From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from eggs.gnu.org ([140.186.70.92]:47776)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <alevy@redhat.com>) id 1RDGF0-0006gW-EK
	for qemu-devel@nongnu.org; Mon, 10 Oct 2011 09:50:08 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <alevy@redhat.com>) id 1RDGEy-0001o7-Nm
	for qemu-devel@nongnu.org; Mon, 10 Oct 2011 09:50:02 -0400
Received: from mx1.redhat.com ([209.132.183.28]:47830)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <alevy@redhat.com>) id 1RDGEy-0001ny-9e
	for qemu-devel@nongnu.org; Mon, 10 Oct 2011 09:50:00 -0400
Date: Mon, 10 Oct 2011 15:47:28 +0200
From: Alon Levy <alevy@redhat.com>
Message-ID: <20111010134728.GC7847@bow.tlv.redhat.com>
References: <4E92568E.2010507@cn.fujitsu.com>
	<20111010090825.GG9408@redhat.com>
	<20111010091021.GH9408@redhat.com> <4E92BC34.6090500@siemens.com>
	<20111010102112.GB2550@bow.tlv.redhat.com>
	<4E92CD94.4090104@redhat.com> <20111010110444.GQ9408@redhat.com>
	<4E92D25D.10905@redhat.com>
	<20111010120021.GA7847@bow.tlv.redhat.com>
	<4E92E74B.7030104@redhat.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <4E92E74B.7030104@redhat.com>
Subject: Re: [Qemu-devel] windows crash dump header. was: Re: [Question]
 dump memory when host pci device is used by guest
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: Paolo Bonzini <pbonzini@redhat.com>
Cc: Jan Kiszka <jan.kiszka@siemens.com>, "Richard W.M. Jones" <rjones@redhat.com>, qemu-devel <qemu-devel@nongnu.org>, Luiz Capitulino <lcapitulino@redhat.com>

On Mon, Oct 10, 2011 at 02:38:35PM +0200, Paolo Bonzini wrote:
> On 10/10/2011 02:00 PM, Alon Levy wrote:
> >>>  Note that the guest can generate the buffer before it crashes.
> >>>
> >Thanks. The contents seem to be undocumented (stubbed in reactos).
> 
> Those lazy reactos authors. :)
> 
> 32-bit:
> 
> http://www.google.com/codesearch#s5CWGGZtI6g/trunk/Volatility/vtypes.py&q=MajorVersion&exact_package=http://volatility.googlecode.com/svn&ct=rc&cd=1
> 
> 64-bit:
> 
> https://singularity.svn.codeplex.com/svn/base/Windows/Inc/Dump.h
> 
> Looks like most of the fields can be made up at crash time, with
> some luck the others are not needed for a basic debugging session.
> 

Great. Nice that singularity exposes stuff not in WinDDK.

> Paolo
>