Patterns 1.0

We are happy to release the first version of WinDbg (X64) extension to facilitate learning memory analysis pattern language developed by Software Diagnostics Institute and used in our training courses.

The current standard version 1.0 can be downloaded from here.

Here is a usage example:

0:000> .load patterns

0:000> !help
Patterns Debugger Extension DLL (Version 1.0.0.0 [std]). Copyright © 2015 Software Diagnostics Services. All rights reserved.

Commands:
lst - Shows the current list of memory analysis pattern categories
lst category - Shows the current list of memory analysis patterns for the specified category
sdl abbreviation - Opens a pattern description from Software Diagnostics Library
chk - Shows the current memory analysis checklist categories
chk category - Shows the current memory analysis checklist for the specified category
eula - Shows license terms

0:000> !lst
Memory Analysis Pattern Categories:

Hooksware Patterns [H]
Wait Chain Patterns [W]
DLL Link Patterns [L]
Memory Consumption Patterns [M]
Dynamic Memory Corruption Patterns [C]
Deadlock and Livelock Patterns [D]
Contention Patterns [N]
Stack Overflow Patterns [O]
.NET / CLR / Managed Space Patterns [.]
Stack Trace Patterns [S]
Symbol Patterns [Y]
Exception Patterns [E]
Meta-Memory Dump Patterns [-]
Module Patterns [!]
Optimization Patterns [I]
Thread Patterns [T]
Process Patterns [P]
Executive Resource Patterns [X]
Falsity and Coincidence Patterns [F]
RPC, LPC and ALPC Patterns [R]
Malware Analysis Patterns [@]

0:000> !lst S
Stack Trace Patterns:

Stack Trace [STRA]
Stack Trace Collection (unmanaged space) [STCU]
Special Stack Trace [SSTR]
Exception Stack Trace [ESTR]
Dual Stack Trace [DSTR]
Truncated Stack Trace [TSTR]
Managed Stack Trace [MSTR]
Incorrect Stack Trace [ISTR]
Stack Trace Set [STSE]
Stack Trace Collection (managed space) [STCM]
Stack Trace Collection (predicate) [STCP]
Empty Stack Trace [EMST]
Stack Trace Collection (I/O requests) [STCI]
Stack Trace Change [STCH]
First Fault Stack Trace [FFST]
Critical Stack Trace [CSTR]
RIP Stack Trace [RSTR]
Glued Stack Trace [GSTR]
Rough Stack Trace [ROST]
Past Stack Trace [PSTR]
Stack Trace (I/O request) [STIO]
Stack Trace (file system filters) [STFS]
Stack Trace (database) [STDB]
Variable Subtrace [VSUB]
Technology-Specific Subtrace (COM interface invocation) [TSCI]
Technology-Specific Subtrace (dynamic memory) [TSDM]
Technology-Specific Subtrace (JIT .NET code) [TSJN]
Technology-Specific Subtrace (COM client call) [TSCC]
Internal Stack Trace [INST]
Stack Trace Collection (CPUs) [STCC]
Stack Trace Surface [STSU]
Hidden Stack Trace [HSTR]

The patterns are shown in the order they originally appeared in Memory Dump Analysis Anthology volumes. The four-character codes for !sdl command are for pro version which will be released soon for users of Software Diagnostics Library.

The extension also shows Windows Memory Analysis Checklist via !chk command.