O'Reilly logo

Memory Dump Analysis Anthology, Volume 7 by Dmitry Vostokov

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Shared Point

Sometimes we know from Basic Facts (Volume 3, page 345) some data or activity we seek to identify in different traces collected together to perform inter-correlational analysis (Volume 4, page 350). It can be a shared file name, a named synchronization object, a locked file with sharing violations, a common virtual address in kernel space, or just some activity notification. This pattern is called by analogy with intersecting curves in some abstract space.

images

It is similar to Linked Messages (page 284) pattern but is more high level and not confined to a common parameter (can be an action description).

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required