Upload File

the old new crash: cloud memory dump analysis

  • Home
  • Software
  • The Old New Crash: Cloud Memory Dump Analysis
18
The Old New Crash Presenter: Dmitry Vostokov Memory Dump Analysis Services

Upload: dmitry-vostokov

Post on 13-Feb-2017

167 views

Category:

Software


4 download

Report

TRANSCRIPT

Page 1: The Old New Crash: Cloud Memory Dump Analysis

The Old New Crash

Presenter: Dmitry Vostokov Memory Dump Analysis Services

http://www.dumpanalysis.com/
Page 2: The Old New Crash: Cloud Memory Dump Analysis

MDA Services Memory Dump Analysis Audit Software Trace Analysis Audit Software Error Reporting Audit Remote Training Debugging Bureau Tool Objects and EasyDbg iMemoryDump (New)

Powered by DA+TA DumpAnalysis.org + TraceAnaysis.org

© 2011 Memory Dump Analysis Services

http://www.dumpanalysis.org/
http://www.traceanalysis.org/
http://www.dumpanalysis.com/
Page 3: The Old New Crash: Cloud Memory Dump Analysis

Prerequisites

Experience in software troubleshooting, memory dump analysis or live debugging on non-cloud platforms

© 2011 Memory Dump Analysis Services

http://www.dumpanalysis.com/
Page 4: The Old New Crash: Cloud Memory Dump Analysis

Agenda (Summary) Cloud for Memory Dump Analysis Memory Dump Analysis for Cloud What’s Old / What’s New Live Memory Dump Analysis

© 2011 Memory Dump Analysis Services

http://www.dumpanalysis.com/
Page 5: The Old New Crash: Cloud Memory Dump Analysis

What’s a Cloud Deployment Architecture IaaS (Infrastructure as a Service) PaaS (Platform as a Service) PaaS example: Windows Azure

© 2011 Memory Dump Analysis Services

http://www.dumpanalysis.com/
Page 6: The Old New Crash: Cloud Memory Dump Analysis

Cloud for MDA Elastic storage (BLOBS, Tables) Centralized security Worker roles to generate textual logs Tables for checklists (extensibility) RESTful dump analysis iMemoryDump on Windows Azure

© 2011 Memory Dump Analysis Services

http://www.dumpanalysis.com/
Page 7: The Old New Crash: Cloud Memory Dump Analysis

What’s Old IaaS – memory dumps Pattern-driven analysis Virtualized System Wait Chains (ALPC / RPC) Stack Trace Collection Azure PaaS – .NET / CLR / Managed

Space patterns

© 2011 Memory Dump Analysis Services

http://www.dumpanalysis.org/blog/index.php/2009/07/10/crash-dump-analysis-patterns-part-87/
http://www.dumpanalysis.org/blog/index.php/2009/02/17/wait-chain-patterns/
http://www.dumpanalysis.org/blog/index.php/2007/09/14/crash-dump-analysis-patterns-part-27/
http://www.dumpanalysis.org/blog/index.php/2011/04/22/net-clr-managed-space-patterns/
http://www.dumpanalysis.org/blog/index.php/2011/04/22/net-clr-managed-space-patterns/
http://www.dumpanalysis.com/
Page 8: The Old New Crash: Cloud Memory Dump Analysis

A.C.P. Root Cause Analysis

Artifacts

Checklists

Patterns

Checklists and patterns as best practices

Iterative and Incremental

© 2011 Memory Dump Analysis Services

http://www.dumpanalysis.com/
Page 9: The Old New Crash: Cloud Memory Dump Analysis

What’s New PaaS – IaaS might be hidden (currently

Azure has a beta-program for using customer’s W2K8 R2 VMs)

Reduced variability of hardware (identical hardware, everything is virtualized)

Cloud Environment pattern Possible private modifications

© 2011 Memory Dump Analysis Services

http://www.dumpanalysis.org/blog/index.php/2011/06/12/crash-dump-analysis-patterns-part-137/
http://www.dumpanalysis.org/blog/index.php/2011/06/12/crash-dump-analysis-patterns-part-138/
http://www.dumpanalysis.com/
Page 10: The Old New Crash: Cloud Memory Dump Analysis

Orbifold Memory Space

The space name comes from a mathematical orbifold (a generalization of manifold). Note: in WinDbg you can load multiple dumps and switch between them (.opendump and || commands) Might be affected by ASLR

© 2011 Memory Dump Analysis Services

http://en.wikipedia.org/wiki/Orbifold
http://en.wikipedia.org/wiki/Manifold
http://www.dumpanalysis.org/blog/index.php/2010/01/06/windbg-shortcuts-opendump/
http://www.dumpanalysis.org/blog/index.php/2010/01/06/windbg-shortcuts-opendump/
http://www.dumpanalysis.org/blog/index.php/2007/05/22/aslr-address-space-layout-randomization/
http://www.dumpanalysis.com/
Page 11: The Old New Crash: Cloud Memory Dump Analysis

Example: Development

Now I switch to a WinDbg session...

© 2011 Memory Dump Analysis Services

http://www.dumpanalysis.com/
Page 12: The Old New Crash: Cloud Memory Dump Analysis

Example: Deployment

Now I switch to a WinDbg session...

© 2011 Memory Dump Analysis Services

http://www.dumpanalysis.com/
Page 13: The Old New Crash: Cloud Memory Dump Analysis

Resources (Cloud) The Cloud at Your Service by J. Rosenberg* and A. Mateos

(ISBN: 978-1935182528) Platform independent general cloud overview with examples from Amazon

and Google

Azure in Action by C. Hay and B. Prince (ISBN: 978-1935182481) Excellent general Windows Azure platform overview to prepare you for

further hands-on exploration

* The author of a book “How Debuggers Work: Algorithms, Data Structures, and Architecture” (ISBN: 978-0471149668)

© 2011 Memory Dump Analysis Services

http://www.dumpanalysis.com/
Page 14: The Old New Crash: Cloud Memory Dump Analysis

Resources (MDA) DumpAnalysis.org Pattern-Driven Memory Dump Analysis Memory Dump and Trace Analysis: A Unified Pattern Approach Introduction to Pattern-Driven Software Problem Solving Software Trace and Memory Dump Analysis Advanced Software Debugging Reference:

OpenTask publishes this presentation transcript with case studies (ISBN: 978-1908043283)

© 2011 Memory Dump Analysis Services

http://www.dumpanalysis.org/
http://community.citrix.com/blogs/citrite/dmitryv
http://www.debuggingexperts.com/memory-dump-trace-analysis-unified-pattern-approach
http://www.dumpanalysis.com/PDSPSI-materials
http://www.dumpanalysis.com/STMDA-materials
http://www.forensicanalysis.org/advanced-software-debugging-reference
http://www.opentask.com/
http://www.dumpanalysis.org/Memory+Dump+Analysis+Anthology+Volume+1
http://www.dumpanalysis.org/Forthcoming+Memory+Dump+Analysis+Anthology+Volume+2
http://www.dumpanalysis.org/Memory+Dump+Analysis+Anthology+Volume+3
http://www.dumpanalysis.org/Memory+Dump+Analysis+Anthology+Volume+4
http://www.dumpanalysis.org/Memory+Dump+Analysis+Anthology+Volume+5
http://www.dumpanalysis.com/
Page 15: The Old New Crash: Cloud Memory Dump Analysis

Resources (Training) August remote training season: Accelerated Windows Memory Dump Analysis Visit Memory Dump Analysis Services for registration details:

www.DumpAnalysis.com

© 2011 Memory Dump Analysis Services

http://www.dumpanalysis.com/
http://www.dumpanalysis.com/
http://www.dumpanalysis.com/
http://www.dumpanalysis.com/
Page 16: The Old New Crash: Cloud Memory Dump Analysis

Resources (Free Webinars) Cloud Software Trace Analysis (August) Visit Memory Dump Analysis Services for registration details:

www.DumpAnalysis.com

© 2011 Memory Dump Analysis Services

http://www.dumpanalysis.com/
http://www.dumpanalysis.com/
http://www.dumpanalysis.com/
http://www.dumpanalysis.com/
Page 17: The Old New Crash: Cloud Memory Dump Analysis

Q&A

Please send your feedback using the contact form on DumpAnalysis.com

© 2011 Memory Dump Analysis Services

http://www.dumpanalysis.com/contact
http://www.dumpanalysis.com/contact
http://www.dumpanalysis.com/
Page 18: The Old New Crash: Cloud Memory Dump Analysis

Thank you for attendance!

Join DA+TA Facebook Group

Memory Dump Analysis Service on Facebook

© 2011 Memory Dump Analysis Services

http://www.facebook.com/group.php?gid=95282722070
http://www.facebook.com/pages/Memory-Dump-Analysis-Services/188191297872151
http://www.dumpanalysis.com/

Linux Crash Dump Capture and Analysis

Lcrash HOWTO - LKCD - Linux Kernel Crash Dump

Examine Small Memory Dump Files

Comae Stardust · 2020-02-19 · Create Dump Files using DumpIt Dump files are the exact copy of the entire memory state of a machine as a Microsoft Crash Dump. They are generated

Optimizing Crash Dump in Virtualized Environments...Core Dump on System Crash •System Crash –Painful, but a fact of life –Reboot the whole system for recovery •Crash Dump (or

Basics of Kernel Crash Dump Analysis - Red Hatpeople.redhat.com/hvyas/Basics_of_Kernel_Crash_Dump_Analysis.pdf · Basics of kernel crash dump analysis Initial analysis of kernel crash

Complete Crash and Hang Memory Dump Analysis...Crash and Hang Memory Dump Analysis Presenter: Dmitry Vostokov Memory Dump Analysis Services Revision 2 Prerequisites Working knowledge

Windows Memory Dump Analysis

Red Hat Enterprise Linux 7 Kernel Crash Dump Guide · The Kernel Crash Dump Guide documents how to configure, test, and use the kdump crash recovery service on Red Hat Enterprise

Linux Crash Dump Analysis - D3Sd3s.mff.cuni.cz/teaching/crash_dump_analysis/slides/08-linux.pdf · Linux Crash Dump Analysis. Crash Dump Analysis 2014/2015 Linux 2 ... We can also

Memory Management Issues - D3Sd3s.mff.cuni.cz/teaching/crash_dump_analysis/slides/06-memory.pdf · Crash Dump Analysis 2015/2016 Memory Management Issues 3 References Jeff Bonwick:

Kernel Crash Dump Guide - Linux Repositoriesmirror.aminidc.com/redhat/RHEL_7.2/Docs/Red_Hat... · The Kernel Crash Dump Guide documents how to configure, test, and use the kdump crash

Windows Memory Dump Analysis - Software Diagnostics Services

Crash dump analysis - experience sharing

Basic Kernel Crash Dump Analysis - Red Hatpeople.redhat.com/hvyas/Basics_of_Kernel_Panic_Hang_and_ Kdump.… · Basic Kernel Crash Dump Analysis. 2 ... Management Log for details

Complete Crash and Hang Memory Dump Analysis

Complete Crash and Hang Memory Dump · PDF fileComplete Crash and Hang Memory Dump Analysis Presenter: Dmitry Vostokov Memory Dump Analysis Services

Kernel Crash Dump Guide

FireWire Memory Dump of a Windows XP Compute1 - … Memory Dump … ·  · 2007-04-04FireWire Memory Dump of a Windows XP Computer: A Forensic Approach ... • A “servlet” is

Installing the Flash Drive Prep Program on your PC€¦  · Web viewTo produce a memory dump, go to the “Clone/Memory Dump” screen, and click on the button for Memory Dump: Click

Basic Kernel Crash Dump Analysis - people.redhat.com Kdump.pdf · crash (capture) kernel uses to boot. • Be aware that the memory reserved for the kdump kernel at boot time cannot

Memory Dump Analysis - patterndiagnostics.com

Windows Crash Dump Analysis

Memory Dump Analysis Anthology - cnblogs.comfiles.cnblogs.com/files/maifengqiang/Memory_Dump... · 3 Exception “is what we see at a glance”. Blaise Pascal Crash dump analysis

Linux Kernel Crash Dump - LKCD Installation and …lkcd.sourceforge.net/doc/lkcd_tutorial.pdfThe Linux Kernel Crash Dump (LKCD) project has created a set of utilities and kernel patches

Evaluating Linux Kernel Crash Dumping Mechanismslkdtt.sourceforge.net/docs/ols2006_lkdtt.pdf · 5. kexec-based crash dumping Memory dump kernel crash kdump configuration 1. crash

Memory Dump Analysis Anthology · 2015-04-25 · 3 Exception “is what we see at a glance”. Blaise Pascal Crash dump analysis “does not consist merely in” peeking “the memory

Informatica Create a crash dump using “Debug Diag ”

Maintaining Linux Long Term & Adding Specific Features in … · 2017-11-07 · Crash Dump • kdump Kdumpis reliable, because crash dump is captured from booted new kernel. Dumping

Red Hat Enterprise Linux 7 Kernel Crash Dump Guide

Encyclopedia of Crash Dump Analysis Patterns Second · PDF fileEncyclopedia of Crash Dump Analysis Patterns Second Edition ... Region 557 Reserved Virtual ... Encyclopedia of Crash

Accelerated Memory Dump Analysis, 4th edition

Complete Crash and Hang Memory Dump Analysis€¦ · Crash Analysis Report Environment Note: we do not discuss BSOD crashes here as most of the time kernel memory dumps are sufficient

Encyclopedia of Crash Dump Analysis Patterns · Encyclopedia of Crash Dump Analysis Patterns ... A CIP catalog record for this book is available from the British Library. ISBN-13:

crash - Univerzita Karlovad3s.mff.cuni.cz/teaching/crash_dump_analysis/slides/09-crash.pdf · extend log rd task crash version: 7.1.0 ... Crash Dump Analysis 2014/2015 Linux - crash