| We define abstraction as selective ignorance. | Follow @t_toyota |
WinDbg allows me to get all these Windows Internals.
- Intro to Crash Dump Analysis
- Get a big pic of crashed system
- Intro to PE format file (1)
- Intro to PE format file (2)
- PE format, Nt*, Zw*, System Service Table
- NTDLL export table, Zw*, 64-bit Service Table
- WinDbg API Logger and DLL pe export table
- Intro to Infected 32-bit System Service Table (1)
- Intro to Infected 32-bit System Service Table (2)
- Intro to Raw Stack Trace
- Intro to Token
- Dumping 32-bit System Service Table
- Dumping 64-bit System Service Table
- Dumping 32-bit System Device Map
- Dumping 64-bit System Device Map
- Device Map Reference Count
- Dumping 32-bit System PsCidTable
- Dumping 64-bit System PsCidTable
- Dumping 32-bit System Object Table
- Dumping 64-bit System Object Table
- Dumping 32-bit Win32k Table
- Dumping 64-bit Win32k Table
- Process, Thread, IRP, FileObj, DrvObj
- Detecting invisible threads
- System Call Number and Firefox
- System Call Number and Chrome
- Inter-process Synchronization
- 64-bit Parent_Child process relation
- 32-bit Parent_Child process relation
| HOME | Windows Crash Dump Analysis Basics |