Now it time to  Invalid Pointer pattern. It just a number saved in a register or in a memory location and when we try to interpret it as a memory address itself and follow it (dereference) to fetch memory contents (value) it points to, OS with the help of hardware tells us that the address doesn exist [...]

I consider programmers as real programmers only if they attempted to write something like an editor or a word processor. My favorite interview question is you write a word processor? This probably explains why my team is small Why? Because writing a word processor shows your determination, persistence and if you are successful [...]

The next pattern I would like to talk about is Optimized Code. In you have such cases you should not trust your crash dump analysis tools like WinDbg. Always suspect that compiler generated code might have been optimized if you see any suspicious or strange behaviour of your tool. Let consider this fragment of stack: Args to Child              77e44c24 000001ac 00000000 ntdll!KiFastSystemCallRet 000001ac [...]

I believe every Citrix user experienced clipboard breaks at least once. I remember how I was frustrated when I coudn between Outlook and Vantive sessions. So two and a half years ago I wrote RepairCBDChain tool to help to temporary restore clipboard functionality. Recently this feature was incorporated into ICA client. You can read about it in [...]

This is a follow up to my previous Q about crash dumps and security issues like exposing confidential information stored in memory: Crash Dumps and Security. It seems a solution exists which allows to do some sort of crash dump analysis or at least identify problem components without sending complete or kernel memory dumps. This solution takes [...]

It often happens that Citrix support advises customers to change their default post-mortem debugger to NTSD. But there is no way to test new settings unless some application crashes again. And some customers come back saying dumps are not saved despite new settings and we don?t know whether dumps were not saved because a crash hadn?t yet happened [...]

Following the preview Recreating CTX_SmaUser Account the tool has been finally released and available for download from Citrix support: http://support.citrix.com/article/CTX111464 - Dmitry - www.dumpanalysis.org -

The environment where Citrix software operates is so complex that some education in Systems Theory and basic understanding of and effect and impossibility of at a distance is needed. In forthcoming mini-series I would highlight some notions of that. - Dmitry - www.dumpanalysis.org -

WindowHistory Mobile edition has been updated and released and can be downloaded from Citrix support web site: WindowHistory Mobile Version 2.1.1 (requires free registration) It replaces the previous version of WindowHistory CE/Mobile 2.1 and now available in two separate executables: for Windows Mobile 5.0 (ARMV4I) and Windows Pocket PC 2003 (ARMV4). It has been tested under emulators, Acer n300 (480 [...]

http://support.citrix.com/article/CTX111733 Welcome to Inside Citrix. This monthly column gives a glimpse of different aspects of Citrix through our people. Our guests have different areas of responsibility and expertise to give you an idea of what is happening behind the scenes. We discuss items of interest with people from Product Readiness, Escalation, Technical Support, and Engineering just [...]

The tool monitors folders where dumps can be saved including Dr. Watson, a folder specified when NTSD is set as a default debugger, etc. It then alerts a user, an administrator or a software vendor whenever a new dump is saved: Icon in System Tray changes its color from green to red Popup window appears until dismissed E-mail is sent to a specified [...]

In the previous Dumps for Dummies (Part 3) I tried to explain the nature of crashes. Another category of problems happens very often and we also need a dump for analysis: hangs. There is some confusion exists in understanding the difference between these two categories: crash and hang. Although sometimes a hang is a direct consequence of a crash [...]

Following the release of Dump2Wave some members of Citrix community have been asking me to provide some interesting sound fragments from dump files. I also was particularly interested in catching voices from the past: embedded fragments of human voice. So I recorded my message, played it by Media Player and then saved a process dump. Then I [...]

Suppose you work in a banking industry or for any company that has sensitive information. Is it secure to send a crash dump outside for analysis? One semi-anonymous person asked this question on www.dumpanalysis.org and here is my unedited answer based on my experience in crash dump analysis and kernel level development: "It depends on credit card transactions software [...]

You probably already know or have heard about the project WINE: Windows API on top of X and Unix winehq.com  I first heard about it more than 10 years ago when it started. Today I rediscovered it again and was really surprised. I was looking for one NT status code I couldn find in MS official documentation and [...]

We all know that macro definitions in C and C++ are evil. They cause maintenance nightmares by introducing subtle bugs. I never took that seriously until last weekend I was debugging my old code written 10 years ago which uses macros written 15 years ago   My Windows Mobile 5.0 application was crashing when I was [...]

After looking at one dump today where all thread environment blocks were zeroed, import table corrupt and recalling some similar cases I encountered previously I came up with the next pattern: Lateral Damage. When this problem happens you don have much choice and your first temptation is to apply Alien Component anti-pattern unless your module list is corrupt and you have manifestation [...]

Another pattern I observe frequently is False Positive Dump. We get dumps pointing in a wrong direction or not useful for analysis and this usually happens when wrong tool was selected or right one was not properly configured for capturing crash dumps. Here is one example I investigated in detail. The customer experienced frequent spooler crashes. The dump was sent for investigation to find an offending [...]

In any domain of activity where patterns exist we can find anti-patterns too. They are bad solutions for recurrent problems in specific contexts. One of them I would like to introduce briefly is Alien Component. In essence, when every technique fails or you run out of WinDbg commands look at some innocent component you have never seen [...]

Another pattern I would like to discuss is Dynamic Memory Corruption (and its user and kernel variants called Heap Corruption and Pool Corruption). You might have already guessed it It is so ubiquitous. And its manifestations are random and usually crashes happen far away from the original corruption point. In your user mode and space [...]