We are happy to release the second version of WinDbg (both X86 and X64) extension with full DML support to facilitate learning memory analysis pattern language developed by Software Diagnostics Institute and used in our training courses.
The current standard version 2.0 can be downloaded from here.
Here is a usage example:
0:000> .load x64\patterns
0:000> !help Patterns Debugger Extension DLL (Version 22.214.171.124 [std]). Copyright © 2015-2022 Software Diagnostics Services. All rights reserved.
Commands: lst - Shows the current list of memory analysis pattern categories lst category - Shows the current list of memory analysis patterns for the specified category sdl abbreviation - Opens a pattern description from Software Diagnostics Library chk - Shows the current memory analysis checklist categories chk category - Shows the current memory analysis checklist for the specified category eula - Shows license terms
0:000> !lst Memory Analysis Pattern Categories:
Hooksware Patterns [H] Wait Chain Patterns [W] DLL Link Patterns [L] Memory Consumption Patterns [M] Dynamic Memory Corruption Patterns [C] Deadlock and Livelock Patterns [D] Contention Patterns [N] Stack Overflow Patterns [O] .NET / CLR / Managed Space Patterns [.] Stack Trace Patterns [S] Symbol Patterns [Y] Exception Patterns [E] Meta-Memory Dump Patterns [-] Module Patterns [!] Optimization Patterns [I] Thread Patterns [T] Process Patterns [P] Executive Resource Patterns [X] Falsity and Coincidence Patterns [F] RPC, LPC and ALPC Patterns [R] Hidden Artifact Patterns [A] Pointer Patterns [*] Frame Patterns [+] CPU Consumption Patterns [^] Malware Analysis Patterns [@]
0:000> !lst S Stack Trace Patterns:
Stack Trace [STTR] Stack Trace Collection (unmanaged space) [STCU] Special Stack Trace [SSTR] Exception Stack Trace [ESTR] Dual Stack Trace [DSTR] Truncated Stack Trace [TSTR] Managed Stack Trace [MSTR] Incorrect Stack Trace [ISTR] Stack Trace Set [STSE] Stack Trace Collection (managed space) [STCM] Stack Trace Collection (predicate) [STCP] Empty Stack Trace [EMST] Stack Trace Collection (I/O requests) [STCI] Stack Trace Change [STCH] First Fault Stack Trace [FFST] Critical Stack Trace [CSTR] RIP Stack Trace [RSTR] Glued Stack Trace [GSTR] Rough Stack Trace (unmanaged space) [RSTU] Past Stack Trace [PSTR] Stack Trace (I/O request) [STIO] Stack Trace (file system filters) [STFS] Stack Trace (database) [STDB] Variable Subtrace [VASU] Technology-Specific Subtrace (COM interface invocation) [TSCI] Technology-Specific Subtrace (dynamic memory) [TSDM] Technology-Specific Subtrace (JIT .NET code) [TSJN] Technology-Specific Subtrace (COM client call) [TSCC] Internal Stack Trace [INST] Stack Trace Collection (CPUs) [STCC] Stack Trace Surface [STSU] Hidden Stack Trace [HSTR] Constant Subtrace [COSU] Stack Trace Signature [STSI] Quotient Stack Trace [QSTR] Module Stack Trace [MOST] Coincidental Frames [COFR] Least Common Frame [LCFR] Foreign Module Frame [FMFR] Unified Stack Trace [USTR] Aggregated Frames [AGFR] Stack Trace (I/O devices) [SIOD] Stack Trace Motif [STMO] Stack Trace Race [STRA] Source Stack Trace [SRCS] Hidden Stack [HIST] Interrupt Stack [INTS] Frame Trace [FRTR] False Frame [FAFR] Procedure Call Chain [PCCH] Rough Stack Trace (managed space) [RSTM] Rough Stack Trace Collection (unmanaged space) [RSCU] Caller-n-Callee [CNCA] Back
0:000> !sdl CNCA
The last command opens a webpage from Software Diagnostics Library corresponding to the chosen memory analysis pattern (requires access rights).
The patterns are shown in the order they originally appeared in Memory Dump Analysis Anthology volumes.
The extension also shows Windows Memory Analysis Checklist via !chk command.