About This File
We are happy to release the first version of WinDbg (X64) extension to facilitate learning memory analysis pattern language developed by Software Diagnostics Institute and used in our training courses.
The current standard version 1.0 can be downloaded from here.
Here is a usage example:
0:000> .load patterns 0:000> !help Patterns Debugger Extension DLL (Version 1.0.0.0 [std]). Copyright © 2015 Software Diagnostics Services. All rights reserved. Commands: lst - Shows the current list of memory analysis pattern categories lst category - Shows the current list of memory analysis patterns for the specified category sdl abbreviation - Opens a pattern description from Software Diagnostics Library chk - Shows the current memory analysis checklist categories chk category - Shows the current memory analysis checklist for the specified category eula - Shows license terms 0:000> !lst Memory Analysis Pattern Categories: Hooksware Patterns [H] Wait Chain Patterns [W] DLL Link Patterns [L] Memory Consumption Patterns [M] Dynamic Memory Corruption Patterns [C] Deadlock and Livelock Patterns [D] Contention Patterns [N] Stack Overflow Patterns [O] .NET / CLR / Managed Space Patterns [.] Stack Trace Patterns [S] Symbol Patterns [Y] Exception Patterns [E] Meta-Memory Dump Patterns [-] Module Patterns [!] Optimization Patterns [I] Thread Patterns [T] Process Patterns [P] Executive Resource Patterns [X] Falsity and Coincidence Patterns [F] RPC, LPC and ALPC Patterns [R] Malware Analysis Patterns [@] 0:000> !lst S Stack Trace Patterns: Stack Trace [STRA] Stack Trace Collection (unmanaged space) [STCU] Special Stack Trace [SSTR] Exception Stack Trace [ESTR] Dual Stack Trace [DSTR] Truncated Stack Trace [TSTR] Managed Stack Trace [MSTR] Incorrect Stack Trace [ISTR] Stack Trace Set [STSE] Stack Trace Collection (managed space) [STCM] Stack Trace Collection (predicate) [STCP] Empty Stack Trace [EMST] Stack Trace Collection (I/O requests) [STCI] Stack Trace Change [STCH] First Fault Stack Trace [FFST] Critical Stack Trace [CSTR] RIP Stack Trace [RSTR] Glued Stack Trace [GSTR] Rough Stack Trace [ROST] Past Stack Trace [PSTR] Stack Trace (I/O request) [STIO] Stack Trace (file system filters) [STFS] Stack Trace (database) [STDB] Variable Subtrace [VSUB] Technology-Specific Subtrace (COM interface invocation) [TSCI] Technology-Specific Subtrace (dynamic memory) [TSDM] Technology-Specific Subtrace (JIT .NET code) [TSJN] Technology-Specific Subtrace (COM client call) [TSCC] Internal Stack Trace [INST] Stack Trace Collection (CPUs) [STCC] Stack Trace Surface [STSU] Hidden Stack Trace [HSTR]
The patterns are shown in the order they originally appeared in Memory Dump Analysis Anthology volumes. The four-character codes for !sdl command are for pro version which will be released soon for users of Software Diagnostics Library.
The extension also shows Windows Memory Analysis Checklist via !chk command.
What's New in Version 03/07/2020 06:45 AM See changelog
Released
No changelog available for this version.
Recommended Comments
There are no comments to display.
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now