About the Author
Presentation Slides and Transcript
Core Dump Collection
x64 Disassembly
ARM64 Disassembly
Practice Exercises
Exercise 0 (x64, GDB)
Exercise 0 (A64, GDB)
Exercise 0 (A64, WinDbg Preview, WinDbg, Docker)
Exercise A1 (x64, GDB)
Exercise A1 (A64, GDB)
Exercise A1 (A64, WinDbg Preview)
Exercise A2D (x64, GDB)
Exercise A2D (A64, GDB)
Exercise A2D (A64, WinDbg Preview)
Exercise A2C (x64, GDB)
Exercise A2C (A64, GDB)
Exercise A2C (A64, WinDbg Preview)
Exercise A2S (x64, GDB)
Exercise A2S (A64, GDB)
Exercise A3 (x64, GDB)
Exercise A3 (A64, GDB)
Exercise A3 (A64, WinDbg Preview)
Exercise A4 (x64, GDB)
Exercise A4 (A64, GDB)
Exercise A4 (A64, WinDbg Preview)
Exercise A5 (x64, GDB)
Exercise A5 (A64, GDB)
Exercise A5 (A64, WinDbg Preview)
Exercise A6 (x64, GDB)
Exercise A6 (A64, GDB)
Exercise A6 (A64, WinDbg Preview)
Exercise A7 (x64, GDB)
Exercise A8 (x64, GDB)
Exercise A8 (A64, GDB)
Exercise A8 (A64, WinDbg Preview)
Exercise A9 (x64, GDB)
Exercise A9 (A64, GDB)
Exercise A9 (A64, WinDbg Preview)
Exercise A10 (x64, GDB)
Exercise A10 (A64, GDB)
Exercise A10 (A64, WinDbg Preview)
Exercise A11 (x64, GDB)
Exercise A11 (A64, GDB)
Exercise A11 (A64, WinDbg Preview)
Exercise A12 (x64, GDB)
Exercise A12 (A64, GDB)
Exercise A12 (A64, WinDbg Preview)
Exercise K1 (x64, GDB)
Exercise K2 (x64, GDB)
Exercise K3 (x64, GDB)
Exercise K4 (x64, GDB)
Exercise K5 (x64, GDB)
Selected Q&A
App Source Code
App0
App1
App2D
App2C
App2S
App3
App4
App5
App6
App7
App8
App9
App10
App11 / App12
K2
K3
K4
K5
Selected Analysis Patterns
NULL Pointer (Data)
Incomplete Stack Trace
Stack Trace
NULL Pointer (Code)
Spiking Thread
Dynamic Memory Corruption (Process Heap)
Execution Residue (User Space)
Coincidental Symbolic Information
Stack Overflow (User Mode)
Divide by Zero (User Mode)
Local Buffer Overflow (User Space)
C++ Exception
Paratext
Active Thread
Lateral Damage
Critical Region