Extended Windows Memory Dump Analysis: Using and Writing WinDbg Extensions, Database and Event Stream Processing, Visualization

The book contains the full transcript of Software Diagnostics Services training with 16 hands-on exercises. This training course extends pattern-oriented analysis introduced in Accelerated Windows Memory Dump Analysis, Accelerated .NET Core Memory Dump Analysis, and Advanced Windows Memory Dump Analysis with Data Structures courses with:

  • Surveying the current landscape of WinDbg extensions with analysis pattern mappings
  • Writing WinDbg extensions in C and C++
  • Connecting WinDbg to NoSQL databases
  • Connecting WinDbg to streaming and log processing platforms
  • Querying and visualizing WinDbg output data

Prerequisites: Working knowledge of WinDbg. Working knowledge of C or C++ is optional (required only for some exercises). Other concepts are explained when necessary.

Audience: Software developers, software maintenance engineers, escalation engineers, quality assurance engineers, security and vulnerability researchers, malware and memory forensics analysts who want to build memory analysis pipelines.

  • Title: Extended Windows Memory Dump Analysis: Using and Writing WinDbg Extensions, Database and Event Stream Processing, Visualization
  • Authors: Dmitry Vostokov, Software Diagnostics Services
  • Publisher: OpenTask (September 2022)
  • Language: English
  • Product Dimensions: 28.0 x 21.6
  • PDF: 274 pages
  • ISBN-13: 978-1912636686

Table of Contents and sample exercise
Slides from the training

There is an option to buy 14 volumes of Memory Dump Analysis Anthology in PDF format with the course.

The training course also includes recording of the previous training sessions and Practical Foundations of Windows Debugging, Disassembling, Reversing, Second Edition PDF book.

Type and speed (links sent in 24 hours)