第1页 / 共371页
第2页 / 共371页
第3页 / 共371页
第4页 / 共371页
第5页 / 共371页
第6页 / 共371页
第7页 / 共371页
第8页 / 共371页
Advanced Windows Memory Dump Analysis with Data Structures(3rd) ....pdf
Cover
Copyright
Contents
About the Author
Introduction
Prerequisites
Training Goals
Training Principles
Links
Exercise 0
Complete Memory Dumps
Exercise C1
Exercise C2
Exercise C3
Linked List
_LIST_ENTRY
Linked Data Structures
Exercise C4A
Exercise C4B
Exercise C5
Exercise C6
Exercise C7
Exercise C8
Exercise C9
Device Driver
Device Driver Example
Devices
I/O Manager
Big Picture
IRP Communication
Exercise C10
Exercise C11
Pattern Links
Pattern Case Studies
Resources
Going Further
Legacy Exercises
Exercise Legacy.0
Exercise Legacy.C1
Exercise Legacy.C2
Exercise Legacy.C3
Exercise Legacy.C4
Exercise Legacy.C5
Exercise Legacy.C6
Exercise Legacy.C7
Exercise Legacy.C8
Exercise Legacy.C9
Selected Q&A
7
Published by OpenTask, Republic of Ireland
Copyright © 2017 by OpenTask
Copyright © 2017 by Software Diagnostics Services
Copyright © 2017 by Dmitry Vostokov
All rights reserved. No part of this book may be reproduced, stored in a retrieval system, or
transmitted, in any form or by any means, without the prior written permission of the
publisher.
You must not circulate this book in any other binding or cover, and you must impose the same
condition on any acquirer.
Product and company names mentioned in this book may be trademarks of their owners.
OpenTask books and magazines are available through booksellers and distributors worldwide.
For further information or comments send requests to press@opentask.com.
A CIP catalog record for this book is available from the British Library.
ISBN-l3: 978-1-908043-84-9 (Paperback)
Version 3, 2017
Revision 3.01 (June 2017)
2
Contents
About the Author ........................................................................................................................................................... 5
Presentation Slides and Transcript ................................................................................................................................. 7
Practice Exercises ......................................................................................................................................................... 13
Exercise 0: Download, setup and verify your WinDbg installation ............................................................................ 18
Exercise C1: Stack Trace Collection (64-bit) .............................................................................................................. 25
Exercise C2: Memory Search (64-bit) ........................................................................................................................ 66
Exercise C3: Linked Lists (64-bit) ............................................................................................................................... 80
Exercise C4A: WinDbg Built-in Scripting (64-bit) ..................................................................................................... 133
Exercise C4B: WinDbg JavaScript Scripting (64-bit) ................................................................................................ 151
Exercise C5: Registry (64-bit) .................................................................................................................................. 167
Exercise C6: Module Variables (64-bit) ................................................................................................................... 176
Exercise C7: System Objects (64-bit) ...................................................................................................................... 181
Exercise C8: Network (64-bit) ................................................................................................................................. 191
Exercise C9: Device Drivers (64-bit) ........................................................................................................................ 205
Exercise C10: Storage and File System (64-bit) ....................................................................................................... 221
Exercise C11: Window Messaging (64-bit) .............................................................................................................. 226
Legacy Exercises ......................................................................................................................................................... 239
Exercise Legacy.0: Download, setup and verify your WinDbg installation .............................................................. 241
Exercise Legacy.C1: Stack Trace Collection (64-bit) ................................................................................................ 246
Exercise Legacy.C2: Memory Search (64-bit) .......................................................................................................... 271
Exercise Legacy.C3: Linked Lists (64-bit) ................................................................................................................. 282
Exercise Legacy.C4: Scripting (64-bit) ..................................................................................................................... 311
Exercise Legacy.C5: Registry (64-bit) ...................................................................................................................... 328
Exercise Legacy.C6: Module Variables (64-bit) ....................................................................................................... 336
Exercise Legacy.C7: System Objects (64-bit) ........................................................................................................... 340
Exercise Legacy.C8: Network (64-bit) ..................................................................................................................... 346
Exercise Legacy.C9: Device Drivers (64-bit) ............................................................................................................ 354
Selected Q&A ............................................................................................................................................................. 365
3
4
About the Author
5
Institute
Dmitry Vostokov is an internationally recognized expert, speaker,
educator, scientist, and author. He is the founder of pattern-oriented
software diagnostics, forensics and prognostics discipline, and
Software Diagnostics
(DA+TA: DumpAnalysis.org +
TraceAnalysis.org). Vostokov has also authored more than 30 books
on software diagnostics, forensics and problem-solving, memory
dump analysis, debugging, software trace and log analysis, reverse
engineering, and malware analysis. He has more than 20 years of
experience in software architecture, design, development, and
maintenance in a variety of industries including leadership, technical
and people management roles. Dmitry also founded DiaThings, Logtellect, OpenTask Iterative and
Incremental Publishing (OpenTask.com), Software Diagnostics Services (former Memory Dump
Analysis Services) PatternDiagnostics.com and Software Prognostics. In his spare time, he presents
various topics on Debugging.TV and explores Software Narratology, an applied science of software
stories that he pioneered, and its further development as Narratology of Things and Diagnostics of
Things (DoT). His current area of interest is theoretical software diagnostics and its mathematical
foundations.
6
Presentation Slides and Transcript
7
Hello Everyone, my name is Dmitry Vostokov, and I teach this course.
8
相关推荐
2023年江西萍乡中考道德与法治真题及答案.doc
2012年重庆南川中考生物真题及答案.doc
2013年江西师范大学地理学综合及文艺理论基础考研真题.doc
2020年四川甘孜小升初语文真题及答案I卷.doc
2020年注册岩土工程师专业基础考试真题及答案.doc
2023-2024学年福建省厦门市九年级上学期数学月考试题及答案.doc
2021-2022学年辽宁省沈阳市大东区九年级上学期语文期末试题及答案.doc
2022-2023学年北京东城区初三第一学期物理期末试卷及答案.doc
2018上半年江西教师资格初中地理学科知识与教学能力真题及答案.doc
2012年河北国家公务员申论考试真题及答案-省级.doc
2020-2021学年江苏省扬州市江都区邵樊片九年级上学期数学第一次质量检测试题及答案.doc
2022下半年黑龙江教师资格证中学综合素质真题及答案.doc
