Connect with us on Facebook and Linkedin

PatternSight Training Platform

We combine our pattern-oriented training courses, training packs, reference materials, and training tools (such as Patterns debugger extension) into a unified PatternSight Training PlatformTM that covers software construction (software architecture, design, and implementation), software post-construction (software diagnostics and debugging), and software deconstruction (reversing).

Patterns Debugger Extension DLL

We are happy to release the first version of WinDbg (X64) extension to facilitate learning memory analysis pattern language developed by Software Diagnostics Institute and used in our training courses.

The current standard version 1.0 can be downloaded from here.

Here is a usage example:

0:000> .load patterns

0:000> !help
Patterns Debugger Extension DLL (Version 1.0.0.0 [std]). Copyright © 2015 Software Diagnostics Services. All rights reserved.

Commands:
lst - Shows the current list of memory analysis pattern categories
lst category - Shows the current list of memory analysis patterns for the specified category
sdl abbreviation - Opens a pattern description from Software Diagnostics Library
chk - Shows the current memory analysis checklist categories
chk category - Shows the current memory analysis checklist for the specified category
eula - Shows license terms

0:000> !lst
Memory Analysis Pattern Categories:

Hooksware Patterns [H]
Wait Chain Patterns [W]
DLL Link Patterns [L]
Memory Consumption Patterns [M]
Dynamic Memory Corruption Patterns [C]
Deadlock and Livelock Patterns [D]
Contention Patterns [N]
Stack Overflow Patterns [O]
.NET / CLR / Managed Space Patterns [.]
Stack Trace Patterns [S]
Symbol Patterns [Y]
Exception Patterns [E]
Meta-Memory Dump Patterns [-]
Module Patterns [!]
Optimization Patterns [I]
Thread Patterns [T]
Process Patterns [P]
Executive Resource Patterns [X]
Falsity and Coincidence Patterns [F]
RPC, LPC and ALPC Patterns [R]
Malware Analysis Patterns [@]

0:000> !lst S
Stack Trace Patterns:

Stack Trace [STRA]
Stack Trace Collection (unmanaged space) [STCU]
Special Stack Trace [SSTR]
Exception Stack Trace [ESTR]
Dual Stack Trace [DSTR]
Truncated Stack Trace [TSTR]
Managed Stack Trace [MSTR]
Incorrect Stack Trace [ISTR]
Stack Trace Set [STSE]
Stack Trace Collection (managed space) [STCM]
Stack Trace Collection (predicate) [STCP]
Empty Stack Trace [EMST]
Stack Trace Collection (I/O requests) [STCI]
Stack Trace Change [STCH]
First Fault Stack Trace [FFST]
Critical Stack Trace [CSTR]
RIP Stack Trace [RSTR]
Glued Stack Trace [GSTR]
Rough Stack Trace [ROST]
Past Stack Trace [PSTR]
Stack Trace (I/O request) [STIO]
Stack Trace (file system filters) [STFS]
Stack Trace (database) [STDB]
Variable Subtrace [VSUB]
Technology-Specific Subtrace (COM interface invocation) [TSCI]
Technology-Specific Subtrace (dynamic memory) [TSDM]
Technology-Specific Subtrace (JIT .NET code) [TSJN]
Technology-Specific Subtrace (COM client call) [TSCC]
Internal Stack Trace [INST]
Stack Trace Collection (CPUs) [STCC]
Stack Trace Surface [STSU]
Hidden Stack Trace [HSTR]

The patterns are shown in the order they originally appeared in Memory Dump Analysis Anthology volumes. The four-character codes for !sdl command are for pro version which will be released soon for users of Software Diagnostics Library.

The extension also shows Windows Memory Analysis Checklist via !chk command.

Book: Practical Foundations of Windows Debugging, Disassembling, Reversing

This training course is a combined and reformatted version of the two previous books Windows Debugging: Practical Foundations and x64 Windows Debugging: Practical Foundations. The new format makes it easy to switch between and compare x86 and x64 versions. The book also has a larger format similar to other training courses, punctuation and code highlighting improvements, the output and screenshots from the latest WinDbg 10, and consistently uses WinDbg (X86) for 32-bit examples and WinDbg (X64) for 64-bit examples.

The book contains two separate sets of chapters and corresponding illustrations. They are named Chapter x86.NN and Chapter x64.NN respectively. There is some repetition of content due to the shared nature of x64 and x86 platforms. Both sets of chapters can be read independently. We included x86 chapters because many Windows applications are still 32-bit and executed in 32-bit compatibility mode on x64 Windows systems.

This introductory training course can complement the more advanced course Accelerated Disassembly, Reconstruction and Reversing.

  • Title: Practical Foundations of Windows Debugging, Disassembling, Reversing: Training Course
  • Authors: Dmitry Vostokov, Software Diagnostics Institute
  • Publisher: OpenTask (October 2015)
  • Language: English
  • PDF: 350 pages
  • ISBN-13: 978-978-1908043948

Table of Contents

Purchase

We are now the authorized training provider!

We are appointed by Software Diagnostics Institute as the authorized training provider for pattern-oriented software diagnostics and associated subfields: http://www.dumpanalysis.org/authorized-training-providers

Memory Dump Analysis Anthology, Volume 8b

We are now distributors of Volume 8b of Memory Dump Analysis Anthology in PDF format:

Purchase

Complete 9-volume set in PDF format is also available with a discount.

Recorded Training Sessions

New! Historical video recordings of past training sessions corresponding to the following courses are now available:

Accelerated Windows Memory Dump Analysis, 3rd edition (8 hours)

Accelerated Windows Debugging3 (4 hours)

Accelerated .NET Memory Dump Analysis, 2nd edition (4 hours)

Accelerated Disassembly, Reconstruction and Reversing (4 hours)

Accelerated Windows Malware Analysis with Memory Dumps (4 hours)

The price of each set of recordings is 99 USD and they can be purchased independently of the corresponding training courses and training packs. Download links are sent in 24-48 hours after the purchase. When you purchase you also get free named Software Diagnostics Library membership with access to more than 300 cross-referenced patterns of memory dump analysis, their classification, and more than 70 case studies.

Purchase

Memory Dump Analysis Anthology, Volume 5

We are now distributors of Volume 5 of Memory Dump Analysis Anthology in PDF format:

Purchase

Complete 9-volume set in PDF format is also available with a discount.

Memory Dump Analysis Anthology, Volume 4

We are now distributors of Volume 4 of Memory Dump Analysis Anthology in PDF format:

Purchase

Complete 9-volume set in PDF format is also available with a discount.

Platform-Independent Crash Dump Analysis Training Pack

New! Now includes Practical Foundations of Windows Debugging, Disassembling, Reversing PDF book.

Learn how to analyze application crashes and freezes, navigate through process memory dump space and diagnose corruption, memory leaks, CPU spikes, blocked threads, deadlocks, wait chains and much more. We use a unique and innovative platform-independent pattern-oriented analysis approach to speed up the learning curve. The training pack consists of practical step-by-step exercises using popular debuggers WinDbg, GDB, and LLDB highlighting dozens of memory analysis patterns diagnosed in 64-bit process memory dumps from Windows, Mac OS X and Linux platforms. The training pack also includes source code for modeling applications, a catalogue of relevant patterns from Software Diagnostics Institute, an overview of relevant similarities and differences between Windows, Mac OS X and Linux user space memory dump analysis, and Windows kernel and physical memory space analysis exercises necessary for learning pattern diagnosis of complex application and service inter-process communication problems.

This comprehensive training pack for software technical support engineers, system administrators, DevOps, software developers and testers features:

  • 3 platforms (x86/x64 Windows, x64 Mac OS X, x64 Linux)
  • 3 debuggers (WinDbg, GDB, LLDB)
  • 4 training courses
  • 14 books (17 in print version)
  • 90 hands-on exercises
  • 170 slides with comments
  • 100 questions and answers
  • 1,800 pages of training books
  • 3,700 pages of reference materials (4,100 in print version)

This offer includes training courses and access to the vast collection of patterns and case studies:

  1. Accelerated Windows Memory Dump Analysis, 4th edition
  2. Accelerated Mac OS X Core Dump Analysis, 2nd edition
  3. Accelerated Linux Core Dump Analysis
  4. Practical Foundations of Windows Debugging, Disassembling, Reversing PDF book
  5. Access to Software Diagnostics Library
  6. Memory Dump Analysis Anthology volume set

You can buy either in PDF or paperback format with trackable shipping included (shipped from OpenTask publisher, some restrictions may apply) or both with further discounts:

Purchase

Note: We are not responsible for any loss or damage caused during shipment and delivery.

Memory Dump Analysis Anthology, Volume 3

We are now distributors of Volume 3 of Memory Dump Analysis Anthology in PDF format:

Purchase

Complete 9-volume set in PDF format is also available with a discount.

Memory Dump Analysis Anthology, Volume 2

We are now distributors of Volume 2 of Memory Dump Analysis Anthology in PDF format:

Purchase

Complete 9-volume set in PDF format is also available with a discount.

Training Courses and Training Packs Upgrade

You can now upgrade previously purchased individual training courses to training packs, and training packs to bigger training packs by simply paying the difference. For example,

Accelerated Windows Memory Dump Analysis ->
    Windows Crash Dump Analysis Training Pack ->
        Windows Complete Memory Dump Analysis Training Pack ->
            Enterprise Windows Software Diagnostics and Debugging Pack

Revisions of Memory Dump Analysis Anthology Volumes

Volume 1 is now in its 3rd revision. The main changes since the 2nd revision are readability and punctuation improvements. Content is the same. If you purchased Volume 1 from us in PDF format separately or as a part of training courses, training packs, and reference sets before the 22nd of March, 2015, please use the contact form to request the free update.

Volume 2 is now in its 3rd revision. The main changes since the 2nd revision are readability and punctuation improvements. Content is the same except that some web links were updated. If you purchased Volume 2 from us in PDF format separately or as a part of training courses, training packs, and reference sets before the 20th of April 2015, please use the contact form to request the free update.

Volume 3 of Memory Dump Analysis Anthology is now in its 2nd revision. The main changes are readability and punctuation improvements. Content is the same except some updated web links. If you purchased Volume 3 from us in PDF format separately or as a part of training courses, training packs, and reference sets before the 29th of April 2015, please use the contact form to request the free update.

Volume 4 of Memory Dump Analysis Anthology is now in its 2nd revision. The main changes are readability and punctuation improvements. Content is the same except some updated web links. If you purchased Volume 4 from us in PDF format separately or as a part of training courses, training packs, and reference sets before the 12th of June 2015, please use the contact form to request the free update.

Volume 5 of Memory Dump Analysis Anthology is now in its 2nd revision. The main changes are readability and punctuation improvements. Content is the same except some updated web links. If you purchased Volume 5 from us in PDF format separately or as a part of training courses, training packs, and reference sets before the 21st of June 2015, please use the contact form to request the free update.

Volume 6 of Memory Dump Analysis Anthology is now in its 2nd revision. The main changes are readability and punctuation improvements. Content is the same except some updated web links. If you purchased Volume 6 from us in PDF format separately or as a part of training courses, training packs, and reference sets before the 17th of July 2015, please use the contact form to request the free update.

Volume 7 of Memory Dump Analysis Anthology is now in its 2nd revision. The main changes are readability and punctuation improvements. Content is the same except some updated web links. If you purchased Volume 7 from us in PDF format separately or as a part of training courses, training packs, and reference sets before the 24th of July 2015, please use the contact form to request the free update.

Volume 8a of Memory Dump Analysis Anthology is now in its 2nd revision. The main changes are readability and punctuation improvements. Content is the same. If you purchased Volume 8a from us in PDF format separately or as a part of training courses, training packs, and reference sets before the 10th of July 2015, please use the contact form to request the free update.

Windows Complete Memory Dump Analysis Training Pack

New! The PDF version pack now includes a complimentary EPUB version of Accelerated Windows Memory Dump Analysis, Fourth Edition

This comprehensive training teaches the analysis of all memory spaces for patterns of abnormal software behavior in process, kernel, and complete (physical) memory dumps:

The pack features:

  • Both x86 and x64 Windows versions
  • Both kernel and user memory spaces
  • Both managed, unmanaged, and native code
  • 4 training courses
  • 16 books (19 in print version)
  • 70 hands-on exercises
  • 140 slides with comments
  • 130 questions and answers
  • 1,700 pages of training books
  • 4,800 pages of reference materials (5,200 in print version)

This offer includes training courses, pattern encyclopedia, and access to the vast collection of patterns and case studies:

  1. Accelerated Windows Memory Dump Analysis, 4th edition
  2. Accelerated .NET Memory Dump Analysis, 2nd edition
  3. Advanced Windows Memory Dump Analysis with Data Structures, 2nd edition
  4. Practical Foundations of Windows Debugging, Disassembling, Reversing
  5. Access to Software Diagnostics Library
  6. Memory Dump Analysis Anthology volume set and Encyclopedia of Crash Dump Analysis Patterns

You can buy either in PDF or paperback format with trackable shipping included (shipped from OpenTask publisher, some restrictions may apply) or both with further discounts:

Purchase

Note: We are not responsible for any loss or damage caused during shipment and delivery.

Trace and Log Analysis Training Pack

This comprehensive pattern-oriented trace and log analysis training for software technical support engineers, system and network administrators, software developers and testers, digital forensics and malware analysts features:

  • 17 books (20 in print version)
  • 300 slides with comments
  • 3,700 pages of reference materials (4,100 in print version)

This offer includes a training course with recording, seminar transcripts, a pattern reference, and online access to the vast collection of patterns and case studies:

  1. Accelerated Windows Software Trace Analysis
  2. Software Trace and Log Analysis: A Pattern Reference
  3. Software Trace and Memory Dump Analysis: Patterns, Tools, Processes and Best Practices
  4. Software Narratology: An Introduction to the Applied Science of Software Stories
  5. Malware Narratives: An Introduction
  6. Pattern-Oriented Network Trace Analysis
  7. Mobile Software Diagnostics: An Introduction
  8. Access to Software Diagnostics Library
  9. Memory Dump Analysis Anthology volume set

You can buy either in PDF or paperback format with trackable shipping included (shipped from OpenTask publisher, some restrictions may apply) or both with further discounts:

Purchase

Note: We are not responsible for any loss or damage caused during shipment and delivery.

Pattern Diagnostics Logo

Also available in a white background version.

Free Sample Exercise eBook

We are happy to announce the release of Pattern-Oriented Software Diagnostics, Debugging, Malware Analysis, Reversing: Sample Training Exercises eBook which is free to download and share. It contains 9 exercises from various training courses.

Syndicate content