Dmitry Vostokov, 1st March 2009
http://www.dumpanalysis.org

On the 26th of February at a Global Engineering Conference organized by Microsoft Global Escalation Services team I was presenting Pattern-Driven Memory Dump Analysis methodology that involves scripts, checklists and patterns and can be summarized as a waterfall-like diagram to the right of this column. We can use various scripts to get textual information from memory dumps, then we can use various checklists to extract specific information and aid the identification of memory dump analysis patterns, common recurrent identifiable problems together with a set of recommendations and possible solutions to apply in a specific context. We have identified more than 100 patterns^[1] and many readers of my blog suggested to map them to WinDbg commands or command combinations used to identify them. This article is a first attempt to do such mapping based on commands I used to describe patterns on my blog and in Memory Dump Analysis Anthology volumes. It can also be used as a command reminder and serve as a list of the most used core WinDbg commands.

Patterns that can only be found in kernel or complete memory dumps are shown in red color. All other patterns can be seen in user, kernel and complete memory dumps. Some commands are grouped together if they are similar, for example, da, dpa, du and dpu commands.

The table (12 pages) is available in the printed version.

[1] http://www.dumpanalysis.org/blog/index.php/crash-dump-analysis-patterns/