or a picture related to debugging) please use this page: http://www.dumpanalysis.org/contact. Any donations are greatly appreciated!
Problem: You are not satisfied with a crash report.
Problem: Your critical issue is escalated to the VP level. Engineers analyze memory dumps and software traces. No definite conclusion so far. You want to be sure that nothing has been omitted from the analysis.
Problem: You analyze a system dump or a software trace. You need a second pair of eyes but don't want to send your memory dump due to your company security policies.
Resolution: DumpAnalysis.com analyzes your analysis and provides recommendations.
This new service comes in July - August, 2010. Prices will be announced soon.
/*** Adding AI. Analysis Improvement. ***/
A problem has been detected and Windows has been shut down to prevent damage to your computerSaving a complete dump file...
The presentation materials from the first webinar are available for download: http://www.dumpanalysis.com/FCMDA-materials
If you are interested in training please answer these questions (use this form http://www.dumpanalysis.org/contact):
Additional topics of expertise that can be integrated into training include Source Code Reading and Analysis, Debugging, Windows Architecture, Device Drivers, Troubleshooting Tools Design and Implementation, Multithreading, Deep Down C and C++, x86 and x64 Assembly Language Reading.
The following direct links can be used to order the book now:
Written by the founder of DumpAnalysis.org this book is not about bugs or debugging techniques but about background knowledge everyone needs to start experimenting with WinDbg, learn from practical experience and read other advanced debugging books. Solid understanding of fundamentals like pointers is needed to analyze stack traces beyond !analyze -v and lmv WinDbg commands. This is the book to help technical support and escalation engineers and Windows software testers without the knowledge of assembly language to master necessary prerequisites to understand and start debugging and crash dump analysis on Windows platforms. It doesn't require any specific knowledge, fills the gap and lowers the learning curve. The book is also useful for software engineers coming from managed code or Java background, engineers coming from non-Wintel environments, Windows C/C++ software engineers without assembly language background, security researchers and beginners learning Windows software disassembling and reverse engineering techniques. This book can also be used as Intel assembly language and Windows debugging supplement for relevant undergraduate level courses.
Product details:

I am a C++/Windows developer and have been a Windows debugging enthusiast for quite a long time now. However, I have never been able to get a good and credible source of information with regards to the internals of debugging using WinDbg. Over the years, I have laid my hands on various sources that deal with Windows Debugging tools and debugging techniques. Every time I purchased a book or went through an online source, I was limited to confusing information that lead me to give up on this topic. Even reliable books that claimed to be the best in the market were nothing less than a colossal disappointment. However, recently when I came across "Windows Debugging: Practical Foundation" that was purchased by a friend of mine, I was sceptic but, nonetheless, decided to give it a chance. Trust me, although not perfect, the book has helped me a lot in learning more about windows internals and debugging techniques. I would like to extend my complements for writing a book that divulges details in a very concise yet clear manner.
Sriram Sarma
The following direct links can be used to order the book now:
This is a supplemental volume of selected articles with 68 full color illustrations from Memory Dump Analysis Anthology: revised, edited, cross-referenced and thematically organized volumes of selected DumpAnalysis.org blog posts about modern crash dump analysis and debugging written in August 2006 - June 2009 for software engineers developing and maintaining products on Windows platforms, quality assurance engineers testing software on Windows platforms, technical support and escalation engineers dealing with complex software issues, security and defect researchers, computer scientists and philosophers. Unique in its breadth, depth, and scope it offers unprecedented insight into the world of Windows software and draws profound scientific and metaphysical implications.

Modern pattern-driven software trace analysis on Microsoft and Citrix platforms requires a practical guide and OpenTask plans to publish this summer the following book in both Practical Foundations and Systematic Software Fault Analysis series:
The following direct links can be used to order the book now:
Written by a veteran in mission-critical computer system problem resolution, problem prevention, and system recovery, this book discusses solving problems on their FIRST occurrence while emphasizing software supportability and serviceability.

Table of Contents
Amazon reviews
c’t – Magazin für Computertechnik review
This is the first book from Windows Crash Dump Analysis tetralogy. It introduces basic definitions, tools, memory dump collection and preliminary analysis methods for Windows platforms including legacy versions. This practical guide and reference book is a must have for system administrators of Windows server platforms and client workstations, technical support engineers and general Windows users. It builds foundation for the second tetralogy book Crash Dump Analysis for System Administrators and Support Engineers and the remaining tetralogy books Windows Crash Dump Analysis and Advanced Windows Crash Dump Analysis.

OpenTask to offer first 3 volumes of Memory Dump Analysis Anthology in one set:

The set is available exclusively from OpenTask e-Commerce web site starting from June. Individual volumes are also available from Amazon, Barnes & Noble and other bookstores worldwide.
Product information:
Information about individual volumes:
Also available: Memory Dump Analysis Anthology: Color Supplement for Volumes 1-3
CARE means Crash Analysis Report Environment. It includes a pattern-driven debugger log analyzer and standards for structured audience-driven reports.
Please help to populate the database of stack traces by submitting your WinDbg output logs. You can use VBScript / WinDbg script to process all .DMP files on your hard drives: DebuggerLogs.zip. The archive contains VBScript file for x64 WinDbg (DebuggerLogs64.vbs) and for x86 WinDbg (DebuggerLogs.vbs) plus the very simple mode-independent WinDbg script (DebuggerLogs.wds). The WinDbg output is stored in dbgeng.log file.
Note: Please do not submit your crash dumps because the file size is limited to 2 MB and CARE system is currently being designed to analyze debugger logs only. If your log is bigger you can submit a zip file. If you have any problems please contact the administrator. Please do not expect any crash analysis response for your logs. The submittal is currently for internal CARE database population only and not for the pattern analysis of your computer memory.
The following direct links can be used to order the book now:
Written by the founder of DumpAnalysis.org this book is not about bugs or debugging techniques but about background knowledge everyone needs to start experimenting with x64 WinDbg, learn from practical experience and read other advanced debugging books. Solid understanding of fundamentals like pointers is needed to analyze stack traces beyond !analyze -v and lmv WinDbg commands. This is the book to help technical support and escalation engineers and Windows software testers without the knowledge of assembly language to master necessary prerequisites to understand and start debugging and crash dump analysis on x64 Windows platforms. It doesn't require any specific knowledge, fills the gap and lowers the learning curve. The book is also useful for software engineers coming from managed code or Java background, engineers coming from non-Wintel environments, Windows C/C++ software engineers without assembly language background, security researchers and beginners learning x64 Windows software disassembling and reverse engineering techniques. This book can also be used as AMD64 and Intel EM64T assembly language and x64 Windows debugging supplement for relevant undergraduate level courses. For someone, who wants to learn these foundations in the context of 32-bit Windows environments there is a separate x86 book (ISBN: 978-1-906717-10-0). However, this book is completely independent from that earlier book and almost every illustration was recreated to reflect x64 architecture and x64 Windows ILP 32-32-64 model (Integer-Long-Pointer).
Product details:

The following direct links can be used to order the book now:
This is a revised, edited, cross-referenced and thematically organized volume of selected DumpAnalysis.org blog posts about crash dump analysis and debugging written in October 2008 - June 2009 for software engineers developing and maintaining products on Windows platforms, quality assurance engineers testing software on Windows platforms and technical support and escalation engineers dealing with complex software issues. The third volume features:
- 15 new crash dump analysis patterns
- 29 new pattern interaction case studies
- Trace analysis patterns
- Updated checklist
- Fully cross-referenced with Volume 1 and Volume 2
- New appendixes
Product information:

Back cover features 3D computer memory visualization image.

The following direct links can be used to order the English edition now:
The following direct links can be used to order the Korean edition now:
This is a revised, edited, cross-referenced and thematically organized volume of selected DumpAnalysis.org blog posts about crash dump analysis and debugging written in 2006 - 2007 for software engineers developing and maintaining products on Windows platforms, quality assurance engineers testing software on Windows platforms, technical support and escalation engineers dealing with complex software issues and general Windows users.
Table of Contents
Errata
Google Book Preview
The back cover image is the picture of TestDefaultDebugger crash dump generated by Dump2Picture

Caloni.com.br Blog (in Portuguese)
Amazon reviews
"This book is very good to startup on debugging. It really starts from the basics and it keeps going more in depth. Easy to read and very didactic." - Yuri Diogenes, ISA Server Support Team, Microsoft (Link)
Also available:
This is a revised, edited, cross-referenced and thematically organized volume of selected DumpAnalysis.org blog posts about crash dump analysis and debugging written in July 2009 - January 2010 for software engineers developing and maintaining products on Windows platforms, quality assurance engineers testing software on Windows platforms and technical support and escalation engineers dealing with complex software issues. The fourth volume features:
- 13 new crash dump analysis patterns
- 13 new pattern interaction case studies
- 10 new trace analysis patterns
- 6 new Debugware patterns and case study
- Workaround patterns
- Updated checklist
- Fully cross-referenced with Volume 1, Volume 2 and Volume 3
- New appendixes
Product information:

Back cover features memory space art image: Internal Process Combustion.
As one of the new initiatives for the Year of Debugging (2009, 0x7D9) OpenTask starts publishing full color variable page periodical publication called:
The only serial publication dedicated entirely to Windows® debugging
The following direct links can be used to order issues now:







Sample magazine back covers featuring debugging, crash dump and software trace analysis tips:

If you have an article idea or if you'd like to write an article for us please use the following contact form:
The following direct links can be used to order the book now:
This is a revised, edited, cross-referenced and thematically organized volume of selected DumpAnalysis.org blog posts about crash dump analysis and debugging written in January - September 2008 for software engineers developing and maintaining products on Windows platforms, quality assurance engineers testing software on Windows platforms and technical support and escalation engineers dealing with complex software issues. The second volume features:
- 45 new crash dump analysis patterns
- Pattern interaction and case studies
- Updated checklist
- Fully cross-referenced with Volume 1
- New appendixes
Product information is:
Table of Contents
Errata
Google Book Preview

Back cover features visualized virtual process memory generated from a memory dump of colorimetric computer memory dating sample using Dump2Picture.
The following direct links can be used to pre-order the book now:
This is a forthcoming reference book for technical support and escalation engineers troubleshooting and debugging complex software issues. The book is also invaluable for software maintenance and development engineers debugging unmanaged, managed and native code.
Draft Table of Contents
Draft Sample Chapter

The following direct links can be used to pre-order the book now:
This is a must have book for system administrators of complex Windows server platforms and client workstations to understand and choose the best course of action to address system and application crashes, hangs, CPU spikes and memory leaks. It is also invaluable to general Windows users and technical support engineers.


Featured in the forthcoming book: DebugWare: The Art and Craft of Writing Troubleshooting and Debugging Tools
Memory Analysis and Debugging Institute develops x86/x64-based certification tracks for Windows and Unix (including Linux / FreeBSD / Mac OS X).
Each track consists of 3 exams, each having its own set of requirements and scope:

The initiative is supported by OpenTask.
This is a forthcoming book about architecture, design and implementation of troubleshooting and debugging tools for software technical support. Preliminary information is:
Front cover:

The following direct links can be used to order the book now:
DLL is also a recursive acronym for DLL List Landscape. This full color book features magnificent images from process user space generated by Dump2Picture:

Finally Dr. Debugalov adventures are imprinted with bugs inside. The full-color book also features never published before cartoons and a few surprises. It sets a new standard for entertainment in software engineering.
The following direct links can be used to order the book now:
