Название: Accelerated macOS Core Dump Analysis, Third Edition : Training Course Transcript with LLDB Practice ExercisesАвтор: Dmitry Vostokov
Издательство: OpenTask
Год: December 2022 (Revision 3.00)
Страниц: 250
Язык: английский
Формат: pdf (true)
Размер: 10.2 MB
The full transcript of Software Diagnostics Services training with 12 step-by-step exercises. Learn how to analyze app crashes and freezes, navigate through process core memory dump space and diagnose corruption, memory leaks, CPU spikes, blocked threads, deadlocks, wait chains, and much more.
The full transcript of Software Diagnostics Services training with 12 step-by-step exercises. Learn how to analyze app crashes and freezes, navigate through process core memory dump space and diagnose corruption, memory leaks, CPU spikes, blocked threads, deadlocks, wait chains, and much more. We use a unique and innovative pattern-driven analysis approach to speed up the learning curve. The training consists of practical step-by-step exercises using Xcode and LLDB environments, highlighting more than 30 analysis patterns from Software Diagnostics Institute diagnosed in ARM64 process core memory dumps. The training also includes an overview of relevant similarities and differences between Windows and macOS user space memory dump analysis useful for engineers with a Wintel background and the relevant ARM64 disassembly tutorial. The course is thoroughly updated for the latest macOS version and M2 platform. The primary audience for this training is software technical support and escalation engineers who analyze crash reports and memory dumps, quality assurance and software engineers who test and debug macOS software, security and vulnerability researchers, and malware and memory forensics analysts who have never used LLDB for the analysis of computer memory.
Now we come to another important fundamental concept in macOS core dump analysis: thread. It is basically a unit of execution, and there can be many threads in a given process. Every thread just executes some code and performs various tasks. Every thread has its ID. In this training, we also learn how to navigate between process threads. Note that threads transition to kernel space via the libsystem_kernel dynamic library similar to ntdll in Windows or the libc in Linux. Threads additional to the main thread (POSIX Threads) originate from the libsystem_c dynamic library.
Скачать Accelerated macOS Core Dump Analysis, Third Edition : Training Course Transcript with LLDB Practice Exercises