SlideShare ist ein Scribd-Unternehmen logo

Accelerated .NET Memory Dump Analysis training public slides

Dmitry Vostokov
Dmitry Vostokov

This document provides an overview and training materials for analyzing .NET memory dumps. The training goals are to review fundamentals, learn how to analyze process dumps, learn necessary WinDbg commands in context, and cover CLR 4 on x86 and x64. The training covers fundamentals of memory spaces, user/managed space, types/assemblies/modules, process threads, and provides examples of stack traces and commands. It also outlines practice exercises analyzing different memory dumps to diagnose issues like exceptions, deadlocks, leaks and corruption.

Software
1 von 37
Downloaden Sie, um offline zu lesen
.NET Memory Dump Analysis Dmitry Vostokov Software Diagnostics Services Version 3.0
Prerequisites Basic .NET programming and debugging WinDbg Commands We use these boxes to introduce some WinDbg commands used in practice exercises © 2018 Software Diagnostics Services
Training Goals  Review fundamentals  Learn how to analyze process dumps  Learn necessary commands in context  Cover CLR 4 (x86 and x64) © 2018 Software Diagnostics Services
Training Principles  Talk only about what I can show  Lots of pictures  Lots of examples  Original content and examples © 2018 Software Diagnostics Services
Part 1: Fundamentals © 2018 Software Diagnostics Services
Memory Space (x86) Kernel Space User Space FFFFFFFF 80000000 7FFFFFFF 00000000 © 2018 Software Diagnostics Services
Memory Space (x64) © 2018 Software Diagnostics Services Kernel Space User Space FFFFFFFF`FFFFFFFF FFFF8000`00000000 00007FFF`FFFFFFFF 00000000`00000000
User / Managed Space WinDbg Commands lmv command lists all loaded modules (EXE and DLLs) © 2018 Software Diagnostics Services User Space (PID e364) 00000000`00000000 00007fff`ffffffff LINQPad kernel32 CLR ntdll
Types/Assemblies/Modules WinDbg Commands lmv command lists all loaded modules (EXE and DLLs) !IP2MD command shows type method and module address !DumpModule command shows module name Types Assembly Modules 1..* © 2018 Software Diagnostics Services
Process Threads WinDbg Commands .load <a path to SOS> Loads SOS WinDbg extension ~<n>s command switches between threads k command shows unmanaged stack trace !Threads command shows managed threads !CLRStack command shows managed stack trace © 2018 Software Diagnostics Services User Space (PID e364) 00000000`00000000 00007fff`ffffffff LINQPad kernel32 CLR ntdll JIT code
Example 0:000> k # Child-SP RetAddr Call Site 00 000000dc`219be178 00007ffb`41ddddb8 win32u!NtUserWaitMessage+0x14 01 000000dc`219be180 00007ffb`41d71535 System_Windows_Forms_ni+0x2cddb8 02 000000dc`219be230 00007ffb`41d70c88 System_Windows_Forms_ni+0x261535 03 000000dc`219be330 00007ffb`41d70a8f System_Windows_Forms_ni+0x260c88 04 000000dc`219be3d0 00007ffb`12f4dbc0 System_Windows_Forms_ni+0x260a8f 05 000000dc`219be430 00007ffb`12f45a94 0x00007ffb`12f4dbc0 06 000000dc`219be5e0 00007ffb`12f41c9d 0x00007ffb`12f45a94 07 000000dc`219bed20 00007ffb`12f420b6 0x00007ffb`12f41c9d 08 000000dc`219bee00 00007ffb`12f406e4 0x00007ffb`12f420b6 09 000000dc`219bee30 00007ffb`724d5863 0x00007ffb`12f406e4 0a 000000dc`219bef20 00007ffb`724d5702 clr!CallDescrWorkerInternal+0x83 0b 000000dc`219bef60 00007ffb`724d5e05 clr!CallDescrWorkerWithHandler+0x4e 0c 000000dc`219befa0 00007ffb`72633598 clr!MethodDescCallSite::CallTargetWorker+0xf8 0d 000000dc`219bf0a0 00007ffb`72633ede clr!RunMain+0x1e7 0e 000000dc`219bf280 00007ffb`72633d9d clr!Assembly::ExecuteMainMethod+0xb6 0f 000000dc`219bf570 00007ffb`72633750 clr!SystemDomain::ExecuteMainMethod+0x639 10 000000dc`219bfb90 00007ffb`726336ce clr!ExecuteEXE+0x3f 11 000000dc`219bfc00 00007ffb`72634234 clr!_CorExeMainInternal+0xb2 12 000000dc`219bfc90 00007ffb`72ec7a6d clr!CorExeMain+0x14 13 000000dc`219bfcd0 00007ffb`7303a44c mscoreei!CorExeMain+0x112 14 000000dc`219bfd30 00007ffb`85591fe4 MSCOREE!CorExeMain_Exported+0x6c 15 000000dc`219bfd60 00007ffb`8797f061 KERNEL32!BaseThreadInitThunk+0x14 16 000000dc`219bfd90 00000000`00000000 ntdll!RtlUserThreadStart+0x21 0:000> !IP2MD 0x00007ffb`12f45a94 MethodDesc: 00007ffb12f81c40 Method Name: LINQPad.Program.Go(System.String[]) Class: 00007ffb12f322e0 MethodTable: 00007ffb12f81e10 mdToken: 0000000006000579 Module: 00007ffb12dc4110 IsJitted: yes CodeAddr: 00007ffb12f436f0 Transparency: Critical 0:000> !DumpModule 00007ffb12dc4110 Name: C:Program FilesLINQPad5LINQPad.exe Attributes: PEFile Assembly: 000001f80c3cf620 LoaderHeap: 0000000000000000 TypeDefToMethodTableMap: 00007ffb12ed0020 TypeRefToMethodTableMap: 00007ffb12ed3a88 MethodDefToDescMap: 00007ffb12ed7000 FieldDefToDescMap: 00007ffb12eefcc8 MemberRefToDescMap: 0000000000000000 FileReferencesMap: 00007ffb12f036c8 AssemblyReferencesMap: 00007ffb12f036d0 MetaData start address: 000001f808cffb04 (1498300 bytes) © 2018 Software Diagnostics Services
Thread Stack Raw Data WinDbg Commands Get stack range: !teb Dump raw data: dc / dps / dpp / dpa / dpu Dump managed references: !DumpStackObjects © 2018 Software Diagnostics Services User Space (PID e364) 00000000`00000000 00007fff`ffffffff LINQPad kernel32 CLR ntdll JIT code User Stack for TID 102 Managed Heap
Pattern-Oriented Diagnostic Analysis Information Collection (Scripts) Information Extraction (Checklists) Problem Identification (Patterns) Problem Resolution Troubleshooting Suggestions Debugging Strategy Diagnostic Pattern: a common recurrent identifiable problem together with a set of recommendations and possible solutions to apply in a specific context. Diagnostic Analysis Pattern: a common recurrent analysis technique and method of diagnostic pattern identification in a specific context. Diagnostic Problem: a set of indicators (symptoms, signs) describing a problem. Diagnostics Pattern Language: common names of diagnostic and diagnostic analysis patterns. The same language for any operating system: Windows, Mac OS X, Linux, ... © 2018 Software Diagnostics Services Checklist: http://www.dumpanalysis.org/windows-memory-analysis-checklist
Part 2: Practice Exercises © 2018 Software Diagnostics Services
Links  Memory Dumps: Not available in preview version  Exercise Transcripts: Not available in preview version © 2018 Software Diagnostics Services
Exercise 0  Goal: Install Debugging Tools for Windows and learn how to set up symbols correctly  Patterns: Incorrect Stack Trace  Commands: .symfix, .reload, k  ANETMDA-DumpsExercise-0-Download-Setup-WinDbg.pdf © 2018 Software Diagnostics Services
Process Memory Dumps Exercises PN1 – PN12 © 2018 Software Diagnostics Services
Modeling with LINQPad http://www.linqpad.net/ © 2018 Software Diagnostics Services
Exercise PN1  Goal: Learn how to load the correct .NET SOS WinDbg extension and analyze managed space  Patterns: Stack Trace Collection; CLR Thread; Version- Specific Extension; Software Exception; Exception Stack Trace; Managed Code Exception; Managed Stack Trace  Commands: .logopen, .symfix, .reload, ~*k, .load, !pe, ~*e, lmv, .chain, .unload, !analyze -v, !CLRStack, .logclose  ANETMDA-DumpsExercise-PN1-Analysis-process-dump- ApplicationA.pdf © 2018 Software Diagnostics Services
Exercise PN2  Goal: Compare 64-bit process memory dump from exercise PN1 with 32-bit process memory dump  Patterns: Platform-Specific Debugger  ANETMDA-DumpsExercise-PN2-Analysis-process-dump- ApplicationA-32.pdf © 2018 Software Diagnostics Services
Exercise PN3  Goal: Learn how to find problem assemblies, modules, classes and methods, disassemble code, analyze CPU spikes  Patterns: Active Thread; Technology-Specific Subtrace; JIT Code; Spiking Thread; Annotated Disassembly  Commands: !analyze -v -hang, !IP2MD, !runaway, .prompt_allow, ~<>s, ~<>k, !U, !DumpMD, !DumpClass, !DumpMT, !DumpModule, !DumpAssembly, !DumpDomain  ANETMDA-DumpsExercise-PN3-Analysis-process-dump- LINQPadB.pdf © 2018 Software Diagnostics Services
Exercise PN4  Goal: Compare 64-bit process memory dump from exercise PN3 with 32-bit process memory dump  ANETMDA-DumpsExercise-PN4-Analysis-process-dump- LINQPadB-32.pdf © 2018 Software Diagnostics Services
Exercise PN5  Goal: Learn how to recognize and analyze deadlocks using SOS(EX), execution residue, handled exceptions, dump object references  Patterns: Special Thread; Wait Chain; Deadlock; Execution Residue (user space); Hidden Exception (user space); Coincidental Symbolic Information; Caller-n-Callee  Commands: ~*kL, !Threads, !syncblk, !DumpObj, ub, dp, !dlk, !DumpStack, !teb, dpS  ANETMDA-DumpsExercise-PN5-Analysis-process-dump- LINQPadC.pdf © 2018 Software Diagnostics Services
Deadlock © 2018 Software Diagnostics Services Object 000001f498185fe8 Object 000001f498186028 Thread #12 Thread #12 (owns) Thread #11 Thread #11 (owns) Thread #12 (waiting) Thread #11 (waiting)
Exercise PN6  Goal: Compare 64-bit process memory dump from exercise PN5 with 32-bit process memory dump  Patterns: Execution Residue (managed space); Hidden Exception (managed space), Handled Exception  Commands: !DumpStackObjects  ANETMDA-DumpsExercise-PN6-Analysis-process-dump- LINQPadC-32.pdf © 2018 Software Diagnostics Services
Deadlock (x86) © 2018 Software Diagnostics Services
Exercise PN7  Goal: Learn how to analyze multiple managed exceptions  Patterns: Managed Stack Trace Collection; Multiple Exceptions; Nested Exceptions; NULL Pointer  ANETMDA-DumpsExercise-PN7-Analysis-process-dump- ApplicationD.pdf © 2018 Software Diagnostics Services
Exercise PN8  Goal: Compare 64-bit process memory dump from exercise PN7 with 32-bit process memory dump  ANETMDA-DumpsExercise-PN8-Analysis-process-dump- ApplicationD-32.pdf © 2018 Software Diagnostics Services
Exercise PN9  Goal: Learn how to diagnose heap and handle leaks  Patterns: Handle Leak; Memory Leak  Commands: !heap, !address, !DumpHeap, ?, !eeheap, !GCHandles, !FinalizeQueue, !handle, .cxr  ANETMDA-DumpsExercise-PN9-Analysis-process-dump- LINQPadD.pdf © 2018 Software Diagnostics Services
Exercise PN10  Goal: Compare 64-bit process memory dump from exercise PN9 with 32-bit process memory dump  ANETMDA-DumpsExercise-PN9-Analysis-process-dump- LINQPadD-32.pdf © 2018 Software Diagnostics Services
Exercise PN11  Goal: Learn how to recognize and analyze heap corruption  Patterns: Invalid Pointer; Regular Data; Managed Heap Corruption  Commands: .formats, !VerifyHeap  ANETMDA-DumpsExercise-PN11-Analysis-process-dump- LINQPadE.pdf © 2018 Software Diagnostics Services
Exercise PN12  Goal: Compare 64-bit process memory dump from exercise PN11 with 32-bit process memory dump  ANETMDA-DumpsExercise-PN12-Analysis-process-dump- LINQPadE-32.pdf © 2018 Software Diagnostics Services
Pattern Links CLR Thread Deadlock Managed Code Exception Duplicate Extension Nested Exceptions Stack Trace Collection Mixed Exception Dynamic Memory Corruption Memory Leak Special Thread JIT Code Execution Residue Managed Stack Trace Handled Exception Multiple Exceptions Annotated Disassembly Version-Specific Extension Technology-Specific Subtrace Caller-n-Callee Wait Chain Hidden Exception Object Distribution Anomaly Incorrect Stack Trace Execution Residue NULL Pointer Handle Leak Exception Stack Trace Software Exception Platform-Specific Debugger Spiking Thread Hidden Exception Regular Data Coincidental Symbolic Information © 2018 Software Diagnostics Services CLR-related and managed Unmanaged user space
SOS Checklist  CLR module and SOS extension versions (lmv and .chain)  Managed exceptions (~*e !pe -nested)  Managed threads (!Threads -special)  Managed stack traces (~*e !CLRStack)  Managed execution residue (~*e !DumpStackObjects)  Managed heap (!VerifyHeap, !DumpHeap -stat and !eeheap -gc)  GC handles (!GCHandles)  Finalizer queue (!FinalizeQueue)  Sync blocks (!syncblk) © 2018 Software Diagnostics Services
Resources  WinDbg Help / WinDbg.org (quick links) / DumpAnalysis.org  C# 7.0 Pocket Reference  CLR via C#, Fourth Edition  Advanced .NET Debugging  Debugging Microsoft .NET 2.0 Applications  Shared Source CLI 2.0 Internals  Accelerated Windows Memory Dump Analysis, 4th edition  Memory Dump Analysis Anthology (Volumes 1 – 10) © 2018 Software Diagnostics Services
Q&A Please send your feedback using the contact form on PatternDiagnostics.com © 2018 Software Diagnostics Services
Thank you for attendance! © 2018 Software Diagnostics Services

Empfohlen

Accelerated Windows Debugging 3 training public slides
Accelerated Windows Debugging 3 training public slidesAccelerated Windows Debugging 3 training public slides
Accelerated Windows Debugging 3 training public slidesDmitry Vostokov
 
Accelerated Linux Core Dump Analysis training public slides
Accelerated Linux Core Dump Analysis training public slidesAccelerated Linux Core Dump Analysis training public slides
Accelerated Linux Core Dump Analysis training public slidesDmitry Vostokov
 
Mod06 new development tools
Mod06 new development toolsMod06 new development tools
Mod06 new development toolsPeter Haase
 
PVS-Studio. Static code analyzer. Windows/Linux, C/C++/C#. 2017
PVS-Studio. Static code analyzer. Windows/Linux, C/C++/C#. 2017PVS-Studio. Static code analyzer. Windows/Linux, C/C++/C#. 2017
PVS-Studio. Static code analyzer. Windows/Linux, C/C++/C#. 2017Andrey Karpov
 
PVS-Studio is ready to improve the code of Tizen operating system
PVS-Studio is ready to improve the code of Tizen operating systemPVS-Studio is ready to improve the code of Tizen operating system
PVS-Studio is ready to improve the code of Tizen operating systemAndrey Karpov
 
Accelerated Mac OS X Core Dump Analysis training public slides
Accelerated Mac OS X Core Dump Analysis training public slidesAccelerated Mac OS X Core Dump Analysis training public slides
Accelerated Mac OS X Core Dump Analysis training public slidesDmitry Vostokov
 
Static Code Analysis for Projects, Built on Unreal Engine
Static Code Analysis for Projects, Built on Unreal EngineStatic Code Analysis for Projects, Built on Unreal Engine
Static Code Analysis for Projects, Built on Unreal EngineAndrey Karpov
 
MASTER-CLASS: "CODE COVERAGE ON Μ-CONTROLLER" Sebastian Götzinger
MASTER-CLASS: "CODE COVERAGE ON Μ-CONTROLLER" Sebastian GötzingerMASTER-CLASS: "CODE COVERAGE ON Μ-CONTROLLER" Sebastian Götzinger
MASTER-CLASS: "CODE COVERAGE ON Μ-CONTROLLER" Sebastian GötzingerIevgenii Katsan
 

Empfohlen

Accelerated Windows Debugging 3 training public slides
Accelerated Windows Debugging 3 training public slidesAccelerated Windows Debugging 3 training public slides
Accelerated Windows Debugging 3 training public slidesDmitry Vostokov
 
Accelerated Linux Core Dump Analysis training public slides
Accelerated Linux Core Dump Analysis training public slidesAccelerated Linux Core Dump Analysis training public slides
Accelerated Linux Core Dump Analysis training public slidesDmitry Vostokov
 
Mod06 new development tools
Mod06 new development toolsMod06 new development tools
Mod06 new development toolsPeter Haase
 
PVS-Studio. Static code analyzer. Windows/Linux, C/C++/C#. 2017
PVS-Studio. Static code analyzer. Windows/Linux, C/C++/C#. 2017PVS-Studio. Static code analyzer. Windows/Linux, C/C++/C#. 2017
PVS-Studio. Static code analyzer. Windows/Linux, C/C++/C#. 2017Andrey Karpov
 
PVS-Studio is ready to improve the code of Tizen operating system
PVS-Studio is ready to improve the code of Tizen operating systemPVS-Studio is ready to improve the code of Tizen operating system
PVS-Studio is ready to improve the code of Tizen operating systemAndrey Karpov
 
Accelerated Mac OS X Core Dump Analysis training public slides
Accelerated Mac OS X Core Dump Analysis training public slidesAccelerated Mac OS X Core Dump Analysis training public slides
Accelerated Mac OS X Core Dump Analysis training public slidesDmitry Vostokov
 
Static Code Analysis for Projects, Built on Unreal Engine
Static Code Analysis for Projects, Built on Unreal EngineStatic Code Analysis for Projects, Built on Unreal Engine
Static Code Analysis for Projects, Built on Unreal EngineAndrey Karpov
 
MASTER-CLASS: "CODE COVERAGE ON Μ-CONTROLLER" Sebastian Götzinger
MASTER-CLASS: "CODE COVERAGE ON Μ-CONTROLLER" Sebastian GötzingerMASTER-CLASS: "CODE COVERAGE ON Μ-CONTROLLER" Sebastian Götzinger
MASTER-CLASS: "CODE COVERAGE ON Μ-CONTROLLER" Sebastian GötzingerIevgenii Katsan
 
C++ Code as Seen by a Hypercritical Reviewer
C++ Code as Seen by a Hypercritical ReviewerC++ Code as Seen by a Hypercritical Reviewer
C++ Code as Seen by a Hypercritical ReviewerAndrey Karpov
 
ICPC08b.ppt
ICPC08b.pptICPC08b.ppt
ICPC08b.pptPtidej Team
 
Better Code: Concurrency
Better Code: ConcurrencyBetter Code: Concurrency
Better Code: ConcurrencyPlatonov Sergey
 
What has to be paid attention when reviewing code of the library you develop
What has to be paid attention when reviewing code of the library you developWhat has to be paid attention when reviewing code of the library you develop
What has to be paid attention when reviewing code of the library you developAndrey Karpov
 
PVS-Studio advertisement - static analysis of C/C++ code
PVS-Studio advertisement - static analysis of C/C++ codePVS-Studio advertisement - static analysis of C/C++ code
PVS-Studio advertisement - static analysis of C/C++ codeAndrey Karpov
 
Best Bugs from Games: Fellow Programmers' Mistakes
Best Bugs from Games: Fellow Programmers' MistakesBest Bugs from Games: Fellow Programmers' Mistakes
Best Bugs from Games: Fellow Programmers' MistakesAndrey Karpov
 
Zone IDA Proc
Zone IDA ProcZone IDA Proc
Zone IDA ProcTzung-Bi Shih
 
Improving Java performance at JBCNConf 2015
Improving Java performance at JBCNConf 2015Improving Java performance at JBCNConf 2015
Improving Java performance at JBCNConf 2015Raimon Ràfols
 
Static analysis: looking for errors ... and vulnerabilities?
Static analysis: looking for errors ... and vulnerabilities? Static analysis: looking for errors ... and vulnerabilities?
Static analysis: looking for errors ... and vulnerabilities? Andrey Karpov
 
HKG15-207: Advanced Toolchain Usage Part 3
HKG15-207: Advanced Toolchain Usage Part 3HKG15-207: Advanced Toolchain Usage Part 3
HKG15-207: Advanced Toolchain Usage Part 3Linaro
 
Safety on the Max: How to Write Reliable C/C++ Code for Embedded Systems
Safety on the Max: How to Write Reliable C/C++ Code for Embedded SystemsSafety on the Max: How to Write Reliable C/C++ Code for Embedded Systems
Safety on the Max: How to Write Reliable C/C++ Code for Embedded SystemsAndrey Karpov
 
UGC-NET, GATE and all IT Companies Interview C++ Solved Questions PART - 2
UGC-NET, GATE and all IT Companies Interview C++ Solved Questions PART - 2UGC-NET, GATE and all IT Companies Interview C++ Solved Questions PART - 2
UGC-NET, GATE and all IT Companies Interview C++ Solved Questions PART - 2Knowledge Center Computer
 
An Embedded Error Recovery and Debugging Mechanism for Scripting Language Ext...
An Embedded Error Recovery and Debugging Mechanism for Scripting Language Ext...An Embedded Error Recovery and Debugging Mechanism for Scripting Language Ext...
An Embedded Error Recovery and Debugging Mechanism for Scripting Language Ext...David Beazley (Dabeaz LLC)
 
Part - 2 Cpp programming Solved MCQ
Part - 2 Cpp programming Solved MCQ Part - 2 Cpp programming Solved MCQ
Part - 2 Cpp programming Solved MCQ Knowledge Center Computer
 
Global Interpreter Lock: Episode I - Break the Seal
Global Interpreter Lock: Episode I - Break the SealGlobal Interpreter Lock: Episode I - Break the Seal
Global Interpreter Lock: Episode I - Break the SealTzung-Bi Shih
 
PVS-Studio features overview (2020)
PVS-Studio features overview (2020)PVS-Studio features overview (2020)
PVS-Studio features overview (2020)Andrey Karpov
 
Joel Falcou, Boost.SIMD
Joel Falcou, Boost.SIMDJoel Falcou, Boost.SIMD
Joel Falcou, Boost.SIMDSergey Platonov
 
Рахманов Александр "Что полезного в разборе дампов для .NET-разработчиков?"
Рахманов Александр "Что полезного в разборе дампов для .NET-разработчиков?"Рахманов Александр "Что полезного в разборе дампов для .NET-разработчиков?"
Рахманов Александр "Что полезного в разборе дампов для .NET-разработчиков?"Yulia Tsisyk
 
Digital System Design Lab Report - VHDL ECE
Digital System Design Lab Report - VHDL ECEDigital System Design Lab Report - VHDL ECE
Digital System Design Lab Report - VHDL ECERamesh Naik Bhukya
 
Address/Thread/Memory Sanitizer
Address/Thread/Memory SanitizerAddress/Thread/Memory Sanitizer
Address/Thread/Memory SanitizerPlatonov Sergey
 
Accelerated Windows Memory Dump Analysis
Accelerated Windows Memory Dump AnalysisAccelerated Windows Memory Dump Analysis
Accelerated Windows Memory Dump AnalysisDmitry Vostokov
 
Accelerated Windows Malware Analysis with Memory Dumps
Accelerated Windows Malware Analysis with Memory DumpsAccelerated Windows Malware Analysis with Memory Dumps
Accelerated Windows Malware Analysis with Memory DumpsDmitry Vostokov
 

Weitere ähnliche Inhalte

Was ist angesagt?

C++ Code as Seen by a Hypercritical Reviewer
C++ Code as Seen by a Hypercritical ReviewerC++ Code as Seen by a Hypercritical Reviewer
C++ Code as Seen by a Hypercritical ReviewerAndrey Karpov
 
Better Code: Concurrency
Better Code: ConcurrencyBetter Code: Concurrency
Better Code: ConcurrencyPlatonov Sergey
 
What has to be paid attention when reviewing code of the library you develop
What has to be paid attention when reviewing code of the library you developWhat has to be paid attention when reviewing code of the library you develop
What has to be paid attention when reviewing code of the library you developAndrey Karpov
 
PVS-Studio advertisement - static analysis of C/C++ code
PVS-Studio advertisement - static analysis of C/C++ codePVS-Studio advertisement - static analysis of C/C++ code
PVS-Studio advertisement - static analysis of C/C++ codeAndrey Karpov
 
Best Bugs from Games: Fellow Programmers' Mistakes
Best Bugs from Games: Fellow Programmers' MistakesBest Bugs from Games: Fellow Programmers' Mistakes
Best Bugs from Games: Fellow Programmers' MistakesAndrey Karpov
 
Improving Java performance at JBCNConf 2015
Improving Java performance at JBCNConf 2015Improving Java performance at JBCNConf 2015
Improving Java performance at JBCNConf 2015Raimon Ràfols
 
Static analysis: looking for errors ... and vulnerabilities?
Static analysis: looking for errors ... and vulnerabilities? Static analysis: looking for errors ... and vulnerabilities?
Static analysis: looking for errors ... and vulnerabilities? Andrey Karpov
 
HKG15-207: Advanced Toolchain Usage Part 3
HKG15-207: Advanced Toolchain Usage Part 3HKG15-207: Advanced Toolchain Usage Part 3
HKG15-207: Advanced Toolchain Usage Part 3Linaro
 
Safety on the Max: How to Write Reliable C/C++ Code for Embedded Systems
Safety on the Max: How to Write Reliable C/C++ Code for Embedded SystemsSafety on the Max: How to Write Reliable C/C++ Code for Embedded Systems
Safety on the Max: How to Write Reliable C/C++ Code for Embedded SystemsAndrey Karpov
 
UGC-NET, GATE and all IT Companies Interview C++ Solved Questions PART - 2
UGC-NET, GATE and all IT Companies Interview C++ Solved Questions PART - 2UGC-NET, GATE and all IT Companies Interview C++ Solved Questions PART - 2
UGC-NET, GATE and all IT Companies Interview C++ Solved Questions PART - 2Knowledge Center Computer
 
An Embedded Error Recovery and Debugging Mechanism for Scripting Language Ext...
An Embedded Error Recovery and Debugging Mechanism for Scripting Language Ext...An Embedded Error Recovery and Debugging Mechanism for Scripting Language Ext...
An Embedded Error Recovery and Debugging Mechanism for Scripting Language Ext...David Beazley (Dabeaz LLC)
 
Global Interpreter Lock: Episode I - Break the Seal
Global Interpreter Lock: Episode I - Break the SealGlobal Interpreter Lock: Episode I - Break the Seal
Global Interpreter Lock: Episode I - Break the SealTzung-Bi Shih
 
PVS-Studio features overview (2020)
PVS-Studio features overview (2020)PVS-Studio features overview (2020)
PVS-Studio features overview (2020)Andrey Karpov
 
Рахманов Александр "Что полезного в разборе дампов для .NET-разработчиков?"
Рахманов Александр "Что полезного в разборе дампов для .NET-разработчиков?"Рахманов Александр "Что полезного в разборе дампов для .NET-разработчиков?"
Рахманов Александр "Что полезного в разборе дампов для .NET-разработчиков?"Yulia Tsisyk
 
Digital System Design Lab Report - VHDL ECE
Digital System Design Lab Report - VHDL ECEDigital System Design Lab Report - VHDL ECE
Digital System Design Lab Report - VHDL ECERamesh Naik Bhukya
 
Address/Thread/Memory Sanitizer
Address/Thread/Memory SanitizerAddress/Thread/Memory Sanitizer
Address/Thread/Memory SanitizerPlatonov Sergey
 

Was ist angesagt? (20)

C++ Code as Seen by a Hypercritical Reviewer
C++ Code as Seen by a Hypercritical ReviewerC++ Code as Seen by a Hypercritical Reviewer
C++ Code as Seen by a Hypercritical Reviewer
 
ICPC08b.ppt
ICPC08b.pptICPC08b.ppt
ICPC08b.ppt
 
Better Code: Concurrency
Better Code: ConcurrencyBetter Code: Concurrency
Better Code: Concurrency
 
What has to be paid attention when reviewing code of the library you develop
What has to be paid attention when reviewing code of the library you developWhat has to be paid attention when reviewing code of the library you develop
What has to be paid attention when reviewing code of the library you develop
 
PVS-Studio advertisement - static analysis of C/C++ code
PVS-Studio advertisement - static analysis of C/C++ codePVS-Studio advertisement - static analysis of C/C++ code
PVS-Studio advertisement - static analysis of C/C++ code
 
Best Bugs from Games: Fellow Programmers' Mistakes
Best Bugs from Games: Fellow Programmers' MistakesBest Bugs from Games: Fellow Programmers' Mistakes
Best Bugs from Games: Fellow Programmers' Mistakes
 
Zone IDA Proc
Zone IDA ProcZone IDA Proc
Zone IDA Proc
 
Improving Java performance at JBCNConf 2015
Improving Java performance at JBCNConf 2015Improving Java performance at JBCNConf 2015
Improving Java performance at JBCNConf 2015
 
Static analysis: looking for errors ... and vulnerabilities?
Static analysis: looking for errors ... and vulnerabilities? Static analysis: looking for errors ... and vulnerabilities?
Static analysis: looking for errors ... and vulnerabilities?
 
HKG15-207: Advanced Toolchain Usage Part 3
HKG15-207: Advanced Toolchain Usage Part 3HKG15-207: Advanced Toolchain Usage Part 3
HKG15-207: Advanced Toolchain Usage Part 3
 
Safety on the Max: How to Write Reliable C/C++ Code for Embedded Systems
Safety on the Max: How to Write Reliable C/C++ Code for Embedded SystemsSafety on the Max: How to Write Reliable C/C++ Code for Embedded Systems
Safety on the Max: How to Write Reliable C/C++ Code for Embedded Systems
 
UGC-NET, GATE and all IT Companies Interview C++ Solved Questions PART - 2
UGC-NET, GATE and all IT Companies Interview C++ Solved Questions PART - 2UGC-NET, GATE and all IT Companies Interview C++ Solved Questions PART - 2
UGC-NET, GATE and all IT Companies Interview C++ Solved Questions PART - 2
 
An Embedded Error Recovery and Debugging Mechanism for Scripting Language Ext...
An Embedded Error Recovery and Debugging Mechanism for Scripting Language Ext...An Embedded Error Recovery and Debugging Mechanism for Scripting Language Ext...
An Embedded Error Recovery and Debugging Mechanism for Scripting Language Ext...
 
Part - 2 Cpp programming Solved MCQ
Part - 2 Cpp programming Solved MCQ Part - 2 Cpp programming Solved MCQ
Part - 2 Cpp programming Solved MCQ
 
Global Interpreter Lock: Episode I - Break the Seal
Global Interpreter Lock: Episode I - Break the SealGlobal Interpreter Lock: Episode I - Break the Seal
Global Interpreter Lock: Episode I - Break the Seal
 
PVS-Studio features overview (2020)
PVS-Studio features overview (2020)PVS-Studio features overview (2020)
PVS-Studio features overview (2020)
 
Joel Falcou, Boost.SIMD
Joel Falcou, Boost.SIMDJoel Falcou, Boost.SIMD
Joel Falcou, Boost.SIMD
 
Рахманов Александр "Что полезного в разборе дампов для .NET-разработчиков?"
Рахманов Александр "Что полезного в разборе дампов для .NET-разработчиков?"Рахманов Александр "Что полезного в разборе дампов для .NET-разработчиков?"
Рахманов Александр "Что полезного в разборе дампов для .NET-разработчиков?"
 
Digital System Design Lab Report - VHDL ECE
Digital System Design Lab Report - VHDL ECEDigital System Design Lab Report - VHDL ECE
Digital System Design Lab Report - VHDL ECE
 
Address/Thread/Memory Sanitizer
Address/Thread/Memory SanitizerAddress/Thread/Memory Sanitizer
Address/Thread/Memory Sanitizer
 

Ähnlich wie Accelerated .NET Memory Dump Analysis training public slides

Accelerated Windows Memory Dump Analysis
Accelerated Windows Memory Dump AnalysisAccelerated Windows Memory Dump Analysis
Accelerated Windows Memory Dump AnalysisDmitry Vostokov
 
Accelerated Windows Malware Analysis with Memory Dumps
Accelerated Windows Malware Analysis with Memory DumpsAccelerated Windows Malware Analysis with Memory Dumps
Accelerated Windows Malware Analysis with Memory DumpsDmitry Vostokov
 
Windows内核技术介绍
Windows内核技术介绍Windows内核技术介绍
Windows内核技术介绍jeffz
 
P4 Introduction
P4 Introduction P4 Introduction
P4 Introduction Netronome
 
Troubleshooting .net core on linux
Troubleshooting .net core on linuxTroubleshooting .net core on linux
Troubleshooting .net core on linuxPavel Klimiankou
 
[2007 CodeEngn Conference 01] dual5651 - Windows 커널단의 후킹
[2007 CodeEngn Conference 01] dual5651 - Windows 커널단의 후킹[2007 CodeEngn Conference 01] dual5651 - Windows 커널단의 후킹
[2007 CodeEngn Conference 01] dual5651 - Windows 커널단의 후킹GangSeok Lee
 
Fundamentals of Physical Memory Analysis
Fundamentals of Physical Memory AnalysisFundamentals of Physical Memory Analysis
Fundamentals of Physical Memory AnalysisDmitry Vostokov
 
HKG18-TR14 - Postmortem Debugging with Coresight
HKG18-TR14 - Postmortem Debugging with CoresightHKG18-TR14 - Postmortem Debugging with Coresight
HKG18-TR14 - Postmortem Debugging with CoresightLinaro
 
Windbg랑 친해지기
Windbg랑 친해지기Windbg랑 친해지기
Windbg랑 친해지기Ji Hun Kim
 
Linux kernel tracing superpowers in the cloud
Linux kernel tracing superpowers in the cloudLinux kernel tracing superpowers in the cloud
Linux kernel tracing superpowers in the cloudAndrea Righi
 
Formbook - In-depth malware analysis (Botconf 2018)
Formbook - In-depth malware analysis (Botconf 2018)Formbook - In-depth malware analysis (Botconf 2018)
Formbook - In-depth malware analysis (Botconf 2018)Rémi Jullian
 
So You Want To Write Your Own Benchmark
So You Want To Write Your Own BenchmarkSo You Want To Write Your Own Benchmark
So You Want To Write Your Own BenchmarkDror Bereznitsky
 
[CB19] MalConfScan with Cuckoo: Automatic Malware Configuration Extraction Sy...
[CB19] MalConfScan with Cuckoo: Automatic Malware Configuration Extraction Sy...[CB19] MalConfScan with Cuckoo: Automatic Malware Configuration Extraction Sy...
[CB19] MalConfScan with Cuckoo: Automatic Malware Configuration Extraction Sy...CODE BLUE
 
Debugging linux kernel tools and techniques
Debugging linux kernel tools and techniquesDebugging linux kernel tools and techniques
Debugging linux kernel tools and techniquesSatpal Parmar
 
Overlay Technique | Pebble Developer Retreat 2014
Overlay Technique | Pebble Developer Retreat 2014Overlay Technique | Pebble Developer Retreat 2014
Overlay Technique | Pebble Developer Retreat 2014Pebble Technology
 
Com 135 final project user manual
Com 135 final project user manualCom 135 final project user manual
Com 135 final project user manualbiasimistfur1984
 
Crash dump analysis - experience sharing
Crash dump analysis - experience sharingCrash dump analysis - experience sharing
Crash dump analysis - experience sharingJames Hsieh
 
Перехват функций (хуки) под Windows в приложениях с помощью C/C++
Перехват функций (хуки) под Windows в приложениях с помощью C/C++Перехват функций (хуки) под Windows в приложениях с помощью C/C++
Перехват функций (хуки) под Windows в приложениях с помощью C/C++corehard_by
 

Ähnlich wie Accelerated .NET Memory Dump Analysis training public slides (20)

Accelerated Windows Memory Dump Analysis
Accelerated Windows Memory Dump AnalysisAccelerated Windows Memory Dump Analysis
Accelerated Windows Memory Dump Analysis
 
Accelerated Windows Malware Analysis with Memory Dumps
Accelerated Windows Malware Analysis with Memory DumpsAccelerated Windows Malware Analysis with Memory Dumps
Accelerated Windows Malware Analysis with Memory Dumps
 
Windows内核技术介绍
Windows内核技术介绍Windows内核技术介绍
Windows内核技术介绍
 
P4 Introduction
P4 Introduction P4 Introduction
P4 Introduction
 
Troubleshooting .net core on linux
Troubleshooting .net core on linuxTroubleshooting .net core on linux
Troubleshooting .net core on linux
 
[2007 CodeEngn Conference 01] dual5651 - Windows 커널단의 후킹
[2007 CodeEngn Conference 01] dual5651 - Windows 커널단의 후킹[2007 CodeEngn Conference 01] dual5651 - Windows 커널단의 후킹
[2007 CodeEngn Conference 01] dual5651 - Windows 커널단의 후킹
 
Fundamentals of Physical Memory Analysis
Fundamentals of Physical Memory AnalysisFundamentals of Physical Memory Analysis
Fundamentals of Physical Memory Analysis
 
HKG18-TR14 - Postmortem Debugging with Coresight
HKG18-TR14 - Postmortem Debugging with CoresightHKG18-TR14 - Postmortem Debugging with Coresight
HKG18-TR14 - Postmortem Debugging with Coresight
 
Windbg랑 친해지기
Windbg랑 친해지기Windbg랑 친해지기
Windbg랑 친해지기
 
Freefixer log
Freefixer logFreefixer log
Freefixer log
 
Linux kernel tracing superpowers in the cloud
Linux kernel tracing superpowers in the cloudLinux kernel tracing superpowers in the cloud
Linux kernel tracing superpowers in the cloud
 
Formbook - In-depth malware analysis (Botconf 2018)
Formbook - In-depth malware analysis (Botconf 2018)Formbook - In-depth malware analysis (Botconf 2018)
Formbook - In-depth malware analysis (Botconf 2018)
 
So You Want To Write Your Own Benchmark
So You Want To Write Your Own BenchmarkSo You Want To Write Your Own Benchmark
So You Want To Write Your Own Benchmark
 
[CB19] MalConfScan with Cuckoo: Automatic Malware Configuration Extraction Sy...
[CB19] MalConfScan with Cuckoo: Automatic Malware Configuration Extraction Sy...[CB19] MalConfScan with Cuckoo: Automatic Malware Configuration Extraction Sy...
[CB19] MalConfScan with Cuckoo: Automatic Malware Configuration Extraction Sy...
 
Debugging linux kernel tools and techniques
Debugging linux kernel tools and techniquesDebugging linux kernel tools and techniques
Debugging linux kernel tools and techniques
 
Overlay Technique | Pebble Developer Retreat 2014
Overlay Technique | Pebble Developer Retreat 2014Overlay Technique | Pebble Developer Retreat 2014
Overlay Technique | Pebble Developer Retreat 2014
 
Com 135 final project user manual
Com 135 final project user manualCom 135 final project user manual
Com 135 final project user manual
 
Debugging 2013- Jesper Brouer
Debugging 2013- Jesper BrouerDebugging 2013- Jesper Brouer
Debugging 2013- Jesper Brouer
 
Crash dump analysis - experience sharing
Crash dump analysis - experience sharingCrash dump analysis - experience sharing
Crash dump analysis - experience sharing
 
Перехват функций (хуки) под Windows в приложениях с помощью C/C++
Перехват функций (хуки) под Windows в приложениях с помощью C/C++Перехват функций (хуки) под Windows в приложениях с помощью C/C++
Перехват функций (хуки) под Windows в приложениях с помощью C/C++
 

Mehr von Dmitry Vostokov

Mehr von Dmitry Vostokov (20)

Debugging TV Frame 0x1C
Debugging TV Frame 0x1CDebugging TV Frame 0x1C
Debugging TV Frame 0x1C
 
Debugging TV Frame 0x1A
Debugging TV Frame 0x1ADebugging TV Frame 0x1A
Debugging TV Frame 0x1A
 
Debugging TV Frame 0x34
Debugging TV Frame 0x34Debugging TV Frame 0x34
Debugging TV Frame 0x34
 
Debugging TV Frame 0x33
Debugging TV Frame 0x33Debugging TV Frame 0x33
Debugging TV Frame 0x33
 
Debugging TV Frame 0x31
Debugging TV Frame 0x31Debugging TV Frame 0x31
Debugging TV Frame 0x31
 
Debugging TV Frame 0x25
Debugging TV Frame 0x25Debugging TV Frame 0x25
Debugging TV Frame 0x25
 
Debugging TV Frame 0x24
Debugging TV Frame 0x24Debugging TV Frame 0x24
Debugging TV Frame 0x24
 
Debugging TV Frame 0x21
Debugging TV Frame 0x21Debugging TV Frame 0x21
Debugging TV Frame 0x21
 
Debugging TV Frame 0x20
Debugging TV Frame 0x20Debugging TV Frame 0x20
Debugging TV Frame 0x20
 
Debugging TV Frame 0x19
Debugging TV Frame 0x19Debugging TV Frame 0x19
Debugging TV Frame 0x19
 
Debugging TV Frame 0x18
Debugging TV Frame 0x18Debugging TV Frame 0x18
Debugging TV Frame 0x18
 
Debugging TV Frame 0x17
Debugging TV Frame 0x17Debugging TV Frame 0x17
Debugging TV Frame 0x17
 
Debugging TV Frame 0x16
Debugging TV Frame 0x16Debugging TV Frame 0x16
Debugging TV Frame 0x16
 
Debugging TV Frame 0x15
Debugging TV Frame 0x15Debugging TV Frame 0x15
Debugging TV Frame 0x15
 
Debugging TV Frame 0x14
Debugging TV Frame 0x14Debugging TV Frame 0x14
Debugging TV Frame 0x14
 
Debugging TV Frame 0x13
Debugging TV Frame 0x13Debugging TV Frame 0x13
Debugging TV Frame 0x13
 
Debugging TV Frame 0x12
Debugging TV Frame 0x12Debugging TV Frame 0x12
Debugging TV Frame 0x12
 
Debugging TV Frame 0x11
Debugging TV Frame 0x11Debugging TV Frame 0x11
Debugging TV Frame 0x11
 
Debugging TV Frame 0x10
Debugging TV Frame 0x10Debugging TV Frame 0x10
Debugging TV Frame 0x10
 
Debugging TV Frame 0x0F
Debugging TV Frame 0x0FDebugging TV Frame 0x0F
Debugging TV Frame 0x0F
 

Kürzlich hochgeladen

The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...ICS
 
HR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.comHR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.comFatema Valibhai
 
introduction-to-automotive Andoid os-csimmonds-ndctechtown-2021.pdf
introduction-to-automotive Andoid os-csimmonds-ndctechtown-2021.pdfintroduction-to-automotive Andoid os-csimmonds-ndctechtown-2021.pdf
introduction-to-automotive Andoid os-csimmonds-ndctechtown-2021.pdfVishalKumarJha10
 
A Secure and Reliable Document Management System is Essential.docx
A Secure and Reliable Document Management System is Essential.docxA Secure and Reliable Document Management System is Essential.docx
A Secure and Reliable Document Management System is Essential.docxComplianceQuest1
 
Unveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time ApplicationsUnveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time ApplicationsAlberto González Trastoy
 
The Ultimate Test Automation Guide_ Best Practices and Tips.pdf
The Ultimate Test Automation Guide_ Best Practices and Tips.pdfThe Ultimate Test Automation Guide_ Best Practices and Tips.pdf
The Ultimate Test Automation Guide_ Best Practices and Tips.pdfkalichargn70th171
 
AI & Machine Learning Presentation Template
AI & Machine Learning Presentation TemplateAI & Machine Learning Presentation Template
AI & Machine Learning Presentation TemplatePresentation.STUDIO
 
Optimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTVOptimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTVshikhaohhpro
 
Exploring the Best Video Editing App.pdf
Exploring the Best Video Editing App.pdfExploring the Best Video Editing App.pdf
Exploring the Best Video Editing App.pdfproinshot.com
 
Introducing Microsoft’s new Enterprise Work Management (EWM) Solution
Introducing Microsoft’s new Enterprise Work Management (EWM) SolutionIntroducing Microsoft’s new Enterprise Work Management (EWM) Solution
Introducing Microsoft’s new Enterprise Work Management (EWM) SolutionOnePlan Solutions
 
Unlocking the Future of AI Agents with Large Language Models
Unlocking the Future of AI Agents with Large Language ModelsUnlocking the Future of AI Agents with Large Language Models
Unlocking the Future of AI Agents with Large Language Modelsaagamshah0812
 
8257 interfacing 2 in microprocessor for btech students
8257 interfacing 2 in microprocessor for btech students8257 interfacing 2 in microprocessor for btech students
8257 interfacing 2 in microprocessor for btech studentsHimanshiGarg82
 
How to Choose the Right Laravel Development Partner in New York City_compress...
How to Choose the Right Laravel Development Partner in New York City_compress...How to Choose the Right Laravel Development Partner in New York City_compress...
How to Choose the Right Laravel Development Partner in New York City_compress...software pro Development
 
Direct Style Effect Systems - The Print[A] Example - A Comprehension Aid
Direct Style Effect Systems - The Print[A] Example - A Comprehension AidDirect Style Effect Systems - The Print[A] Example - A Comprehension Aid
Direct Style Effect Systems - The Print[A] Example - A Comprehension AidPhilip Schwarz
 
The Guide to Integrating Generative AI into Unified Continuous Testing Platfo...
The Guide to Integrating Generative AI into Unified Continuous Testing Platfo...The Guide to Integrating Generative AI into Unified Continuous Testing Platfo...
The Guide to Integrating Generative AI into Unified Continuous Testing Platfo...kalichargn70th171
 
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdfLearn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdfkalichargn70th171
 
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...Steffen Staab
 
How To Troubleshoot Collaboration Apps for the Modern Connected Worker
How To Troubleshoot Collaboration Apps for the Modern Connected WorkerHow To Troubleshoot Collaboration Apps for the Modern Connected Worker
How To Troubleshoot Collaboration Apps for the Modern Connected WorkerThousandEyes
 

Kürzlich hochgeladen (20)

The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
 
CHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
CHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICECHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
CHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
 
HR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.comHR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.com
 
introduction-to-automotive Andoid os-csimmonds-ndctechtown-2021.pdf
introduction-to-automotive Andoid os-csimmonds-ndctechtown-2021.pdfintroduction-to-automotive Andoid os-csimmonds-ndctechtown-2021.pdf
introduction-to-automotive Andoid os-csimmonds-ndctechtown-2021.pdf
 
Vip Call Girls Noida ➡️ Delhi ➡️ 9999965857 No Advance 24HRS Live
Vip Call Girls Noida ➡️ Delhi ➡️ 9999965857 No Advance 24HRS LiveVip Call Girls Noida ➡️ Delhi ➡️ 9999965857 No Advance 24HRS Live
Vip Call Girls Noida ➡️ Delhi ➡️ 9999965857 No Advance 24HRS Live
 
A Secure and Reliable Document Management System is Essential.docx
A Secure and Reliable Document Management System is Essential.docxA Secure and Reliable Document Management System is Essential.docx
A Secure and Reliable Document Management System is Essential.docx
 
Unveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time ApplicationsUnveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
 
The Ultimate Test Automation Guide_ Best Practices and Tips.pdf
The Ultimate Test Automation Guide_ Best Practices and Tips.pdfThe Ultimate Test Automation Guide_ Best Practices and Tips.pdf
The Ultimate Test Automation Guide_ Best Practices and Tips.pdf
 
AI & Machine Learning Presentation Template
AI & Machine Learning Presentation TemplateAI & Machine Learning Presentation Template
AI & Machine Learning Presentation Template
 
Optimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTVOptimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTV
 
Exploring the Best Video Editing App.pdf
Exploring the Best Video Editing App.pdfExploring the Best Video Editing App.pdf
Exploring the Best Video Editing App.pdf
 
Introducing Microsoft’s new Enterprise Work Management (EWM) Solution
Introducing Microsoft’s new Enterprise Work Management (EWM) SolutionIntroducing Microsoft’s new Enterprise Work Management (EWM) Solution
Introducing Microsoft’s new Enterprise Work Management (EWM) Solution
 
Unlocking the Future of AI Agents with Large Language Models
Unlocking the Future of AI Agents with Large Language ModelsUnlocking the Future of AI Agents with Large Language Models
Unlocking the Future of AI Agents with Large Language Models
 
8257 interfacing 2 in microprocessor for btech students
8257 interfacing 2 in microprocessor for btech students8257 interfacing 2 in microprocessor for btech students
8257 interfacing 2 in microprocessor for btech students
 
How to Choose the Right Laravel Development Partner in New York City_compress...
How to Choose the Right Laravel Development Partner in New York City_compress...How to Choose the Right Laravel Development Partner in New York City_compress...
How to Choose the Right Laravel Development Partner in New York City_compress...
 
Direct Style Effect Systems - The Print[A] Example - A Comprehension Aid
Direct Style Effect Systems - The Print[A] Example - A Comprehension AidDirect Style Effect Systems - The Print[A] Example - A Comprehension Aid
Direct Style Effect Systems - The Print[A] Example - A Comprehension Aid
 
The Guide to Integrating Generative AI into Unified Continuous Testing Platfo...
The Guide to Integrating Generative AI into Unified Continuous Testing Platfo...The Guide to Integrating Generative AI into Unified Continuous Testing Platfo...
The Guide to Integrating Generative AI into Unified Continuous Testing Platfo...
 
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdfLearn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
 
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
 
How To Troubleshoot Collaboration Apps for the Modern Connected Worker
How To Troubleshoot Collaboration Apps for the Modern Connected WorkerHow To Troubleshoot Collaboration Apps for the Modern Connected Worker
How To Troubleshoot Collaboration Apps for the Modern Connected Worker
 

Accelerated .NET Memory Dump Analysis training public slides

  • 1. .NET Memory Dump Analysis Dmitry Vostokov Software Diagnostics Services Version 3.0
  • 2. Prerequisites Basic .NET programming and debugging WinDbg Commands We use these boxes to introduce some WinDbg commands used in practice exercises © 2018 Software Diagnostics Services
  • 3. Training Goals  Review fundamentals  Learn how to analyze process dumps  Learn necessary commands in context  Cover CLR 4 (x86 and x64) © 2018 Software Diagnostics Services
  • 4. Training Principles  Talk only about what I can show  Lots of pictures  Lots of examples  Original content and examples © 2018 Software Diagnostics Services
  • 5. Part 1: Fundamentals © 2018 Software Diagnostics Services
  • 6. Memory Space (x86) Kernel Space User Space FFFFFFFF 80000000 7FFFFFFF 00000000 © 2018 Software Diagnostics Services
  • 7. Memory Space (x64) © 2018 Software Diagnostics Services Kernel Space User Space FFFFFFFF`FFFFFFFF FFFF8000`00000000 00007FFF`FFFFFFFF 00000000`00000000
  • 8. User / Managed Space WinDbg Commands lmv command lists all loaded modules (EXE and DLLs) © 2018 Software Diagnostics Services User Space (PID e364) 00000000`00000000 00007fff`ffffffff LINQPad kernel32 CLR ntdll
  • 9. Types/Assemblies/Modules WinDbg Commands lmv command lists all loaded modules (EXE and DLLs) !IP2MD command shows type method and module address !DumpModule command shows module name Types Assembly Modules 1..* © 2018 Software Diagnostics Services
  • 10. Process Threads WinDbg Commands .load <a path to SOS> Loads SOS WinDbg extension ~<n>s command switches between threads k command shows unmanaged stack trace !Threads command shows managed threads !CLRStack command shows managed stack trace © 2018 Software Diagnostics Services User Space (PID e364) 00000000`00000000 00007fff`ffffffff LINQPad kernel32 CLR ntdll JIT code
  • 11. Example 0:000> k # Child-SP RetAddr Call Site 00 000000dc`219be178 00007ffb`41ddddb8 win32u!NtUserWaitMessage+0x14 01 000000dc`219be180 00007ffb`41d71535 System_Windows_Forms_ni+0x2cddb8 02 000000dc`219be230 00007ffb`41d70c88 System_Windows_Forms_ni+0x261535 03 000000dc`219be330 00007ffb`41d70a8f System_Windows_Forms_ni+0x260c88 04 000000dc`219be3d0 00007ffb`12f4dbc0 System_Windows_Forms_ni+0x260a8f 05 000000dc`219be430 00007ffb`12f45a94 0x00007ffb`12f4dbc0 06 000000dc`219be5e0 00007ffb`12f41c9d 0x00007ffb`12f45a94 07 000000dc`219bed20 00007ffb`12f420b6 0x00007ffb`12f41c9d 08 000000dc`219bee00 00007ffb`12f406e4 0x00007ffb`12f420b6 09 000000dc`219bee30 00007ffb`724d5863 0x00007ffb`12f406e4 0a 000000dc`219bef20 00007ffb`724d5702 clr!CallDescrWorkerInternal+0x83 0b 000000dc`219bef60 00007ffb`724d5e05 clr!CallDescrWorkerWithHandler+0x4e 0c 000000dc`219befa0 00007ffb`72633598 clr!MethodDescCallSite::CallTargetWorker+0xf8 0d 000000dc`219bf0a0 00007ffb`72633ede clr!RunMain+0x1e7 0e 000000dc`219bf280 00007ffb`72633d9d clr!Assembly::ExecuteMainMethod+0xb6 0f 000000dc`219bf570 00007ffb`72633750 clr!SystemDomain::ExecuteMainMethod+0x639 10 000000dc`219bfb90 00007ffb`726336ce clr!ExecuteEXE+0x3f 11 000000dc`219bfc00 00007ffb`72634234 clr!_CorExeMainInternal+0xb2 12 000000dc`219bfc90 00007ffb`72ec7a6d clr!CorExeMain+0x14 13 000000dc`219bfcd0 00007ffb`7303a44c mscoreei!CorExeMain+0x112 14 000000dc`219bfd30 00007ffb`85591fe4 MSCOREE!CorExeMain_Exported+0x6c 15 000000dc`219bfd60 00007ffb`8797f061 KERNEL32!BaseThreadInitThunk+0x14 16 000000dc`219bfd90 00000000`00000000 ntdll!RtlUserThreadStart+0x21 0:000> !IP2MD 0x00007ffb`12f45a94 MethodDesc: 00007ffb12f81c40 Method Name: LINQPad.Program.Go(System.String[]) Class: 00007ffb12f322e0 MethodTable: 00007ffb12f81e10 mdToken: 0000000006000579 Module: 00007ffb12dc4110 IsJitted: yes CodeAddr: 00007ffb12f436f0 Transparency: Critical 0:000> !DumpModule 00007ffb12dc4110 Name: C:Program FilesLINQPad5LINQPad.exe Attributes: PEFile Assembly: 000001f80c3cf620 LoaderHeap: 0000000000000000 TypeDefToMethodTableMap: 00007ffb12ed0020 TypeRefToMethodTableMap: 00007ffb12ed3a88 MethodDefToDescMap: 00007ffb12ed7000 FieldDefToDescMap: 00007ffb12eefcc8 MemberRefToDescMap: 0000000000000000 FileReferencesMap: 00007ffb12f036c8 AssemblyReferencesMap: 00007ffb12f036d0 MetaData start address: 000001f808cffb04 (1498300 bytes) © 2018 Software Diagnostics Services
  • 12. Thread Stack Raw Data WinDbg Commands Get stack range: !teb Dump raw data: dc / dps / dpp / dpa / dpu Dump managed references: !DumpStackObjects © 2018 Software Diagnostics Services User Space (PID e364) 00000000`00000000 00007fff`ffffffff LINQPad kernel32 CLR ntdll JIT code User Stack for TID 102 Managed Heap
  • 13. Pattern-Oriented Diagnostic Analysis Information Collection (Scripts) Information Extraction (Checklists) Problem Identification (Patterns) Problem Resolution Troubleshooting Suggestions Debugging Strategy Diagnostic Pattern: a common recurrent identifiable problem together with a set of recommendations and possible solutions to apply in a specific context. Diagnostic Analysis Pattern: a common recurrent analysis technique and method of diagnostic pattern identification in a specific context. Diagnostic Problem: a set of indicators (symptoms, signs) describing a problem. Diagnostics Pattern Language: common names of diagnostic and diagnostic analysis patterns. The same language for any operating system: Windows, Mac OS X, Linux, ... © 2018 Software Diagnostics Services Checklist: http://www.dumpanalysis.org/windows-memory-analysis-checklist
  • 14. Part 2: Practice Exercises © 2018 Software Diagnostics Services
  • 15. Links  Memory Dumps: Not available in preview version  Exercise Transcripts: Not available in preview version © 2018 Software Diagnostics Services
  • 16. Exercise 0  Goal: Install Debugging Tools for Windows and learn how to set up symbols correctly  Patterns: Incorrect Stack Trace  Commands: .symfix, .reload, k  ANETMDA-DumpsExercise-0-Download-Setup-WinDbg.pdf © 2018 Software Diagnostics Services
  • 17. Process Memory Dumps Exercises PN1 – PN12 © 2018 Software Diagnostics Services
  • 18. Modeling with LINQPad http://www.linqpad.net/ © 2018 Software Diagnostics Services
  • 19. Exercise PN1  Goal: Learn how to load the correct .NET SOS WinDbg extension and analyze managed space  Patterns: Stack Trace Collection; CLR Thread; Version- Specific Extension; Software Exception; Exception Stack Trace; Managed Code Exception; Managed Stack Trace  Commands: .logopen, .symfix, .reload, ~*k, .load, !pe, ~*e, lmv, .chain, .unload, !analyze -v, !CLRStack, .logclose  ANETMDA-DumpsExercise-PN1-Analysis-process-dump- ApplicationA.pdf © 2018 Software Diagnostics Services
  • 20. Exercise PN2  Goal: Compare 64-bit process memory dump from exercise PN1 with 32-bit process memory dump  Patterns: Platform-Specific Debugger  ANETMDA-DumpsExercise-PN2-Analysis-process-dump- ApplicationA-32.pdf © 2018 Software Diagnostics Services
  • 21. Exercise PN3  Goal: Learn how to find problem assemblies, modules, classes and methods, disassemble code, analyze CPU spikes  Patterns: Active Thread; Technology-Specific Subtrace; JIT Code; Spiking Thread; Annotated Disassembly  Commands: !analyze -v -hang, !IP2MD, !runaway, .prompt_allow, ~<>s, ~<>k, !U, !DumpMD, !DumpClass, !DumpMT, !DumpModule, !DumpAssembly, !DumpDomain  ANETMDA-DumpsExercise-PN3-Analysis-process-dump- LINQPadB.pdf © 2018 Software Diagnostics Services
  • 22. Exercise PN4  Goal: Compare 64-bit process memory dump from exercise PN3 with 32-bit process memory dump  ANETMDA-DumpsExercise-PN4-Analysis-process-dump- LINQPadB-32.pdf © 2018 Software Diagnostics Services
  • 23. Exercise PN5  Goal: Learn how to recognize and analyze deadlocks using SOS(EX), execution residue, handled exceptions, dump object references  Patterns: Special Thread; Wait Chain; Deadlock; Execution Residue (user space); Hidden Exception (user space); Coincidental Symbolic Information; Caller-n-Callee  Commands: ~*kL, !Threads, !syncblk, !DumpObj, ub, dp, !dlk, !DumpStack, !teb, dpS  ANETMDA-DumpsExercise-PN5-Analysis-process-dump- LINQPadC.pdf © 2018 Software Diagnostics Services
  • 24. Deadlock © 2018 Software Diagnostics Services Object 000001f498185fe8 Object 000001f498186028 Thread #12 Thread #12 (owns) Thread #11 Thread #11 (owns) Thread #12 (waiting) Thread #11 (waiting)
  • 25. Exercise PN6  Goal: Compare 64-bit process memory dump from exercise PN5 with 32-bit process memory dump  Patterns: Execution Residue (managed space); Hidden Exception (managed space), Handled Exception  Commands: !DumpStackObjects  ANETMDA-DumpsExercise-PN6-Analysis-process-dump- LINQPadC-32.pdf © 2018 Software Diagnostics Services
  • 26. Deadlock (x86) © 2018 Software Diagnostics Services
  • 27. Exercise PN7  Goal: Learn how to analyze multiple managed exceptions  Patterns: Managed Stack Trace Collection; Multiple Exceptions; Nested Exceptions; NULL Pointer  ANETMDA-DumpsExercise-PN7-Analysis-process-dump- ApplicationD.pdf © 2018 Software Diagnostics Services
  • 28. Exercise PN8  Goal: Compare 64-bit process memory dump from exercise PN7 with 32-bit process memory dump  ANETMDA-DumpsExercise-PN8-Analysis-process-dump- ApplicationD-32.pdf © 2018 Software Diagnostics Services
  • 29. Exercise PN9  Goal: Learn how to diagnose heap and handle leaks  Patterns: Handle Leak; Memory Leak  Commands: !heap, !address, !DumpHeap, ?, !eeheap, !GCHandles, !FinalizeQueue, !handle, .cxr  ANETMDA-DumpsExercise-PN9-Analysis-process-dump- LINQPadD.pdf © 2018 Software Diagnostics Services
  • 30. Exercise PN10  Goal: Compare 64-bit process memory dump from exercise PN9 with 32-bit process memory dump  ANETMDA-DumpsExercise-PN9-Analysis-process-dump- LINQPadD-32.pdf © 2018 Software Diagnostics Services
  • 31. Exercise PN11  Goal: Learn how to recognize and analyze heap corruption  Patterns: Invalid Pointer; Regular Data; Managed Heap Corruption  Commands: .formats, !VerifyHeap  ANETMDA-DumpsExercise-PN11-Analysis-process-dump- LINQPadE.pdf © 2018 Software Diagnostics Services
  • 32. Exercise PN12  Goal: Compare 64-bit process memory dump from exercise PN11 with 32-bit process memory dump  ANETMDA-DumpsExercise-PN12-Analysis-process-dump- LINQPadE-32.pdf © 2018 Software Diagnostics Services
  • 33. Pattern Links CLR Thread Deadlock Managed Code Exception Duplicate Extension Nested Exceptions Stack Trace Collection Mixed Exception Dynamic Memory Corruption Memory Leak Special Thread JIT Code Execution Residue Managed Stack Trace Handled Exception Multiple Exceptions Annotated Disassembly Version-Specific Extension Technology-Specific Subtrace Caller-n-Callee Wait Chain Hidden Exception Object Distribution Anomaly Incorrect Stack Trace Execution Residue NULL Pointer Handle Leak Exception Stack Trace Software Exception Platform-Specific Debugger Spiking Thread Hidden Exception Regular Data Coincidental Symbolic Information © 2018 Software Diagnostics Services CLR-related and managed Unmanaged user space
  • 34. SOS Checklist  CLR module and SOS extension versions (lmv and .chain)  Managed exceptions (~*e !pe -nested)  Managed threads (!Threads -special)  Managed stack traces (~*e !CLRStack)  Managed execution residue (~*e !DumpStackObjects)  Managed heap (!VerifyHeap, !DumpHeap -stat and !eeheap -gc)  GC handles (!GCHandles)  Finalizer queue (!FinalizeQueue)  Sync blocks (!syncblk) © 2018 Software Diagnostics Services
  • 35. Resources  WinDbg Help / WinDbg.org (quick links) / DumpAnalysis.org  C# 7.0 Pocket Reference  CLR via C#, Fourth Edition  Advanced .NET Debugging  Debugging Microsoft .NET 2.0 Applications  Shared Source CLI 2.0 Internals  Accelerated Windows Memory Dump Analysis, 4th edition  Memory Dump Analysis Anthology (Volumes 1 – 10) © 2018 Software Diagnostics Services
  • 36. Q&A Please send your feedback using the contact form on PatternDiagnostics.com © 2018 Software Diagnostics Services
  • 37. Thank you for attendance! © 2018 Software Diagnostics Services