O'Reilly logo

Memory Dump Analysis Anthology, Volume 6 by Dmitry Vostokov

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

PART 8: Software Trace Analysis

Pattern Interaction

Basic Facts, Periodic Error and Defamiliarizing Effect

This is a synthesized case study with the simplified ETW77 trace output based on real events (consider it as an exercise in a software narrative fiction). In a client-server environment a server session was always active regardless of whether a client was active or not. There was a workaround to enable a registry key to force checking for user activity via CheckActivity registry key. Unfortunately this didn't help and a software trace was recorded for the offline analysis. First, we checked for Basic Facts (Volume 3, page 345) and found the correspondence that confirmed the registry key setting:

 # PID TID Message [...] 3200 1428 5476 ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required