| 摘要 |
A method for postmortem object type identification. In one method embodiment, the present invention accesses a memory dump. Next, a portion of the memory dump is partitioned into a first group of known memory object types. Additionally, a portion of the memory dump is partitioned into a second group of unknown memory object types. A first pointer, pointing from one of the first group of known memory object types to one of the second group of unknown memory object types, is then utilized to automatically infer the memory object type of one of the second group of unknown memory object types. A second pointer, pointing from the inferred memory object type to one of the second group of unknown memory object types is utilized to automatically infer a memory object type of another one of the second group of unknown memory object types.
|
