O'Reilly logo

Accelerated Windows Memory Dump Analysis: Training Course Transcript and WinDbg Practice Exercises with Notes, Third Edition by Dmitry Vostokov

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Exercise P1: Analysis of a normal application process dump (32-bit notepad)

images

Goal: Learn how to see dump file type and version, get a stack trace, check its correctness, perform default analysis, list modules, check their version information, check process environment.

Patterns: Manual Dump; Stack Trace; Not My Version; Environment Hint

1.      Launch WinDbg from Windows Kits \ Debugging Tools for Windows (X64).

2.      Open \AWMDA-Dumps\32-bit\Processes\notepad.DMP.

3.      We get the dump file loaded:

images

4.      Open a log file to save all future ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required