O'Reilly logo

Memory Dump Analysis Anthology, Volume 8b by Software Diagnostics Institute, Dmitry Vostokov

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

PART 3: Pattern Interaction

 

Virtualized Process, Stack Trace Collection, COM Interface Invocation Subtrace, Active Thread, Spiking Thread, Last Error Collection, RIP Stack Trace, Value References, Namespace, and Module Hint

Recently we analyzed a memory dump posted in DA+TA group and posted our results there. The problem was resolved. Afterward, we decided to look at the earlier dump that was posted for the same problem: a COM server program was unresponsive. That dump was not fully analyzed by group members, so we decided to write a case study based on it since it had one more pattern.

When we open the dump in WinDbg it shows Virtualized Process (WOW64, Volume 1, page 400) pattern:

wow64cpu!TurboDispatchJumpAddressEnd+0x598:​00000000`77cf2772 c3 ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required