SlideShare a Scribd company logo

Debugging TV Frame 0x11

Dmitry Vostokov
Dmitry Vostokov

This episode shows how to examine stack region on Windows and Mac OS X using WinDbg and GDB. It also briefly discusses associated structural memory patterns and introduces unified diagnostics/debugging pattern language for software post-construction.

Software
1 of 8
Download to read offline
Frame 0x11 Presenter: Dmitry Vostokov Sponsors Debugging.TV
• Stack region (Windows) • Stack region (Mac OS X) • Stack region (Windows, 2nd method) • Patterns Topics © 2012 Software Diagnostics Institute
Stack Region (W) © 2012 Software Diagnostics Institute 0:000> ~ . 0 Id: bdc.8c8 Suspend: 0 Teb: 000007ff`fffdc000 Unfrozen 1 Id: bdc.aec Suspend: 0 Teb: 000007ff`fffda000 Unfrozen 2 Id: bdc.674 Suspend: 0 Teb: 000007ff`fffd8000 Unfrozen 3 Id: bdc.768 Suspend: 0 Teb: 000007ff`fffd6000 Unfrozen 4 Id: bdc.b34 Suspend: 0 Teb: 000007ff`fffd4000 Unfrozen 5 Id: bdc.868 Suspend: 0 Teb: 000007ff`fffae000 Unfrozen 6 Id: bdc.9e4 Suspend: 0 Teb: 000007ff`fffac000 Unfrozen 0:000> !teb 000007ff`fffd6000 TEB at 000007fffffd6000 ExceptionList: 0000000000000000 StackBase: 0000000000920000 StackLimit: 000000000091e000 SubSystemTib: 0000000000000000 FiberData: 0000000000001e00 ArbitraryUserPointer: 0000000000000000 Self: 000007fffffd6000 EnvironmentPointer: 0000000000000000 ClientId: 0000000000000bdc . 0000000000000768 RpcHandle: 0000000000000000 Tls Storage: 000007fffffd6058 PEB Address: 000007fffffde000 LastErrorValue: 87 LastStatusValue: c000000d Count Owned Locks: 0 HardErrorMode: 0 0:000> dps 000000000091e000 0000000000920000 00000000`0091e000 00000000`00000000 00000000`0091e008 00000000`00000000 […]
Stack Region (M) © 2012 Software Diagnostics Institute (gdb) info threads 3 0x000000010540ce4e in thread_two (arg=0x0) 2 0x000000010540ce1e in thread_one (arg=0x0) * 1 0x00007fff885e9e42 in __semwait_signal () Current language: auto; currently minimal (gdb) thread 2 [Switching to thread 2 (core thread 1)] 0x000000010540ce1e in thread_one (arg=0x0) 16 *p = 1; (gdb) x $rsp 0x1054c0f10: 0x054c0f50 (gdb) thread 1 [Switching to thread 1 (core thread 0)] 0x00007fff885e9e42 in __semwait_signal () (gdb) x $rsp 0x7fff6500ba38: 0x8324bdea (gdb) maintenance info sections Core file: `/cores/core.925', file type mach-o-le. 0x0000000105441000->0x00000001054c3000 at 0x00037000: LC_SEGMENT. ALLOC LOAD CODE HAS_CONTENTS […] 0x00007fff6480c000->0x00007fff6500c000 at 0x03a3c000: LC_SEGMENT. ALLOC LOAD CODE HAS_CONTENTS […]
Stack Region (W2) © 2012 Software Diagnostics Institute 0:000> ~ . 0 Id: bdc.8c8 Suspend: 0 Teb: 000007ff`fffdc000 Unfrozen 1 Id: bdc.aec Suspend: 0 Teb: 000007ff`fffda000 Unfrozen 2 Id: bdc.674 Suspend: 0 Teb: 000007ff`fffd8000 Unfrozen 3 Id: bdc.768 Suspend: 0 Teb: 000007ff`fffd6000 Unfrozen 4 Id: bdc.b34 Suspend: 0 Teb: 000007ff`fffd4000 Unfrozen 5 Id: bdc.868 Suspend: 0 Teb: 000007ff`fffae000 Unfrozen 6 Id: bdc.9e4 Suspend: 0 Teb: 000007ff`fffac000 Unfrozen 0:000> ~3s ntdll!NtDelayExecution+0xa: 00000000`7790f9fa c3 ret 0:003> !address rsp Usage: Stack Allocation Base: 00000000`00820000 Base Address: 00000000`0091e000 End Address: 00000000`00920000 Region Size: 00000000`00002000 Type: 00020000 MEM_PRIVATE State: 00001000 MEM_COMMIT Protect: 00000004 PAGE_READWRITE More info: ~3k 0:000> dps 000000000091e000 0000000000920000 00000000`0091e000 00000000`00000000 00000000`0091e008 00000000`00000000 […]
Patterns © 2012 Software Diagnostics Institute Structural memory patterns: • Memory Region • Region Boundary Unified diagnostics/debugging pattern language (software post-construction): • Analysis Patterns Execution Residue • Architectural Patterns Command Pipe • Design Patterns Memory Region • Implementation Patterns Memory address attributes • Usage Patterns Memory value inspection
!Ad Hardcore Technical Support Training July 18-23, 2012 Accelerated Windows Memory Dump Analysis July 27-30, 2012 Accelerated Mac OS X Core Dump Analysis Sept 3, 2012 Systemic Software Diagnostics (FREE Webinar) Sept 7-10, 2012 Accelerated .NET Memory Dump Analysis (with x64) Sept 14-17, 2012 Advanced Windows Memory Dump Analysis October 12-15, 2012 Accelerated Windows Software Trace Analysis October 17-22, 2012 Accelerated Windows Malware Analysis © 2012 Software Diagnostics Institute
Debugging.TV

Recommended

Displaying Animated Images on GLCD display with LPC2148 Microcontroller
Displaying Animated Images on GLCD display with LPC2148 MicrocontrollerDisplaying Animated Images on GLCD display with LPC2148 Microcontroller
Displaying Animated Images on GLCD display with LPC2148 MicrocontrollerOmkar Rane
 
#ponatinib hcl-hnmr cas 1114544 31-8 Iclusig
#ponatinib hcl-hnmr cas 1114544 31-8 Iclusig#ponatinib hcl-hnmr cas 1114544 31-8 Iclusig
#ponatinib hcl-hnmr cas 1114544 31-8 IclusigRubin Bari
 
Getting access to Lantronix devices: exploring treasures of 77FEh at Confiden...
Getting access to Lantronix devices: exploring treasures of 77FEh at Confiden...Getting access to Lantronix devices: exploring treasures of 77FEh at Confiden...
Getting access to Lantronix devices: exploring treasures of 77FEh at Confiden...Vlatko Kosturjak
 
DEP/ASLR bypass without ROP/JIT
DEP/ASLR bypass without ROP/JITDEP/ASLR bypass without ROP/JIT
DEP/ASLR bypass without ROP/JITArtem I. Baranov
 
Ak12 upgrade
Ak12 upgradeAk12 upgrade
Ak12 upgradeAccenture
 
Linux kernel debugging(PDF format)
Linux kernel debugging(PDF format)Linux kernel debugging(PDF format)
Linux kernel debugging(PDF format)yang firo
 
Linux kernel debugging(ODP format)
Linux kernel debugging(ODP format)Linux kernel debugging(ODP format)
Linux kernel debugging(ODP format)yang firo
 
Debugging TV Frame 0x16
Debugging TV Frame 0x16Debugging TV Frame 0x16
Debugging TV Frame 0x16Dmitry Vostokov
 

Recommended

Displaying Animated Images on GLCD display with LPC2148 Microcontroller
Displaying Animated Images on GLCD display with LPC2148 MicrocontrollerDisplaying Animated Images on GLCD display with LPC2148 Microcontroller
Displaying Animated Images on GLCD display with LPC2148 MicrocontrollerOmkar Rane
 
#ponatinib hcl-hnmr cas 1114544 31-8 Iclusig
#ponatinib hcl-hnmr cas 1114544 31-8 Iclusig#ponatinib hcl-hnmr cas 1114544 31-8 Iclusig
#ponatinib hcl-hnmr cas 1114544 31-8 IclusigRubin Bari
 
Getting access to Lantronix devices: exploring treasures of 77FEh at Confiden...
Getting access to Lantronix devices: exploring treasures of 77FEh at Confiden...Getting access to Lantronix devices: exploring treasures of 77FEh at Confiden...
Getting access to Lantronix devices: exploring treasures of 77FEh at Confiden...Vlatko Kosturjak
 
DEP/ASLR bypass without ROP/JIT
DEP/ASLR bypass without ROP/JITDEP/ASLR bypass without ROP/JIT
DEP/ASLR bypass without ROP/JITArtem I. Baranov
 
Ak12 upgrade
Ak12 upgradeAk12 upgrade
Ak12 upgradeAccenture
 
Linux kernel debugging(PDF format)
Linux kernel debugging(PDF format)Linux kernel debugging(PDF format)
Linux kernel debugging(PDF format)yang firo
 
Linux kernel debugging(ODP format)
Linux kernel debugging(ODP format)Linux kernel debugging(ODP format)
Linux kernel debugging(ODP format)yang firo
 
Debugging TV Frame 0x16
Debugging TV Frame 0x16Debugging TV Frame 0x16
Debugging TV Frame 0x16Dmitry Vostokov
 
Windows Debugging with WinDbg
Windows Debugging with WinDbgWindows Debugging with WinDbg
Windows Debugging with WinDbgArno Huetter
 
Reverse engineering of binary programs for custom virtual machines
Reverse engineering of binary programs for custom virtual machinesReverse engineering of binary programs for custom virtual machines
Reverse engineering of binary programs for custom virtual machinesSmartDec
 
Varnish in action pbc10
Varnish in action pbc10Varnish in action pbc10
Varnish in action pbc10Combell NV
 
Ax som-xc7z020-user_manual_en
Ax som-xc7z020-user_manual_enAx som-xc7z020-user_manual_en
Ax som-xc7z020-user_manual_enAlexey Yurko
 
IPv6 Basics
IPv6 BasicsIPv6 Basics
IPv6 BasicsRHC Technologies
 
Debugging TV Frame 0x02
Debugging TV Frame 0x02Debugging TV Frame 0x02
Debugging TV Frame 0x02Dmitry Vostokov
 
crack satellite
crack satellite crack satellite
crack satellite TecnicoAInstrumentos
 
Windows kernel debugging workshop in florida
Windows kernel debugging workshop in floridaWindows kernel debugging workshop in florida
Windows kernel debugging workshop in floridaSisimon Soman
 
Monitoring Containers with Weave Scope
Monitoring Containers with Weave ScopeMonitoring Containers with Weave Scope
Monitoring Containers with Weave ScopeWeaveworks
 
[ODI] chapter2 what is "undo record chaining"?
[ODI] chapter2 what is "undo record chaining"?[ODI] chapter2 what is "undo record chaining"?
[ODI] chapter2 what is "undo record chaining"?EXEM
 
Debugging TV Frame 0x05
Debugging TV Frame 0x05Debugging TV Frame 0x05
Debugging TV Frame 0x05Dmitry Vostokov
 
Java bytecode Malware Analysis
Java bytecode Malware AnalysisJava bytecode Malware Analysis
Java bytecode Malware AnalysisBrian Baskin
 
Spectre(v1%2 fv2%2fv4) v.s. meltdown(v3)
Spectre(v1%2 fv2%2fv4) v.s. meltdown(v3)Spectre(v1%2 fv2%2fv4) v.s. meltdown(v3)
Spectre(v1%2 fv2%2fv4) v.s. meltdown(v3)Gavin Guo
 
Varnish in action confoo11
Varnish in action confoo11Varnish in action confoo11
Varnish in action confoo11Combell NV
 
Hp dv6 7000 goya balen 11254-3
Hp dv6 7000 goya balen 11254-3Hp dv6 7000 goya balen 11254-3
Hp dv6 7000 goya balen 11254-3JosPinaya
 
How to debug ocfs2 hang problem
How to debug ocfs2 hang problemHow to debug ocfs2 hang problem
How to debug ocfs2 hang problemGang He
 
Debugging TV Frame 0x0C
Debugging TV Frame 0x0CDebugging TV Frame 0x0C
Debugging TV Frame 0x0CDmitry Vostokov
 
A New Framework for Detection
A New Framework for DetectionA New Framework for Detection
A New Framework for DetectionSourcefire VRT
 
Varnish in action phpday2011
Varnish in action phpday2011Varnish in action phpday2011
Varnish in action phpday2011Combell NV
 
Varnish in action phpuk11
Varnish in action phpuk11Varnish in action phpuk11
Varnish in action phpuk11Combell NV
 
Accelerated Windows Debugging 3 training public slides
Accelerated Windows Debugging 3 training public slidesAccelerated Windows Debugging 3 training public slides
Accelerated Windows Debugging 3 training public slidesDmitry Vostokov
 
Accelerated .NET Memory Dump Analysis training public slides
Accelerated .NET Memory Dump Analysis training public slidesAccelerated .NET Memory Dump Analysis training public slides
Accelerated .NET Memory Dump Analysis training public slidesDmitry Vostokov
 

More Related Content

Similar to Debugging TV Frame 0x11

Windows Debugging with WinDbg
Windows Debugging with WinDbgWindows Debugging with WinDbg
Windows Debugging with WinDbgArno Huetter
 
Reverse engineering of binary programs for custom virtual machines
Reverse engineering of binary programs for custom virtual machinesReverse engineering of binary programs for custom virtual machines
Reverse engineering of binary programs for custom virtual machinesSmartDec
 
Varnish in action pbc10
Varnish in action pbc10Varnish in action pbc10
Varnish in action pbc10Combell NV
 
Ax som-xc7z020-user_manual_en
Ax som-xc7z020-user_manual_enAx som-xc7z020-user_manual_en
Ax som-xc7z020-user_manual_enAlexey Yurko
 
Windows kernel debugging workshop in florida
Windows kernel debugging workshop in floridaWindows kernel debugging workshop in florida
Windows kernel debugging workshop in floridaSisimon Soman
 
Monitoring Containers with Weave Scope
Monitoring Containers with Weave ScopeMonitoring Containers with Weave Scope
Monitoring Containers with Weave ScopeWeaveworks
 
[ODI] chapter2 what is "undo record chaining"?
[ODI] chapter2 what is "undo record chaining"?[ODI] chapter2 what is "undo record chaining"?
[ODI] chapter2 what is "undo record chaining"?EXEM
 
Java bytecode Malware Analysis
Java bytecode Malware AnalysisJava bytecode Malware Analysis
Java bytecode Malware AnalysisBrian Baskin
 
Spectre(v1%2 fv2%2fv4) v.s. meltdown(v3)
Spectre(v1%2 fv2%2fv4) v.s. meltdown(v3)Spectre(v1%2 fv2%2fv4) v.s. meltdown(v3)
Spectre(v1%2 fv2%2fv4) v.s. meltdown(v3)Gavin Guo
 
Varnish in action confoo11
Varnish in action confoo11Varnish in action confoo11
Varnish in action confoo11Combell NV
 
Hp dv6 7000 goya balen 11254-3
Hp dv6 7000 goya balen 11254-3Hp dv6 7000 goya balen 11254-3
Hp dv6 7000 goya balen 11254-3JosPinaya
 
How to debug ocfs2 hang problem
How to debug ocfs2 hang problemHow to debug ocfs2 hang problem
How to debug ocfs2 hang problemGang He
 
A New Framework for Detection
A New Framework for DetectionA New Framework for Detection
A New Framework for DetectionSourcefire VRT
 
Varnish in action phpday2011
Varnish in action phpday2011Varnish in action phpday2011
Varnish in action phpday2011Combell NV
 
Varnish in action phpuk11
Varnish in action phpuk11Varnish in action phpuk11
Varnish in action phpuk11Combell NV
 

Similar to Debugging TV Frame 0x11 (20)

Windows Debugging with WinDbg
Windows Debugging with WinDbgWindows Debugging with WinDbg
Windows Debugging with WinDbg
 
Reverse engineering of binary programs for custom virtual machines
Reverse engineering of binary programs for custom virtual machinesReverse engineering of binary programs for custom virtual machines
Reverse engineering of binary programs for custom virtual machines
 
Varnish in action pbc10
Varnish in action pbc10Varnish in action pbc10
Varnish in action pbc10
 
Ax som-xc7z020-user_manual_en
Ax som-xc7z020-user_manual_enAx som-xc7z020-user_manual_en
Ax som-xc7z020-user_manual_en
 
IPv6 Basics
IPv6 BasicsIPv6 Basics
IPv6 Basics
 
Debugging TV Frame 0x02
Debugging TV Frame 0x02Debugging TV Frame 0x02
Debugging TV Frame 0x02
 
crack satellite
crack satellite crack satellite
crack satellite
 
Windows kernel debugging workshop in florida
Windows kernel debugging workshop in floridaWindows kernel debugging workshop in florida
Windows kernel debugging workshop in florida
 
Monitoring Containers with Weave Scope
Monitoring Containers with Weave ScopeMonitoring Containers with Weave Scope
Monitoring Containers with Weave Scope
 
[ODI] chapter2 what is "undo record chaining"?
[ODI] chapter2 what is "undo record chaining"?[ODI] chapter2 what is "undo record chaining"?
[ODI] chapter2 what is "undo record chaining"?
 
Debugging TV Frame 0x05
Debugging TV Frame 0x05Debugging TV Frame 0x05
Debugging TV Frame 0x05
 
Java bytecode Malware Analysis
Java bytecode Malware AnalysisJava bytecode Malware Analysis
Java bytecode Malware Analysis
 
Spectre(v1%2 fv2%2fv4) v.s. meltdown(v3)
Spectre(v1%2 fv2%2fv4) v.s. meltdown(v3)Spectre(v1%2 fv2%2fv4) v.s. meltdown(v3)
Spectre(v1%2 fv2%2fv4) v.s. meltdown(v3)
 
Varnish in action confoo11
Varnish in action confoo11Varnish in action confoo11
Varnish in action confoo11
 
Hp dv6 7000 goya balen 11254-3
Hp dv6 7000 goya balen 11254-3Hp dv6 7000 goya balen 11254-3
Hp dv6 7000 goya balen 11254-3
 
How to debug ocfs2 hang problem
How to debug ocfs2 hang problemHow to debug ocfs2 hang problem
How to debug ocfs2 hang problem
 
Debugging TV Frame 0x0C
Debugging TV Frame 0x0CDebugging TV Frame 0x0C
Debugging TV Frame 0x0C
 
A New Framework for Detection
A New Framework for DetectionA New Framework for Detection
A New Framework for Detection
 
Varnish in action phpday2011
Varnish in action phpday2011Varnish in action phpday2011
Varnish in action phpday2011
 
Varnish in action phpuk11
Varnish in action phpuk11Varnish in action phpuk11
Varnish in action phpuk11
 

More from Dmitry Vostokov

Accelerated Windows Debugging 3 training public slides
Accelerated Windows Debugging 3 training public slidesAccelerated Windows Debugging 3 training public slides
Accelerated Windows Debugging 3 training public slidesDmitry Vostokov
 
Accelerated .NET Memory Dump Analysis training public slides
Accelerated .NET Memory Dump Analysis training public slidesAccelerated .NET Memory Dump Analysis training public slides
Accelerated .NET Memory Dump Analysis training public slidesDmitry Vostokov
 

More from Dmitry Vostokov (20)

Accelerated Windows Debugging 3 training public slides
Accelerated Windows Debugging 3 training public slidesAccelerated Windows Debugging 3 training public slides
Accelerated Windows Debugging 3 training public slides
 
Accelerated .NET Memory Dump Analysis training public slides
Accelerated .NET Memory Dump Analysis training public slidesAccelerated .NET Memory Dump Analysis training public slides
Accelerated .NET Memory Dump Analysis training public slides
 
Debugging TV Frame 0x1C
Debugging TV Frame 0x1CDebugging TV Frame 0x1C
Debugging TV Frame 0x1C
 
Debugging TV Frame 0x1A
Debugging TV Frame 0x1ADebugging TV Frame 0x1A
Debugging TV Frame 0x1A
 
Debugging TV Frame 0x34
Debugging TV Frame 0x34Debugging TV Frame 0x34
Debugging TV Frame 0x34
 
Debugging TV Frame 0x33
Debugging TV Frame 0x33Debugging TV Frame 0x33
Debugging TV Frame 0x33
 
Debugging TV Frame 0x31
Debugging TV Frame 0x31Debugging TV Frame 0x31
Debugging TV Frame 0x31
 
Debugging TV Frame 0x25
Debugging TV Frame 0x25Debugging TV Frame 0x25
Debugging TV Frame 0x25
 
Debugging TV Frame 0x24
Debugging TV Frame 0x24Debugging TV Frame 0x24
Debugging TV Frame 0x24
 
Debugging TV Frame 0x21
Debugging TV Frame 0x21Debugging TV Frame 0x21
Debugging TV Frame 0x21
 
Debugging TV Frame 0x20
Debugging TV Frame 0x20Debugging TV Frame 0x20
Debugging TV Frame 0x20
 
Debugging TV Frame 0x19
Debugging TV Frame 0x19Debugging TV Frame 0x19
Debugging TV Frame 0x19
 
Debugging TV Frame 0x18
Debugging TV Frame 0x18Debugging TV Frame 0x18
Debugging TV Frame 0x18
 
Debugging TV Frame 0x17
Debugging TV Frame 0x17Debugging TV Frame 0x17
Debugging TV Frame 0x17
 
Debugging TV Frame 0x15
Debugging TV Frame 0x15Debugging TV Frame 0x15
Debugging TV Frame 0x15
 
Debugging TV Frame 0x14
Debugging TV Frame 0x14Debugging TV Frame 0x14
Debugging TV Frame 0x14
 
Debugging TV Frame 0x13
Debugging TV Frame 0x13Debugging TV Frame 0x13
Debugging TV Frame 0x13
 
Debugging TV Frame 0x12
Debugging TV Frame 0x12Debugging TV Frame 0x12
Debugging TV Frame 0x12
 
Debugging TV Frame 0x10
Debugging TV Frame 0x10Debugging TV Frame 0x10
Debugging TV Frame 0x10
 
Debugging TV Frame 0x0F
Debugging TV Frame 0x0FDebugging TV Frame 0x0F
Debugging TV Frame 0x0F
 

Recently uploaded

Project Based Learning (A.I).pptx detail explanation
Project Based Learning (A.I).pptx detail explanationProject Based Learning (A.I).pptx detail explanation
Project Based Learning (A.I).pptx detail explanationkaushalgiri8080
 
What is Binary Language? Computer Number Systems
What is Binary Language? Computer Number SystemsWhat is Binary Language? Computer Number Systems
What is Binary Language? Computer Number SystemsJheuzeDellosa
 
Cloud Management Software Platforms: OpenStack
Cloud Management Software Platforms: OpenStackCloud Management Software Platforms: OpenStack
Cloud Management Software Platforms: OpenStackVICTOR MAESTRE RAMIREZ
 
Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...
Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...
Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...stazi3110
 
Asset Management Software - Infographic
Asset Management Software - InfographicAsset Management Software - Infographic
Asset Management Software - InfographicHr365.us smith
 
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...kellynguyen01
 
Salesforce Certified Field Service Consultant
Salesforce Certified Field Service ConsultantSalesforce Certified Field Service Consultant
Salesforce Certified Field Service ConsultantAxelRicardoTrocheRiq
 
The Evolution of Karaoke From Analog to App.pdf
The Evolution of Karaoke From Analog to App.pdfThe Evolution of Karaoke From Analog to App.pdf
The Evolution of Karaoke From Analog to App.pdfPower Karaoke
 
Building Real-Time Data Pipelines: Stream & Batch Processing workshop Slide
Building Real-Time Data Pipelines: Stream & Batch Processing workshop SlideBuilding Real-Time Data Pipelines: Stream & Batch Processing workshop Slide
Building Real-Time Data Pipelines: Stream & Batch Processing workshop SlideChristina Lin
 
Call Girls in Naraina Delhi 💯Call Us 🔝8264348440🔝
Call Girls in Naraina Delhi 💯Call Us 🔝8264348440🔝Call Girls in Naraina Delhi 💯Call Us 🔝8264348440🔝
Call Girls in Naraina Delhi 💯Call Us 🔝8264348440🔝soniya singh
 
BATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASE
BATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASEBATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASE
BATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASEOrtus Solutions, Corp
 
ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...
ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...
ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...Christina Lin
 
Engage Usergroup 2024 - The Good The Bad_The Ugly
Engage Usergroup 2024 - The Good The Bad_The UglyEngage Usergroup 2024 - The Good The Bad_The Ugly
Engage Usergroup 2024 - The Good The Bad_The UglyFrank van der Linden
 
Automate your Kamailio Test Calls - Kamailio World 2024
Automate your Kamailio Test Calls - Kamailio World 2024Automate your Kamailio Test Calls - Kamailio World 2024
Automate your Kamailio Test Calls - Kamailio World 2024Andreas Granig
 
Implementing Zero Trust strategy with Azure
Implementing Zero Trust strategy with AzureImplementing Zero Trust strategy with Azure
Implementing Zero Trust strategy with AzureDinusha Kumarasiri
 
Unit 1.1 Excite Part 1, class 9, cbse...
Unit 1.1 Excite Part 1, class 9, cbse...Unit 1.1 Excite Part 1, class 9, cbse...
Unit 1.1 Excite Part 1, class 9, cbse...aditisharan08
 
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...MyIntelliSource, Inc.
 
What are the features of Vehicle Tracking System?
What are the features of Vehicle Tracking System?What are the features of Vehicle Tracking System?
What are the features of Vehicle Tracking System?Watsoo Telematics
 
Adobe Marketo Engage Deep Dives: Using Webhooks to Transfer Data
Adobe Marketo Engage Deep Dives: Using Webhooks to Transfer DataAdobe Marketo Engage Deep Dives: Using Webhooks to Transfer Data
Adobe Marketo Engage Deep Dives: Using Webhooks to Transfer DataBradBedford3
 
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...MyIntelliSource, Inc.
 

Recently uploaded (20)

Project Based Learning (A.I).pptx detail explanation
Project Based Learning (A.I).pptx detail explanationProject Based Learning (A.I).pptx detail explanation
Project Based Learning (A.I).pptx detail explanation
 
What is Binary Language? Computer Number Systems
What is Binary Language? Computer Number SystemsWhat is Binary Language? Computer Number Systems
What is Binary Language? Computer Number Systems
 
Cloud Management Software Platforms: OpenStack
Cloud Management Software Platforms: OpenStackCloud Management Software Platforms: OpenStack
Cloud Management Software Platforms: OpenStack
 
Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...
Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...
Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...
 
Asset Management Software - Infographic
Asset Management Software - InfographicAsset Management Software - Infographic
Asset Management Software - Infographic
 
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
 
Salesforce Certified Field Service Consultant
Salesforce Certified Field Service ConsultantSalesforce Certified Field Service Consultant
Salesforce Certified Field Service Consultant
 
The Evolution of Karaoke From Analog to App.pdf
The Evolution of Karaoke From Analog to App.pdfThe Evolution of Karaoke From Analog to App.pdf
The Evolution of Karaoke From Analog to App.pdf
 
Building Real-Time Data Pipelines: Stream & Batch Processing workshop Slide
Building Real-Time Data Pipelines: Stream & Batch Processing workshop SlideBuilding Real-Time Data Pipelines: Stream & Batch Processing workshop Slide
Building Real-Time Data Pipelines: Stream & Batch Processing workshop Slide
 
Call Girls in Naraina Delhi 💯Call Us 🔝8264348440🔝
Call Girls in Naraina Delhi 💯Call Us 🔝8264348440🔝Call Girls in Naraina Delhi 💯Call Us 🔝8264348440🔝
Call Girls in Naraina Delhi 💯Call Us 🔝8264348440🔝
 
BATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASE
BATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASEBATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASE
BATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASE
 
ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...
ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...
ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...
 
Engage Usergroup 2024 - The Good The Bad_The Ugly
Engage Usergroup 2024 - The Good The Bad_The UglyEngage Usergroup 2024 - The Good The Bad_The Ugly
Engage Usergroup 2024 - The Good The Bad_The Ugly
 
Automate your Kamailio Test Calls - Kamailio World 2024
Automate your Kamailio Test Calls - Kamailio World 2024Automate your Kamailio Test Calls - Kamailio World 2024
Automate your Kamailio Test Calls - Kamailio World 2024
 
Implementing Zero Trust strategy with Azure
Implementing Zero Trust strategy with AzureImplementing Zero Trust strategy with Azure
Implementing Zero Trust strategy with Azure
 
Unit 1.1 Excite Part 1, class 9, cbse...
Unit 1.1 Excite Part 1, class 9, cbse...Unit 1.1 Excite Part 1, class 9, cbse...
Unit 1.1 Excite Part 1, class 9, cbse...
 
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
 
What are the features of Vehicle Tracking System?
What are the features of Vehicle Tracking System?What are the features of Vehicle Tracking System?
What are the features of Vehicle Tracking System?
 
Adobe Marketo Engage Deep Dives: Using Webhooks to Transfer Data
Adobe Marketo Engage Deep Dives: Using Webhooks to Transfer DataAdobe Marketo Engage Deep Dives: Using Webhooks to Transfer Data
Adobe Marketo Engage Deep Dives: Using Webhooks to Transfer Data
 
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
 

Debugging TV Frame 0x11

  • 1. Frame 0x11 Presenter: Dmitry Vostokov Sponsors Debugging.TV
  • 2. • Stack region (Windows) • Stack region (Mac OS X) • Stack region (Windows, 2nd method) • Patterns Topics © 2012 Software Diagnostics Institute
  • 3. Stack Region (W) © 2012 Software Diagnostics Institute 0:000> ~ . 0 Id: bdc.8c8 Suspend: 0 Teb: 000007ff`fffdc000 Unfrozen 1 Id: bdc.aec Suspend: 0 Teb: 000007ff`fffda000 Unfrozen 2 Id: bdc.674 Suspend: 0 Teb: 000007ff`fffd8000 Unfrozen 3 Id: bdc.768 Suspend: 0 Teb: 000007ff`fffd6000 Unfrozen 4 Id: bdc.b34 Suspend: 0 Teb: 000007ff`fffd4000 Unfrozen 5 Id: bdc.868 Suspend: 0 Teb: 000007ff`fffae000 Unfrozen 6 Id: bdc.9e4 Suspend: 0 Teb: 000007ff`fffac000 Unfrozen 0:000> !teb 000007ff`fffd6000 TEB at 000007fffffd6000 ExceptionList: 0000000000000000 StackBase: 0000000000920000 StackLimit: 000000000091e000 SubSystemTib: 0000000000000000 FiberData: 0000000000001e00 ArbitraryUserPointer: 0000000000000000 Self: 000007fffffd6000 EnvironmentPointer: 0000000000000000 ClientId: 0000000000000bdc . 0000000000000768 RpcHandle: 0000000000000000 Tls Storage: 000007fffffd6058 PEB Address: 000007fffffde000 LastErrorValue: 87 LastStatusValue: c000000d Count Owned Locks: 0 HardErrorMode: 0 0:000> dps 000000000091e000 0000000000920000 00000000`0091e000 00000000`00000000 00000000`0091e008 00000000`00000000 […]
  • 4. Stack Region (M) © 2012 Software Diagnostics Institute (gdb) info threads 3 0x000000010540ce4e in thread_two (arg=0x0) 2 0x000000010540ce1e in thread_one (arg=0x0) * 1 0x00007fff885e9e42 in __semwait_signal () Current language: auto; currently minimal (gdb) thread 2 [Switching to thread 2 (core thread 1)] 0x000000010540ce1e in thread_one (arg=0x0) 16 *p = 1; (gdb) x $rsp 0x1054c0f10: 0x054c0f50 (gdb) thread 1 [Switching to thread 1 (core thread 0)] 0x00007fff885e9e42 in __semwait_signal () (gdb) x $rsp 0x7fff6500ba38: 0x8324bdea (gdb) maintenance info sections Core file: `/cores/core.925', file type mach-o-le. 0x0000000105441000->0x00000001054c3000 at 0x00037000: LC_SEGMENT. ALLOC LOAD CODE HAS_CONTENTS […] 0x00007fff6480c000->0x00007fff6500c000 at 0x03a3c000: LC_SEGMENT. ALLOC LOAD CODE HAS_CONTENTS […]
  • 5. Stack Region (W2) © 2012 Software Diagnostics Institute 0:000> ~ . 0 Id: bdc.8c8 Suspend: 0 Teb: 000007ff`fffdc000 Unfrozen 1 Id: bdc.aec Suspend: 0 Teb: 000007ff`fffda000 Unfrozen 2 Id: bdc.674 Suspend: 0 Teb: 000007ff`fffd8000 Unfrozen 3 Id: bdc.768 Suspend: 0 Teb: 000007ff`fffd6000 Unfrozen 4 Id: bdc.b34 Suspend: 0 Teb: 000007ff`fffd4000 Unfrozen 5 Id: bdc.868 Suspend: 0 Teb: 000007ff`fffae000 Unfrozen 6 Id: bdc.9e4 Suspend: 0 Teb: 000007ff`fffac000 Unfrozen 0:000> ~3s ntdll!NtDelayExecution+0xa: 00000000`7790f9fa c3 ret 0:003> !address rsp Usage: Stack Allocation Base: 00000000`00820000 Base Address: 00000000`0091e000 End Address: 00000000`00920000 Region Size: 00000000`00002000 Type: 00020000 MEM_PRIVATE State: 00001000 MEM_COMMIT Protect: 00000004 PAGE_READWRITE More info: ~3k 0:000> dps 000000000091e000 0000000000920000 00000000`0091e000 00000000`00000000 00000000`0091e008 00000000`00000000 […]
  • 6. Patterns © 2012 Software Diagnostics Institute Structural memory patterns: • Memory Region • Region Boundary Unified diagnostics/debugging pattern language (software post-construction): • Analysis Patterns Execution Residue • Architectural Patterns Command Pipe • Design Patterns Memory Region • Implementation Patterns Memory address attributes • Usage Patterns Memory value inspection
  • 7. !Ad Hardcore Technical Support Training July 18-23, 2012 Accelerated Windows Memory Dump Analysis July 27-30, 2012 Accelerated Mac OS X Core Dump Analysis Sept 3, 2012 Systemic Software Diagnostics (FREE Webinar) Sept 7-10, 2012 Accelerated .NET Memory Dump Analysis (with x64) Sept 14-17, 2012 Advanced Windows Memory Dump Analysis October 12-15, 2012 Accelerated Windows Software Trace Analysis October 17-22, 2012 Accelerated Windows Malware Analysis © 2012 Software Diagnostics Institute