Published by OpenTask, Republic of Ireland Copyright © 2022 by OpenTask Copyright © 2022 by Software Diagnostics Services Copyright © 2022 by Dmitry Vostokov All rights reserved. No part of this book may be reproduced, stored in a retrieval system, or transmitted, in any form or by any means, without the publisher’s prior written permission. Product and company names mentioned in this book may be trademarks of their owners. OpenTask books and magazines are available through booksellers and distributors worldwide. For further information or comments, send requests to [email protected]. A CIP catalog record for this book is available from the British Library. ISBN-l3: 978-1-912636-75-4 (Paperback) Revision 3.00 (December 2022) 2 Contents About the Author.............................................................................................................................................................. 5 Presentation Slides and Transcript ................................................................................................................................... 7 Core Dump Collection ..................................................................................................................................................... 27 ARM64 Disassembly ....................................................................................................................................................... 33 Practice Exercises ........................................................................................................................................................... 45 Exercise X0 .................................................................................................................................................................. 50 Exercise X1 .................................................................................................................................................................. 55 Exercise X2 .................................................................................................................................................................. 68 Exercise X3 .................................................................................................................................................................. 75 Exercise X4 .................................................................................................................................................................. 79 Exercise X5 .................................................................................................................................................................. 90 Exercise X6 .................................................................................................................................................................. 96 Exercise X7 ................................................................................................................................................................ 130 Exercise X8 ................................................................................................................................................................ 140 Exercise X9 ................................................................................................................................................................ 165 Exercise X10 .............................................................................................................................................................. 195 Exercise X11 .............................................................................................................................................................. 205 Exercise X12 .............................................................................................................................................................. 218 App Source Code .......................................................................................................................................................... 227 App0 ......................................................................................................................................................................... 228 App1 ......................................................................................................................................................................... 229 App2 ......................................................................................................................................................................... 230 App3 ......................................................................................................................................................................... 232 App4 ......................................................................................................................................................................... 234 App5 ......................................................................................................................................................................... 236 App6 ......................................................................................................................................................................... 238 App7 ......................................................................................................................................................................... 240 App8 ......................................................................................................................................................................... 242 App9 ......................................................................................................................................................................... 245 App10 ....................................................................................................................................................................... 247 App11 ....................................................................................................................................................................... 249 3 4 About the Author 5 Dmitry Vostokov is an internationally recognized expert, speaker, educator, scientist, inventor, and author. He is the founder of the pattern-oriented software diagnostics, forensics, and prognostics discipline (Systematic Software Diagnostics), and Software Diagnostics Institute (DA+TA: DumpAnalysis.org + TraceAnalysis.org). Vostokov has also authored more than 50 books on software diagnostics, anomaly detection and analysis, software and memory forensics, root cause analysis and problem solving, memory dump analysis, debugging, software trace and log analysis, reverse engineering, and malware analysis. He has over 25 years of experience in software architecture, design, development, and maintenance in various industries, including leadership, technical, and people management roles. Dmitry also founded Syndromatix, Anolog.io, BriteTrace, DiaThings, Logtellect, OpenTask Iterative and Incremental Publishing (OpenTask.com), Software Diagnostics Technology and Services (former Memory Dump Analysis Services) PatternDiagnostics.com, and Software Prognostics. In his spare time, he presents various topics on Debugging.TV and explores Software Narratology, its further development as Narratology of Things and Diagnostics of Things (DoT), Software Pathology, and Quantum Software Diagnostics. His current interest areas are theoretical software diagnostics and its mathematical and computer science foundations, application of formal logic, artificial intelligence, machine learning and data mining to diagnostics and anomaly detection, software diagnostics engineering and diagnostics-driven development, diagnostics workflow and interaction. Recent interest areas also include cloud native computing, security, automation, functional programming, and applications of category theory to software development and big data. 6 Presentation Slides and Transcript 7 8 Hello, everyone, my name is Dmitry Vostokov, and I teach this training course. The third edition of this course covers the M2 ARM64 platform and LLDB debugger. GDB debugger exercises were removed. If you are interested in GDB and ARM64 there’s a Linux course available. 9 The prerequisites are hard to define. Some of you have software development experience and some do not. However, one thing is certain: to get most of this training you are expected to have basic troubleshooting experience. Another thing I expect you to be familiar with is hexadecimal notation and that you have seen or can read programming source code in some language, preferably in C. The ability to read assembly language has some advantages but for most parts not necessary for this training. I hope to provide all the necessary explanations in this edition. Windows or, better, Linux memory dump analysis experience may really help here and ease the transition but is not absolutely necessary. If you have attended training or read books Accelerated Windows Memory Dump Analysis or Accelerated Linux Core Dump Analysis, you would find a similar approach here. 10