O'Reilly logo

Memory Dump Analysis Anthology, Volume 7 by Dmitry Vostokov

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Value References

Sometimes we have a value or a pointer or a handle and would like to know all memory addresses that reference it. This can be done by virtual memory search (s WinDbg command). If we look for references in code (for example, for pool tags please see this case study in Volume 1, page 206) we can combine search with !for_each_module WinDbg extension command. There is also !search command for physical pages. We cover this Value References pattern in Advanced Windows Memory Dump Analysis training12 with a step-by-step complete memory dump analysis exercise. For object references there is also recently added !obtrace command with good examples in WinDbg help.

12 http://www.patterndiagnostics.com/advanced-windows-memory-dump-analysis ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required